Support User Manuals

Avaya P332G-ML Server User Manual

Open as PDF

of 242

Chapter 1 Overview

P332G-ML User’s Guide 9

Policy – Access Control

The P332G-ML supports Access Control policy. The P332G-ML uses policy lists

containing both Access Control rules and QoS rules. The policy lists are ordered by

rule indexing. Access Control rules define how the P332G-ML should handle routed

packets. There are three possible ways to handle such packets:

• Forward the packet (Permit operation)

• Discard the packet (Deny operation)

• Discard the packet and notify the management station (Deny and Notify)

The P332G-ML can enforce Access Control policy on each routed packet, according

to the following criteria:

• Matching the packet's source or destination IP address to the configured Access

Control policy.

• Determine if the packet source or destination TCP/UDP port number falls

within a pre-defined range.

• Using the ACK bit of the TCP header.

The P332G-ML access control rules are set-up using the Command Line Interface

and the CajunRules central policy management application.

DHCP/BOOTP Relay

The P332G-ML supports the DHCP/BOOTP Relay Agent function. This is an

application that accepts DHCP/BOOTP requests that are broadcast on one VLAN

and sends them to a DHCP/BOOTP server that connects to another VLAN or a

server that may be located across one or more routers that would otherwise not get

the broadcast request. The relay agent handles the DHCP/BOOTP replies as well,

transmitting them to the client directly or as broadcast, according to a flag in the

reply message. Note that the same DHCP/BOOTP relay agent serves both the

BOOTP and DHCP protocols.

When there is more than one IP interface on a VLAN, the P332G-ML chooses one of

the IP addresses on this VLAN when relaying the DHCP/BOOTP request. The

DHCP/BOOTP server then uses this address to decide from which subnet the

address should be allocated.

When the DHCP/BOOTP server is configured to allocate addresses only from a

single subnet among the different subnets defined on the VLAN, you may need to

configure the P332G-ML with the relay address on that subnet so that the DHCP/

BOOTP server can accept the request.

DHCP/BOOTP Relay in P332G-ML is configurable per VLAN and allows for two

DHCP/BOOTP servers to be specified. In this case, it duplicates each request, and

sends it to both servers. This provides redundancy and prevents the failure of a

single server from blocking hosts from loading.

DHCP/BOOTP Relay in P332G-ML can be enabled or disabled.

previous next