Configuring Secrets Management on the Avaya

Transcription

Avaya Solution & Interoperability Test Lab
Configuring Secrets Management on the Avaya G250 and
G350 Media Gateways - Issue 1.0
Abstract
Previous releases of the Avaya G250 and G350 Media Gateways maintained secret materials
in local FLASH memory, and never output secrets to the management terminal or to the
startup configuration file. These Application Notes present a mechanism in release 4.0 of
Avaya Communication Manager that encrypts all secrets saved in the startup and running
configuration files. This new approach prevents an unauthorized person from observing the
device secrets and enables complete restore of the device configuration from the startup
configuration saved in a USB flash drive or a remote file server.
JZ; Reviewed:
SPOC 4/7/2007
Solution & Interoperability Test Lab Application Notes
©2007 Avaya Inc. All Rights Reserved.
1 of 18
GW-Secrets.doc
1. Introduction
Previous releases of the Avaya G250 and G350 Media Gateways maintained secret materials in
local FLASH memory, and never output secrets to the management terminal or to the startup
configuration file. The administrator can overwrite secrets but cannot read old secrets entered.
This approach generates maximum security at the price of forcing a user to manually re-enter
secret materials when a Media Gateway is replaced. The mechanism in release 4.0 of Avaya
Communication Manager encrypts all secrets saved in the startup and running configuration
files. This new approach prevents an unauthorized person from observing the device secrets and
enables complete restore of the device configuration from the startup configuration saved in a
USB flash drive or a remote file server.
Figure 1 is the network diagram used for the verification of these Application Notes. Three
offices shown in Figure 1 are connected via a Wide Area Network (WAN). T1/PPP is used in
each office for the WAN connection. A full-mesh VPN (any-to-any), Generic Routing
Encapsulation (GRE) tunnles and OSPF routing protocol are configured among the three offices.
MD5 authentication is used for the OSPF routing protocol configuration.
The “Main Office” contains an Avaya S8500 Media Server and an Avaya G650 Media Gateway.
The “Branch Office 1” contains an Avaya G250L-DS1 Media Gateway and the “Branch Office
2” contains an Avaya G350L Media Gateway.
Branch Office 1
Main Office
Microsoft windows 2000 Server
Microsoft DHCP Server
Microsoft Information Server (FTP Server)
Microsoft IAS
Avaya G650
Avaya TFTP Server
Media Gateway
Apache HTTP Server
USB Flash Drive
Avaya G250L-DS1
Media Gateway (SLS)
PH
ONE /EXIT
L3 Switch
OPTIO NS
HOLD
T1/PPP
3
CONFE REN CE
MN O
DROP
6
WXY Z
8
0
DE F
2
JKL
5
TU V
7
9
RED IAL
#
Avaya 4610
IP Telephone
Avaya 6210
Analog Phone
WAN
T1/PPP
Ci sco 3725
Acce ss Router
CO M PA CT
PAGE
RI GHT
TRANSFER
ABC
1
G HI
4
P QRS
T1/PPP
Avaya S8500
Media Server
PA
GE
L EFT
SPEAKER
HEADSET
MUTE
*
Branch Office 2
G350
1
SI
1
2
3
13
14
1 5
4
16
5
6
17
18
8
9
19
20
21
Rx
7
F DX
10
11
12
22
23
24
2
3
14
15
4
5
6
7
8
9
10
11
12
SI
V6
LN K C OL
A LM
Tx
F C H s pd L AG PoE
13
ALM
16
17
18
19
20
21
22
23
24
ALM
AVAYA
T ST
V2
AVAYA
T ST
M M 72 2
AC T
V5
BR I
V1
AC T
AN ALOG
M OD ULE
1
2
1
R emove before removing or inserting S8300 module
LI NE
3
4
5
6
T RUN K 7
8
6
7
8
AVAYA
T ST
V4
AVAYA
T ST
AC T
O KTO
2
ALM
ALM
V1
M M 712
DC P
AC T
VH 3
1
ICC
SH UT DO W N
2
3
4
5
M O DUL E
US B 1
R EMO VE
USB 2
ALM
SE R VICE S
SO
EI
SM
EM
SI
EO
AC T
E1/T1
SIG
L INE
LI NE
AL M
V7
T ST
A CT
PAGE
LEFT
PA
GE
RI GHT
Avaya 9620
IP Telephone
M O DULE
US B
RS T
A SB
3
CONFER ENC E
M NO
D
ROP
6
W XY Z
8
0
A LM
CPU
3
DE F
2
JK L
5
T UV
7
2
C ONS O LE
TRANSFER
ABC
1
GH I
4
P QR S
MD M
HOLD
HEADSET
*
E T H L AN
OPTI ONS
SPEAKER
MUTE
E TH W A N
P WR
1
PH O
NE /EXIT
CCA
SYSTEM
T RUNK
AVAYA
T ST
V3
ET R
9
R EDI AL
#
Avaya 4610
IP Telephone
Avaya G350L
GRE/ VPN Tunnels
OSPF (MD5 Authentication) Media Gateway (SLS)
USB Flash Drive
9620 IP Telephone
Avaya 6210
Analog Phone
Figure 1: Configuration for Secrets Management
JZ; Reviewed:
SPOC 4/7/2007
2 of 18
GW-Secrets.doc
The Avaya G250 and G350 Media Gateway are configured as the DHCP and TFTP servers for
the Avaya IP telephones in the branch offices. The Microsoft DHCP server and Avaya TFTP
server installed on the Microsoft Windows 2000 Server in the Main Office are used for the
Avaya IP telephones in the Main Office. The Apache HTTP Server installed on the Microsoft
Windows 2000 Server is used for the Avaya 9600 IP telephones. For the sample configuration,
802.1X is enabled on the Avaya G250 and G350 Media Gateways and the Avaya IP telephones
in the branch offices. The Microsoft Internet Authentication Service (IAS) installed on the
Microsoft Windows 2000 Server in the Main Office is used as a Radius Server. The Microsoft
Information Server is used as a FTP server.
2. Equipment and Software Validated
Table 1 below shows the versions verified in these Application Notes.
Equipment
Avaya Communication Manager
Avaya S8500 Media Server
Avaya G650 Media Gateway
IPSI (TN2312AP)
C-LAN (TN799DP)
MEDPRO (TN2302AP)
Avaya G250L-DS1 Media Gateway
Avaya G350L Media Gateway
Avaya 4610 Series IP Telephones (H.323)
Avaya 9620 Series IP Telephone (H.323)
Avaya TFTP Server
Apache HTTP Server
Microsoft Internet Authentication Service
Microsoft DHCP Server
Microsoft Information Server (FTP Server)
Cisco 3725 Access Router
Software
4.0 (load 727)
HW12 FW031
HW01 FW017
HW11 FW107
26.27.0
26.27.0
2.60
1.20
3.6.1
2.0.54
Windows 2000 Server (SP 4)
12.4(10a)
Table 1: Software Versions
JZ; Reviewed:
SPOC 4/7/2007
3 of 18
GW-Secrets.doc
3. Configuration of the Avaya Media Gateway
The following secrets were verified in these Application Notes.
•
•
•
•
•
User Name and Password
A user name and password is created in the Avaya G250 and G350 Media Gateway.
Radius Secret
The Radius Server in Main Office is used for 802.1X authentication of the Avaya IP
telephones in Branch Office 1 and Branch Office 2. Refer to [1] for details.
Station Passwords
The Avaya G250-DS1 and G350 Media Gateways are configured with the Standard
Local Survival Processor (SLS). IP station extensions and passwords are configured in
the Branch Offices.
VPN Shared Secret
Pre-shared keys are configured for VPN tunnels. Refer to [2] for details.
OSPF Shared Secrets
Message Digest 5 (MD5) authentication is configured for the OSPF routing protocol.
Refer to [2] for details.
Encryption of secrets is performed using 128-bit user defined Master Configuration Key (MCK).
The Media Gateway is shipped with an Avaya Default Master Config Key (ADMCK) as a
default hardcode secret value common to all Gateways. The ADMCK can be used for decryption
of a configuration file on initial installation or when customers are not interested in maintaining
user defined MCK. Avaya recommends changing the ADMCK to a user defined MCK for
greater security.
Use the command key config-key password-encryption <master passphrase> to configure a
MCK. The following screen shows a command to configure a MCK. Use the command copy
running-config startup-config to commit the new MCK. The command will encrypt the startup
configuration with the new MCK
G350-SLS(super)# key config-key password-encryption GoodBye2005Welcom2006
Warning: Use copy running to startup config to commit new configuration
master key
The secret management engine in the Media Gateway reuses the startup-config concept by
modeling existing CLI commands for secret configurations with new commands that accept
encrypted secret parameters. For example, the Media Gateway will support the new command
encrypted-pre-shared-key <encrypted-key-string> that extends functionality of existing preshared-key <key-string>.
The startup or the running configuration can be copied to a file server or a USB flash drive. The
USB flash drive can connect to the USB port on the media gateway. The file server can be a
TFTP, HTTP or SCP server. To copy the configuration file back from the saved configuration,
the current MCK on the Avaya Media Gateway must match the MCK in the saved configuration.
JZ; Reviewed:
SPOC 4/7/2007
4 of 18
GW-Secrets.doc
The MCK must be saved in a secure place. If the Media Gateway needs to be replaced, the MCK
must be configured on the new Media Gateway in order to restore the original configuration on
the new media gateway. The following screen shows the command Syntax to copy the startup
configuration to a file server or a USB flash drive.
G250-DS1-011(super)# copy startup-config ?
Copy startup-config commands:
--------------------------------------------------------------------------copy startup-config ftp
Upload startup configuration to a file (using ftp)
copy startup-config scp
Upload startup configuration to a file (using scp)
copy startup-config tftp
Upload startup configuration to a file (using
tftp)
copy startup-config usb
Upload startup configuration to a file (using usb
A similar command can be used to copy the configuration from a file server or a USB flash drive
to the startup-config. Backup and Restore operation can also be used, Refer to [3] for details on
the backup and restore operations.
The following screen shows the annotated startup-config file on the Avaya G250 Media
Gateway, which is encrypted with the user defined MCK. Note that all the encrypted secrets in
the startup-config are shown with the encrypted prefix appended to the command user enters
via the CLI. The configuration for the Avaya G350 Media Gateway is similar and is not shown.
G250-DS1-011(super)# show startup-config
! version 26.27.0
! The following line shows the information on the GW.
Config info release 26.27.0 time "19:05:18 29 JAN 2007 " serial_number 03IS07814808
! The following shows the encrypted usernames and passwords.
encrypted-username zDEmQsJbbVUy/d1YogNZAg== password zV9LefjR7hocgF+btlqoSVnY7VE
XN6LI4hgIZBNKRdw= access-type naxzRzkCk9S25x8jDCHJbQ==
encrypted-username hkQ02CQfWoqYX1c5w3I1Kg== password qpApp/J4+MxXr3022TzKBAvNy/i
z4oWT7pVo62rr82E= access-type TyJcVqMQcKlp9f83Wxs3FQ==
! The following lines show the radius server configuration and encrypted RADIUS
! authentication secret.
set radius authentication enable
set radius authentication server 192.168.88.31 primary
set encrypted-radius authentication secret AAFaCBGLH0rYjScBoU9xHdqclJ2mXFcvpOmHb
eSxPf0=
set dot1x system-auth-control enable
! The following lines show the VPN configuration
ip crypto-list 901
local-address Serial 2/1:1.0
ip-rule 1
protect crypto map 1
source-ip host 12.160.181.101
destination-ip host 12.160.180.101
exit
ip-rule 2
JZ; Reviewed:
SPOC 4/7/2007
5 of 18
GW-Secrets.doc
protect crypto map 2
source-ip host 12.160.181.101
destination-ip host 12.160.182.101
exit
exit
crypto ipsec transform-set H2 esp-aes esp-sha-hmac
mode transport
set pfs group2
exit
crypto isakmp policy 1
description "Phase 1 Proposal"
encryption aes
hash md5
group 2
authentication pre-share
exit
crypto isakmp peer address "12.160.180.101"
! The following line shows the encrypted VPN shared secret with the Main Office
encrypted-pre-shared-key jLXkdHIGlPOTdg0DqFRj0A==
isakmp-policy 1
initiate mode aggressive
keepalive 10 retry 2 on-demand
exit
crypto isakmp peer address "12.160.182.101"
! The following line shows the encrypted VPN shared secret with the Branch Office 2
encrypted-pre-shared-key w/gm0LVsdn5QMjB3ai+M2Zw9Ak80CFuaJuB8PxWMvug=
isakmp-policy 1
initiate mode aggressive
keepalive 10 retry 2 on-demand
exit
crypto map 1
set peer "12.160.180.101"
set transform-set H2
exit
crypto map 2
set peer "12.160.182.101"
set transform-set H2
exit
interface Tunnel 1
tunnel source 12.160.181.101
tunnel destination 12.160.180.101
ip address 10.10.11.1
255.255.255.252
! The following line shows the encrypted OSPF MD5 key configuration
ip ospf authentication message-digest
ip encrypted-ospf message-digest 1 md5 +eh75vDqXtI1K2RX83jMoQ==
exit
interface Tunnel 2
tunnel source 12.160.181.101
tunnel destination 12.160.182.101
ip address 10.10.11.9
255.255.255.252
! The following line shows the encrypted OSPF MD5 key configuration
ip ospf authentication message-digest
ip encrypted-ospf message-digest 1 md5 meOQo1jOAm3KHI5KpUKblQ==
exit
interface Serial 2/1:1
encapsulation ppp
ip crypto-group 901
JZ; Reviewed:
SPOC 4/7/2007
6 of 18
GW-Secrets.doc
ip address 12.160.181.101 255.255.255.0
exit
router ospf
network 10.1.181.0
0.0.0.255
area 0.0.0.0
network 10.10.11.0
0.0.0.3
area 0.0.0.0
network 10.10.11.8
0.0.0.3
area 0.0.0.0
exit
survivable-call-engine
! The following line shows the encrypted password for an IP station.
station 44620 ip
set cor unrestricted
set encrypted-password "6935CBjd+4pTpNg1LS7K5w=="
exit
! The following line shows the SLS is enabled.
set survivable-call-engine enable
!#
!# End of configuration file. Press Enter to continue.
JZ; Reviewed:
SPOC 4/7/2007
7 of 18
GW-Secrets.doc
4. Copy Configuration Files to/from the Media Gateway
The CLI commands are the same for the Avaya G250 and G350 Media Gateways to copy the
configuration files between the Avaya Media Gateway and a USB flash drive or a file server.
Only the Avaya G250 Media Gateway is demonstrated in this Section.
4.1 Copy the Startup Configuration to a USB Flash Drive
To back up the Avaya G250 Media Gateway, insert a USB flash drive into the USB port on the
Avaya G250 Media Gateway. Use the command show usb all to verify that the Avaya G250
Media Gateway detects the USB flash drive. The Media Gateway supports FAT16 and FAT32
file systems on the USB flash drive. The flash drive needs to be formatted with one of these
formats.
The following shows the USB flash drive is formatted as FAT16 and the device name is
usbdevice0. The device name will be used in the following configuration steps.
G250-DS1-011(super)# show usb all
USB
Description
Manufacturer
Dev Id
------ -------------------- ------------------------1
Root Hub (OHCI)
N/A
2
USB DRIVE
SIMPTECH
257
Root Hub (EHCI)
N/A
USB
Dev Id
-----1
2
257
Vendor
ID
-----0x0
0x4e8
0x0
Product
ID
------0x0
0x100
0x0
Device
Ver
-----0.0
0.0
0.0
Serial Number
USB
Ver
--1.1
1.1
2.0
Power
Mode
----Self
Self
Self
FileSystem
Max
Power(mA)
--------0
90
0
Storage
(MB)
---------------- ----------- ------N/A
N/A
N/A
0158596281995
/usbdevice0 243
N/A
N/A
N/A
Free
(MB)
------N/A
112
N/A
Speed
----Full
Full
High
FS
----N/A
FAT16
N/A
Use the command copy running-config startup-config to copy the running-config to the
startup-config using the current MCK.
G250-DS1-011(super)# copy running-config startup-config
Beginning copy operation ................... Done!
Use the command copy startup-config usb <file name> usbdevice0 to copy the startup-config
to the USB flash drive with the specified file name.
G250-DS1-011(super)# copy startup-config usb G250-DS1-backup usbdevice0
Confirmation - do you want to continue (Y/N)? y
Beginning upload operation ...
This operation may take up to 20 seconds.
Please refrain from any other operation during this time.
For more information , use 'show upload status 10' command
JZ; Reviewed:
SPOC 4/7/2007
8 of 18
GW-Secrets.doc
Use the command show upload status 10 to verify the upload status. The Running state idle
means the upload is successfully.
G250-DS1-011(super)# show upload status 10
Module #10
===========
Module
: 10
Source file
: startup-config
Destination file : /usbdevice0/G250-DS1-backup
Host
: 192.168.88.31
Running state
: Idle
Failure display : (null)
Last warning
: No-warning
Attach the USB flash drive to a PC, and open the configuration file on the USB flash drive with
the notepad or wordpad application, verify that all secrets in the configuration file are still
encrypted.
4.2 Copy the Configuration from a USB Flash Drive to the Startup
Configuration
Use the command copy usb startup-config usbdevice0 <file name> to copy (or download) the
specified file on the USB flash drive to the startup configuration on the Avaya Media Gateway.
The following screen shows that the configuration can be copied from the USB flash drive to the
Startup-config when the same MCK is used.
G250-DS1-011(super)# copy usb startup-config usbdevice0 G250-DS1-backup
Beginning download operation ...
For more information , use 'show download status 10' command
JZ; Reviewed:
SPOC 4/7/2007
9 of 18
GW-Secrets.doc
The following screen shows that the download is successful. The Running state idle means the
download is successfully. Reset the Media Gateway to use the startup configuration copied from
the USB flash drive.
G250-DS1-011(super)# show download status 10
Module #10
===========
Module
: 10
Source file
: /usbdevice0/G250-DS1-backup
Destination file : startup-config
Host
: 0.0.0.0
Running state
: Idle
Last warning
: No-warning
Bytes Downloaded : 4267
Use the commands show startup-config and show running-config to verify that all secrets are
still encrypted.
If the MCK does not match the MCK in the configuration, the command copy usb startupconfig usbdevice0 <file name> will fail as shown in the following screen.
G250-DS1-011(super)# copy usb startup-config usbdevice0 G250-DS1-backup
G250-DS1-011(super)# Failed Testing Line 4 in /usbdevice0/G250-DS1-backup file:
"encrypted-username zDEmQsJbbVUy/d1YogNZAg== password zV9LefjR7hocgF+btlqoSVnY
7VEXN6LI4hgIZBNKRdw= access-type naxzRzkCk9S25x8jDCHJbQ=="
Failed Testing Line 5 in /usbdevice0/G250-DS1-backup file:
"encrypted-username hkQ02CQfWoqYX1c5w3I1Kg== password qpApp/J4+MxXr3022TzKBAvN
y/iz4oWT7pVo62rr82E= access-type TyJcVqMQcKlp9f83Wxs3FQ=="
Failed Testing Line 11 in /usbdevice0/G250-DS1-backup file:
"set encrypted-radius authentication secret AAFaCBGLH0rYjScBoU9xHdqclJ2mXFcvpO
JZ; Reviewed:
SPOC 4/7/2007
10 of 18
GW-Secrets.doc
4.3 Copy the Startup Configuration to a File Server
The startup configuration on the Avaya Media Gateway can be copied to a file server, which can
be a TFTP, HTTP or SCP server. The following screen shows the command to copy the startup
configuration to a FTP server.
G250-DS1-011(super)# copy startup-config ftp G250-DS1 192.168.88.31
Username: anonymous
Password:
Beginning upload operation ...
For more information , use 'show upload status 10' command
The following screen shows that the upload is successful. The Running state idle means the
upload is successfully.
G250-DS1-011(super)# show upload status 10
Module #10
===========
Module
: 10
Source file
: startup-config
Destination file : G250-DS1
Host
: 192.168.88.31
Running state
: Idle
Last warning
: No-warning
Open the configuration file on the file server with the notepad or wordpad application. Verify
that all secrets in the configuration file are still encrypted.
JZ; Reviewed:
SPOC 4/7/2007
11 of 18
GW-Secrets.doc
4.4 Copy the Configuration From a File Server to the Startup
Configuration
The following shows that the configuration can be copied from the FTP server to the Startupconfig when the same MCK is used.
G250-DS1-011(super)# copy ftp startup-config G250-DS1 192.168.88.31
Username: anonymous
Password:
The following screen shows that the upload is successful. The Running state idle means the
download is successfully. Reset the Media Gateway to use the new startup configuration file.
G250-DS1-011(super)# show download status 10
Module #10
===========
Module
: 10
Source file
: G250-DS1
Host
: 192.168.88.31
Running state
: Idle
Last warning
: No-warning
still encrypted.
JZ; Reviewed:
SPOC 4/7/2007
12 of 18
GW-Secrets.doc
4.5 Restore the Configuration after NVRAM Initiation
When the Media Gateway is replaced because of RMA or the nvram initialization (the vram
initialize command will initialize the configuration to the factory default), the license is lost. The
following screen shows the nvram initialize operation.
G250-DS1-011(super)# nvram initialize
This command will restore factory defaults and can disconnect your telnet session
*** Reset *** - do you want to continue (Y/N)? y
Done!
G250-DS1-011(super)#
Image Banks Integrity self-test passed
Device is booting from bank:A
----- Delete NVM ---NVRAM integrity power-up self test passed
X9.31 DRNG Known Answer power-up self test passed
AES Known Answer power-up self test passed
RSA Known Answer power-up self test passed
TDES Known Answer power-up self test passed
SHA-1 Known Answer power-up self test passed
HMAC-SHA1 Known Answer power-up self test passed
Generating DSA key, This command may take a few minutes...
..........
Key was created!
Key version: SSH2, DSA
Key Fingerprint: 57:b6:7b:87:67:78:dc:e2:fe:df:a3:7b:3b:74:3b:fc
Product type: Avaya G250-DS1 Media Gateway Release 26.27.0
Login: root
Password: ****
Password accepted
Enter new password:
Confirm new password:
The following shows that the license is lost after the nvram initialization.
G250-DS1-???(super)# show license status
No License installed.
JZ; Reviewed:
SPOC 4/7/2007
13 of 18
GW-Secrets.doc
Since the VPN license is needed for the sample configuration, the license must be installed
before the configuration can be copied back successfully. The following screen shows the license
on the USB flash drive is copied to the Avaya G250 Media Gateway.
G250-DS1-???(super)# copy usb license-file usbdevice0 G250-DS1-011/vpn_license.cfg
This operation may take a few minutes...
For more information , use 'show download license-file status' command
Use the command show download license-file status to verify the down status.
G250-DS1-???(super)# show download license-file status
Module #10
===========
Module
: 10
Source file
: /usbdevice0/G250-DS1-011/vpn_license.cfg
Destination file : license-file
Host
: 0.0.0.0
Running state
: Idle
Last warning
: No-warning
Reset the Media Gateway to activate the VPN license. Verify that the VPN license is installed
after its reset.
G250-DS1-???(super)# show license status
License was installed.
Use the command key config-key password-encryption <master passphrase> to change the
MCK to match the MCK in the backup configuration.
G250-DS1-???(super)# key config-key password-encryption <master passphrase>
Warning: Use copy running to startup config to commit new configuration master key
JZ; Reviewed:
SPOC 4/7/2007
14 of 18
GW-Secrets.doc
Copy the configuration to the startup configuration from the USB flash drive. If the backup
configuration is on a file server, the Media Gateway must be configured to have network access
to the file server before the configuration can be copied back to the Media Gateway.
G250-DS1-???(super)# copy usb startup-config usbdevice0 G250-DS1-backup
The following screen shows that the download is successful. Reset the Media Gateway to use the
new startup configuration.
G250-DS1-???(super)# show download status
Module #10
===========
Module
: 10
Source file
: /usbdevice0/G250-DS1-backup
Host
: 0.0.0.0
Running state
: Idle
Last warning
: No-warning
still encrypted.
JZ; Reviewed:
SPOC 4/7/2007
15 of 18
GW-Secrets.doc
5. Verification Steps
The administrator needs to make sure that the Media Gateway functions as expected with the
new startup configuration copied from the USB flash drive or a file server. Based on the
configuration in Figure 1, the following should be verified:
•
•
•
•
•
VPN is up.
The Avaya G350 Media Gateway registers to Avaya Communication Manager.
IP telephone registers to Avaya Communication Manager.
Calls can be made successfully between all locations.
The IP telephone in a branch office can register to the Standard Local Survival Processor
of the Media Gateway in that branch office when the connection between the branch
office and the main office is out of service.
6. Conclusion
These Application Notes illustrate that the Avaya G250 and G350 Media Gateways can encrypt
all secrets using the MCK in the startup and running configuration files, which can be copied to
an external file server or a USB flash drive. The Avaya G250 and G350 Media Gateways can
also decrypt the configuration copied back from an external file server or a USB flash drive
when the same MCK is used. The backup configuration file cannot be copied back if a different
MCK is used.
JZ; Reviewed:
SPOC 4/7/2007
16 of 18
GW-Secrets.doc
7. Additional References
The following Applications Notes can be found at http://www.avaya.com/gcm/master-usa/enus/resource/filter.htm&Filter=Type:Application%20Notes:
[1]
Configuring 802.1X Protocol on Avaya G250 and G350 Media Gateways For an Avaya
IP Telephone With an Attached PC
[2]
Configuring a Generic Routing Encapsulation (GRE) Tunnel Over IPSec VPN Using
Transport Mode with Open Shortest Path First (OSPF) Routing Protocol between an
Avaya G250 Media Gateway and a Cisco Access Router
[3]
Configuring Backup and Restore Operations on the Avaya G250 and G350 Media
Gateway
JZ; Reviewed:
SPOC 4/7/2007
17 of 18
GW-Secrets.doc
Avaya and the Avaya Logo are trademarks of Avaya Inc. All trademarks identified by ® and ™
are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the
property of their respective owners. The information provided in these Application Notes is
subject to change without notice. The configurations, technical data, and recommendations
provided in these Application Notes are believed to be accurate and dependable, but are
presented without express or implied warranty. Users are responsible for their application of any
products specified in these Application Notes.
Please e-mail any questions or comments pertaining to these Application Notes along with the
full title name and filename, located in the lower right corner, directly to the Avaya Solution &
Interoperability Test Lab at [email protected]
JZ; Reviewed:
SPOC 4/7/2007
18 of 18
GW-Secrets.doc

Configuring Secrets Management on the Avaya

Transcription

Documents pareils

Industrial USB Flash Module

USB FlashDrive 16GB EMTEC C410 (Red) USB 2.0

BCMRD Release Notes

Application Notes for Configuring Dasan Electron Headsets from

Automating Campus Networks

APA1601EU| Targus USB Home Charger for Media Tablets

USB Stick bootfähig machen

PCN1789Pu - Avaya Aura® CM 6.0.1 running on

MP3 USB record module

ACH111EU| Targus 4-Port Mobile USB Hub

product specification

Firmware Update Guide - HOME | Pioneer DJ Support

Alcatel 4220/4400 - (EMEA)