JNPR Ism200 PDF

Avaya Solution & Interoperability Test Lab
Configuring Juniper Networks WXC Integrated

Services Module (ISM) 200 to support Avaya IP
Telephony Issue 1.0
Abstract
These Application Notes describe the steps for configuring the Juniper Networks ISM
200 to support an Avaya IP Telephony consisting of Avaya Communication Manager
running on an Avaya S8500 Server, Avaya G650 Media Gateway and Avaya IP
Telephones. The ISM 200 provides an integrated means for the Juniper J-series router to
enhance the efficient use of WAN bandwidth through the use of compression and
protocol acceleration.
AL; Reviewed:
SPOC 10/3/2008
Solution & Interoperability Test Lab Application Notes

2008 Avaya Inc. All Rights Reserved.
1 of 33
JNPR_ISM200
1. Introduction
These Application Notes describe a solution for configuring the Juniper Networks WXC
Integrated Services Module (ISM) 200 to interoperate with Avaya IP Telephony. As part
of Juniper Networks WAN acceleration platform, the ISM 200 provides an integrated
WAN acceleration function to the Juniper J-series router platform. The ISM 200 is a dual
height module that fits directly into the J-series router running the Enhanced Services
version of the JUNOS operating system.
Similar to other Juniper Networks WAN acceleration platform, the ISM 200 works as a
pair with other Juniper Networks WAN acceleration devices such as the WXC-250 as
shown in these Application Notes. The ISM 200 can compress, accelerate, cache, and
provide Forward Error Correction for network traffic destined to other networks.
Although Avaya VoIP packets are compressed by nature based on the audio codec
selected and does not directly benefit from further compression, the ISM 200 helps
provide increased bandwidth availability for Avaya VoIP traffic by compressing
competing data traffic. By minimizing the bandwidth requirement for competing data
traffic, more bandwidth becomes available for Avaya VoIP traffic or, stated another way,
a lower bandwidth WAN link can accommodate the same amount of traffic, therefore
helping lower cost and deferring costly WAN upgrades.
2. Overview
The sample network outlined in these Application Notes consists of two separate
locations connected by a T1 circuit. Each location supports at least 2 VLANs, one for
voice and the other for data. A Juniper Networks WXC-250 is located at one of the
locations and a J6350 router with integrated ISM 200 module is located at the other
location. The WXC-250 and J6350 with ISM 200 module provide data compression for
their respectively LAN traffic before packets are forwarded out the T1 connection.
Avaya VoIP traffic is already compressed by the audio codec; therefore it does not need
to be recompressed. As a result, Avaya VoIP traffic is specifically excluded from being
compression in the ISM 200 and the WXC-250. There are two methods to exclude
Avaya VoIP traffic from being compressed. One is to create firewall policies to exclude
Avaya VoIP traffic from being re-directed to the ISM 200, the other is setting policies
within the ISM 200 to exclude compressing Avaya VoIP traffic. The later option is
configured in these Application Notes. Quality of Service is provided by traffic shaping
parameters configured in each of the acceleration devices. Acceleration and Forward
Error Correction (FEC) is not configured beyond the default values as part of these
Application Notes
AL; Reviewed:
SPOC 10/3/2008

2 of 33
JNPR_ISM200
3. Configuration
Figure 1 illustrates the configuration used in these Application Notes. All Avaya IP
Telephones are registered with Avaya Communication Manager connected to the
Enterprise IP Network. All Avaya IP Telephones are assigned to the same IP network
region within Avaya Communication Manager.
Figure 1: Sample Network Configuration
AL; Reviewed:
SPOC 10/3/2008

3 of 33
JNPR_ISM200
4. Equipment and Software Validated

The following equipment and software/firmware were used for the sample configuration:
DEVICE DESCRIPTION
VERSION TESTED
Avaya Communication Manager with

Avaya S8500 Server
Avaya G650 Gateway
Avaya 9640G IP Telephone (H.323)
Avaya 9630 IP Telephone (H.323)
Avaya 4610SW IP Telephone (H.323)
Juniper Network Integrated Services Module 200
Juniper Network J6350 router
Juniper Networks M7i router
R015x.00.0.825.4
1.5
1.5
1.8.3
WXOS 5.6.1.0
JUNOS 9.1R2
JUNOS 9.1R1.8
5. Configure Juniper Networks J6350

This section describes the configuration for Juniper Networks J6350 router as shown in
Figure 1 using the Command Line Interface (CLI). Although not shown, the WebUI can
also be used to configure the J6350 router.
1. Log into the J6350 switch using appropriate credential.
J6350 (ttyp0)
login: username
Password: ******
2. Enter into configuration mode by typing configure at the prompt.

interop@J6350> configure
Entering configuration mode
[edit]
interop@J6350#
3. Configure the interfaces. The local Ethernet ge-0/0/2 interface is configured as an

802.1Q trunk in supporting both the voice and data VLAN. The ISM 200 is
assigned an IP address of 172.28.240.10 from the local voice VLAN.
set
set
set
set
set
set
set
set
set
AL; Reviewed:
SPOC 10/3/2008
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
ge-0/0/2
ge-0/0/2
ge-0/0/2
ge-0/0/2
ge-0/0/2
ge-0/0/2
ge-0/0/2
ge-0/0/3
wx-3/0/0
vlan-tagging
unit 0 description
unit 0 vlan-id 240
unit 0 family inet
unit 1 description
unit 1 vlan-id 241
unit 1 family inet
unit 0 family inet
unit 0 family inet
voice_vlan
address 172.28.240.1/24
data_vlan
address 172.28.241.1/24
address 172.16.254.113/24
address 10.1.1.2/32

4 of 33
JNPR_ISM200
set
set
set
set
destination
interfaces
interfaces
interfaces
interfaces
172.28.240.10
t1-6/0/0 clocking external
t1-6/0/0 encapsulation ppp
t1-6/0/0 t1-options timeslots 1-24
t1-6/0/0 unit 0 family inet address 10.10.240.2/30
4. Enable and configure routing. The Branch location is assigned to OSPF area
0.0.0.240.
set
set
set
set
set
set
set
set
set
routing-options static route 0.0.0.0/0 next-hop 10.10.240.1

protocols ospf area 0.0.0.240 interface wx-3/0/0.0
protocols ospf area 0.0.0.240 interface t1-6/0/0.0
policy-options policy-statement wx-export from protocol direct
policy-options policy-statement wx-export from interface ge-0/0/2.0
policy-options policy-statement wx-export from interface vp-1/0/0.0
policy-options policy-statement wx-export then accept
5. Assign the various interfaces to the different security zone. Three different
security zones are used in the sample network. Their assignment are as follow:
Security zone
trust
untrust
wx-zone
set security zones
services telnet
set security zones
services ssh
set security zones
services http
set security zones
services ping
set security zones
set security zones
set security zones
set security zones
set security zones
services ping
set security zones
all
set security zones
set security zones
inbound-traffic
set security zones
inbound-traffic
AL; Reviewed:
SPOC 10/3/2008
Interface - description
ge-0/0/2.0
local voice VLAN
ge-0/0/2.1
local data VLAN
ge-0/0/3.0
local Ethernet interface for device management
t1-6/0/0.0
t1 connection to the main site
wx-3.0.0.0
virtual interface to ISM 200
security-zone trust host-inbound-traffic systemsecurity-zone trust host-inbound-traffic systemsecurity-zone trust host-inbound-traffic systemsecurity-zone trust host-inbound-traffic systemsecurity-zone
security-zone
security-zone
security-zone
security-zone
trust interfaces ge-0/0/2.0

untrust screen untrust-screen
untrust host-inbound-traffic system-
security-zone untrust host-inbound-traffic protocols

security-zone untrust interfaces t1-6/0/0.0
security-zone wx-zone interfaces wx-3/0/0.0 hostsystem-services all
security-zone wx-zone interfaces wx-3/0/0.0 hostprotocols all

5 of 33
JNPR_ISM200
6. Configure security policies for intra/inter security zone traffic. There are a total
of 7 groups of security policies configured for the different combinations of
intra/inter-zone traffic.
The table below illustrates the 7 groups. Since the focus of these Application
Notes is in configuring the ISM 200 to support an Avaya VoIP solution and not in
security, the security policy in each group is configured to allow any traffic to
pass through.
Notice (shown in bold below) security policy from trust to untrust and untrust to
trust are redirected to the wx (which is the ISM 200).
set security policies from-zone trust to-zone trust policy defaultpermit match source-address any
set security policies from-zone trust to-zone trust policy defaultpermit match destination-address any
set security policies from-zone trust to-zone trust policy defaultpermit match application any
set security policies from-zone trust to-zone trust policy defaultpermit then permit
set security policies from-zone trust to-zone untrust policy trust-tountrust match source-address any
set security policies from-zone trust to-zone untrust policy trust-tountrust match destination-address any
set security policies from-zone trust to-zone untrust policy trust-tountrust match application any
set security policies from-zone trust to-zone untrust policy trust-tountrust then permit application-services redirect-wx
set security policies from-zone trust to-zone untrust policy defaultpermit match source-address any
set security policies from-zone trust to-zone untrust policy defaultpermit match destination-address any
set security policies from-zone trust to-zone untrust policy defaultpermit match application any
set security policies from-zone trust to-zone untrust policy defaultpermit then permit
set security policies from-zone untrust to-zone trust policy untrust-totrust match source-address any
set security policies from-zone untrust to-zone trust policy untrust-totrust match destination-address any
set security policies from-zone untrust to-zone trust policy untrust-totrust match application any
set security policies from-zone untrust to-zone trust policy untrust-to-
AL; Reviewed:
SPOC 10/3/2008

6 of 33
JNPR_ISM200
trust then permit application-services reverse-redirect-wx

set security policies from-zone untrust to-zone trust policy defaultdeny match source-address any
set security policies from-zone untrust to-zone trust policy defaultdeny match destination-address any
set security policies from-zone untrust to-zone trust policy defaultdeny match application any
set security policies from-zone untrust to-zone trust policy defaultdeny then deny
set security policies from-zone trust to-zone wx-zone policy trust-to-wx
match source-address any
match destination-address any
match application any
then permit
set security policies from-zone wx-zone to-zone trust policy wx-to-trust
match source-address any
match destination-address any
match application any
then permit
set security policies from-zone wx-zone to-zone untrust policy wx-tountrust match source-address any
set security policies from-zone wx-zone to-zone untrust policy wx-tountrust match destination-address any
set security policies from-zone wx-zone to-zone untrust policy wx-tountrust match application any
set security policies from-zone wx-zone to-zone untrust policy wx-tountrust then permit
set security policies from-zone untrust to-zone wx-zone policy untrustto-wx match source-address any
set security policies from-zone untrust to-zone wx-zone policy untrustto-wx match destination-address any
set security policies from-zone untrust to-zone wx-zone policy untrustto-wx match application any
set security policies from-zone untrust to-zone wx-zone policy untrustto-wx then permit
set security policies default-policy deny-all
7. Disable ALG.
Set security alg h323 disable
set security alg mgcp disable
8. Save change using the commit command.

commit
AL; Reviewed:
SPOC 10/3/2008

7 of 33
JNPR_ISM200
6. Configure Juniper Networks ISM 200

This section describes the configuration for Juniper Networks WXC Integrated Services
Module (ISM) 200 that is installed in the J6350 router. The WebUI will be used in this
section to configure ISM 200.
1. Access the WebUI of the J6350 router by entering the http://<IP address of the
J6350> into a web browser, and log in using appropriate credential. For the
sample network entered https://172.16.254.113.
2. Select Configuration Quick Configuration WAN Acceleration

Manage to access the WebUI for ISM 200. This will automatically open a new
web browser to the ISM 200 WebUI.
AL; Reviewed:
SPOC 10/3/2008

8 of 33
JNPR_ISM200
3. Select Device Setup from the top menu bar and then select Basic Registration
Server to enter the Registration Server information. The WXC-250 serves as the
Registration server in our sample network. Make sure the password matches that
entered at the registration server.
4. Create a new application definition for Avaya VoIP traffic by selecting

Application Definitions and then clicking New Application.
The following is a screen capture of the application name Avaya_RTP created in the
sample network. The Source Port, Destination Port should matched what is configured in
the ip-network-region form configured in Avaya Communication Manager in Section 9,
Step 1. Click Submit to complete.
AL; Reviewed:
SPOC 10/3/2008

9 of 33
JNPR_ISM200
5. Change the order of the Application Definitions so that H.323 and Avaya_RTP
are listed on the top. H.323 and Avaya_RTP were configured with order 1 and 2
respectively in the sample network. The application order is used by the system
to resolve conflicts should the traffic fit multiple application definitions.
AL; Reviewed:
SPOC 10/3/2008

10 of 33
JNPR_ISM200
6. Select Applications Traffic Classes, and then click Edit Classes to begin
creating a new traffic class to group all the Avaya VoIP traffic together.
The screen capture below shows the traffic class Avaya_VoIP that was
configured in the sample network.
Assign the newly created traffic class Avaya_VoIP to the application

Avaya_RTP (created in Step 4) and H.323 via the drop down menu. Click
Submit to complete.
AL; Reviewed:
SPOC 10/3/2008

11 of 33
JNPR_ISM200
7. Set the Topology to Spoke by selecting Device Setup Advanced Topology

and checking the Spoke radio button. Click Submit to complete.
8. Enable the ISM 200 to perform compression by selecting Compression from the
top menu bar and then selecting Basic Endpoints.
The screen capture below highlights the parameters that need to be checked or
selected. Click Submit to complete.
AL; Reviewed:
SPOC 10/3/2008

12 of 33
JNPR_ISM200
9. Enabled the local IP sub-network that needs to have traffic compressed. Select
Basic Compression Subnets and check all the local IP sub-networks.
The screen capture below highlights the areas that need to be configured. Select
the Advertise checked subnets ONLY radio button and check the IP Subnetwork that requires compression. Click Submit to complete.
10. Configure the Application Filter by selecting Basic Application Filter.

Uncheck the application Avaya_RTP, H.248, and H.323 for compression
These applications are unchecked because Avaya VoIP traffic is already
compressed using audio codec configured in Avaya Communication Manager,
therefore there is little benefit in further compressing it. H.248 and H.323 traffic
is mostly generated during the placement and termination of calls and is relatively
small in volume compare to other traffic types.
AL; Reviewed:
SPOC 10/3/2008

13 of 33
JNPR_ISM200
11. Configure Quality of Service by selecting QoS from the top menu bar, and then
selecting Setup Wizard. This will initiate the Outbound QoS Setup Wizard
pop-up window.
12. In the Outbound QoS Setup Wizard, the Enabled Outbound QoS check box
should already be check by default. Click Next to continue.
AL; Reviewed:
SPOC 10/3/2008

14 of 33
JNPR_ISM200
13. Since the sample network uses a dedicated T1, select the Dedicated Circuits
radio button and click Next to continue.
14. Select the Endpoint and specify the Circuit Speed. Click Next to continue.
AL; Reviewed:
SPOC 10/3/2008

15 of 33
JNPR_ISM200
15. Check the Enable Bandwidth Detection when sending compressed traffic to:
check box and the IP address of desire WX device. Click Next to continue.
16. Select the Custom radio button for Traffic Classes. Click Next to continue.
AL; Reviewed:
SPOC 10/3/2008

16 of 33
JNPR_ISM200
17. The Avaya VoIP Traffic Class created in Section 6, Step 6 should be listed.
Click Next to continue.
18. The Avaya_RTP, H.323, and H.245 applications should already be assigned to
the Avaya VoIP traffic class as part of Section 6, Step 6. Click Next to continue.
AL; Reviewed:
SPOC 10/3/2008

17 of 33
JNPR_ISM200
19. Specify the desired bandwidth allocation for the Avaya VoIP traffic class. The
sample network assigned a Guaranteed Bandwidth of 50% with a Maximum
Bandwidth of 60% allocation for Avaya VoIP. This allocation is for illustration
and testing purpose only. Actual allocation should be based on the total number
of simultaneous calls that the system needs to support and the audio codec used.
20. Select the queuing model desired. The sample network uses Weighted Fair
Queuing.
AL; Reviewed:
SPOC 10/3/2008

18 of 33
JNPR_ISM200
21. Configure the priority level for Avaya VoIP traffic. Avaya VoIP is assigned a
priority of 6 (second highest). Click Next to continue.
22. Click Submit to complete and activate the changes.
AL; Reviewed:
SPOC 10/3/2008

19 of 33
JNPR_ISM200
23. Click Save to commit all configurations.
7. Configure Juniper Networks WXC-250

This section describes the configuration for Juniper Networks WXC-250. Most of the
configurations of the WXC-250 are similar to that of the ISM 200. Configurations that
are different from the ISM 200 are shown in this section. It is assumed that the
administrator has completed basic configuration and has configured as the WXC-250
Registration Server during initial setup. For additional information on configured the
WXC-250, please reference [9] and [10]. Repeat all steps in Section 6 using appropriate
IP addresses. The complete configuration of the WXC-250 can be found in Appendix A.
1. Access the WebUI of the WXC-250 by entering the https://<IP address of the
WXC-250> into a web browser, and log in using appropriate credential. For the
sample network entered https://192.168.100.31.
AL; Reviewed:
SPOC 10/3/2008

20 of 33
JNPR_ISM200
2. The following screen capture shows the interface configuration for the WXC-250.
3. The WXC-250 is configured as the Hub for topology using these Application
Notes.
AL; Reviewed:
SPOC 10/3/2008

21 of 33
JNPR_ISM200
4. For compression, the Tunnel Mode needs to use UDP. This is the mode the ISM
200 supports.
8. Configure Juniper Networks M7i

This section describes the configuration for Juniper Networks M7i. The Command Line
Interface (CLI) is used.
1. Configure the interfaces. The T1 interface is configured with a clocking source of
internal in the sample network. In most cases clocking would be configured as
external because the service provider would be serving as the clocking source.
The fxp0 interface is configured with an IP address of 172.16.254.138 for device
management only.
set
set
set
set
set
set
interfaces
interfaces
interfaces
interfaces
interfaces
interfaces
t1-0/0/0 clocking internal

t1-0/0/0 encapsulation ppp
t1-0/0/0 t1-options timeslots 1-24
t1-0/0/0 unit 0 family inet address 10.10.240.1/30
fe-0/2/0 unit 0 family inet address 192.168.100.254/24
fxp0 unit 0 family inet address 172.16.254.138/24
2. Enable and configure routing. The Core IP is assigned to OSPF area 0.0.0.0 with
the out-going T1 interface assigned to area 0.0.0.240.
set
set
set
set
AL; Reviewed:
SPOC 10/3/2008

protocols ospf area 0.0.0.240 interface t1-0/0/0.0
protocols ospf area 0.0.0.0 interface fe-0/2/0.0

22 of 33
JNPR_ISM200
9. Configure Avaya Communication Manager

This section shows relevant information in Avaya Communication Manager. For detailed
information on the installation, maintenance, and configuration of Avaya Communication
Manager, please consult references [1], [2], [3] and [4]. The following steps describe the
configuration of Avaya Communication Manager.
1. Use the display ip-network-region command to display the UDP Port Min and
UDP Port Max range setting configured in the Avaya Communication Manager.
display ip-network-region 1
Page
1 of
IP NETWORK REGION
Region: 10
Location:
Authoritative Domain:
Name:
MEDIA PARAMETERS
Intra-region IP-IP Direct Audio: yes
Codec Set: 1
Inter-region IP-IP Direct Audio: yes
UDP Port Min: 2048
IP Audio Hairpinning? y
UDP Port Max: 3329
DIFFSERV/TOS PARAMETERS
RTCP Reporting Enabled? y
Call Control PHB Value: 46
RTCP MONITOR SERVER PARAMETERS
Audio PHB Value: 46
Use Default Server Parameters? y
Video PHB Value: 26
802.1P/Q PARAMETERS
Call Control 802.1p Priority: 6
Audio 802.1p Priority: 6
Video 802.1p Priority: 5
AUDIO RESOURCE RESERVATION PARAMETERS
H.323 IP ENDPOINTS
RSVP Enabled? n
H.323 Link Bounce Recovery? y
Idle Traffic Interval (sec): 20
Keep-Alive Interval (sec): 5
Keep-Alive Count: 5
10. Conclusion
These Application Notes have described the administration steps required to configure
the Juniper Networks WXC ISM 200 and WXC-250 to support an Avaya VoIP solution
depicted in Figure 1. With the ISM 200, the J6350 provides an integrated single box
solution for a branch office location that feature advance routing, and compression
functionality.
AL; Reviewed:
SPOC 10/3/2008

23 of 33
JNPR_ISM200
11. Verification
The following steps may be used to verify the configuration:
1. Select Compression from the top menu bar. Verify that a tunnel has been
successfully established between the ISM 200 and the WXC-250.
2. Select Advanced Remote Routes under the Compression menu. Verify the
local device is receiving the correct destination IP sub-network that required
traffic compression.
AL; Reviewed:
SPOC 10/3/2008

24 of 33
JNPR_ISM200
3. Enabled monitoring of application by selecting Applications Monitoring

under the Device Setup menu.
The following is a screen capture of the Executive Monitor report showing

application related statistics.
AL; Reviewed:
SPOC 10/3/2008

25 of 33
JNPR_ISM200
12. Additional References

Product documentation for Avaya products may be found at http://support.avaya.com
[1] Administrator Guide for Avaya Communication Manager, Doc # 03-300509, Issue
4.0, Release 5.0, January 2008
[2] Avaya Communication Manager Advanced Administration Quick Reference, Doc #
03-300364, Issue 4, Release 5.0, January 2008
[3] Administration for Network Connectivity for Avaya Communication Manager, Doc #
555-233-504, Issue 13, January 2008
[4] Avaya IP Telephony Implementation Guide, May 1, 2006
Product documentation for Juniper Networks products may be found at
http://www.juniper.net
[5] JUNOSTM Software with Enhanced Services (CLI Reference), Release 9.1, Part
Number 530-023620-01, Revision 1
[6] JUNOSTM Software with Enhanced Services (Administration Guide), Release 9.1, Part
Number 530-022955-01, Revision 1
[7] JUNOSTM Software with Enhanced Services (Interface and Routing Configuration
Guide), Release 9.1, Part Number 530-023619-01, Revision 1
[8] JUNOSTM Software with Enhanced Services (Security Configuration Guide), Release
9.1, Part Number 530-023618-01, Revision 1
[9] WXC Integrated Services Module (Installation and Configuration Guide), Release
9.1, Part Number 530-023725-01, Revision 1
[10] WX/WXC Operators Guide, Release 5.6, July 2008, Part Number 530-241718-01
AL; Reviewed:
SPOC 10/3/2008

26 of 33
JNPR_ISM200
13. Appendix A WXC-250 configuration

# Config File Format Version: 2.2
# Created with WXOS 5.6.1.0
config clock set location 13
config clock set daylight-saving on
set system-name "HQ-WXC"
config security set web on
config aaa authentication set console local
config aaa authentication set ssh local
config aaa authentication set web local
config aaa set login-retries 3
# *** WARNING *** DO NOT CHANGE THE PASSWORDS!
config aaa user add name "admin" encrypted-password "ptdxN0vpkULZcWXEiRLbA0"
privilege-level read-write idle-timeout 1800
config aaa user packet-capture name "interop" allow
config application add name "H.248" type default
config application rule add name "H.248" src-port 2945,1039 dst-port 1024-65535
proto 6
config application rule add name "H.248" src-port 1024-65535 dst-port 2945,1039
proto 6
config application add name "H.323" type default
config application rule add name "H.323" src-port 1719-1720 dst-port 1024-65535
config application rule add name "H.323" src-port 1024-65535 dst-port 1719-1720
config application add name "Avaya RTP" type default
config application rule add name "Avaya RTP" src-port 2048-3329 dst-port 20483329 proto 17
config application add name "FTP" type ftp
config application rule add name "FTP" src-port 20-21
config application rule add name "FTP" dst-port 20-21
config application add name "Telnet" type default
config application rule add name "Telnet" src-port 23
config application rule add name "Telnet" dst-port 23
config application add name "Mail" type default
config application rule add name "Mail" src-port 25,110,143
config application rule add name "Mail" dst-port 25,110,143
config application add name "HTTP" type http
config application rule add name "HTTP" src-port 80
config application rule add name "HTTP" dst-port 80
config application rule add name "HTTP" src-port 8080 dst-port 1024-65535
config application rule add name "HTTP" src-port 1024-65535 dst-port 8080
config application add name "NetBios" type default
config application rule add name "NetBios" src-port 137-138
config application rule add name "NetBios" dst-port 137-138
config application add name "CIFS" type cifs
config application rule add name "CIFS" src-port 139,445
config application rule add name "CIFS" dst-port 139,445
config application add name "Lotus Notes" type default
config application rule add name "Lotus Notes" src-port 1352 dst-port 102465535
config application rule add name "Lotus Notes" src-port 1024-65535 dst-port
1352
config application add name "Microsoft SQL Server" type default
config application rule add name "Microsoft SQL Server" src-port 1433 dst-port
1024-65535
config application rule add name "Microsoft SQL Server" src-port 1024-65535
dst-port 1433
config application add name "ICA" type citrix
config application rule add name "ICA" src-port 1494 dst-port 1024-65535
AL; Reviewed:
SPOC 10/3/2008

27 of 33
JNPR_ISM200
config application
config application
config application
1024-65535
config application
port 1498
config application
config application
proto 6
config application
proto 6
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
1024-65535
config application
dst-port 3389
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
config application
AL; Reviewed:
SPOC 10/3/2008
rule add name "ICA" src-port 1024-65535 dst-port 1494

add name "Sybase SQL AnyWhere" type default
rule add name "Sybase SQL AnyWhere" src-port 1498 dst-port
rule add name "Sybase SQL AnyWhere" src-port 1024-65535 dstadd name "Oracle" type default
rule add name "Oracle" src-port 1522 dst-port 1024-65535
rule add name "Oracle" src-port 1024-65535 dst-port 1522
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
"HTTPS" type default

name "HTTPS" src-port 443
name "HTTPS" dst-port 443
"SSH" type default
name "SSH" src-port 22
name "SSH" dst-port 22
"SNTP" type default
name "SNTP" src-port 123
name "SNTP" dst-port 123
"DNS" type default
name "DNS" src-port 53
name "DNS" dst-port 53
"LDAP" type default
name "LDAP" src-port 389
name "LDAP" dst-port 389
"Kerberos" type default
name "Kerberos" src-port 88
name "Kerberos" dst-port 88
"MS Terminal Services" type default
name "MS Terminal Services" src-port 3389 dst-port
rule add name "MS Terminal Services" src-port 1024-65535

add name
rule add
rule add
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
rule add
add name
rule add
"SNMP" type default

name "SNMP" src-port 161-162
name "SNMP" dst-port 161-162
"Exchange" type exchange
name "Exchange" src-port 135
name "Exchange" dst-port 135
"Hostname Resolution" type default
name "Hostname Resolution" src-port 42
name "Hostname Resolution" dst-port 42
"ICMP" type default
name "ICMP" proto 1
"TACACS" type default
name "TACACS" src-port 49
name "TACACS" dst-port 49
"Clearcase" type default
name "Clearcase" src-port 371
name "Clearcase" dst-port 371
"Shell" type default
name "Shell" src-port 514 proto 6
name "Shell" dst-port 514 proto 6
"Syslog" type default
name "Syslog" src-port 514 proto 17
name "Syslog" dst-port 514 proto 17
"Printer" type default
name "Printer" src-port 515
name "Printer" dst-port 515
"Novell NCP" type default
name "Novell NCP" src-port 524

28 of 33
JNPR_ISM200
config application rule add

config application add name
65535
1755
65535
1813
1024-65535
port 2967
3699 dst-port 1024-65535
3388,3390-3399,3600-3699
65535
5631-5632
65535
6063
1024-65535
port 10566
65535
32774
1024-65535 proto 17
AL; Reviewed:
SPOC 10/3/2008
name "Novell NCP" dst-port 524

"RTSP" type default
name "RTSP" src-port 554
name "RTSP" dst-port 554
"Groupwise" type default
name "Groupwise" src-port 1677 dst-port 1024-65535
name "Groupwise" src-port 1024-65535 dst-port 1677
"MS Streaming" type default
name "MS Streaming" src-port 1755 dst-port 1024name "MS Streaming" src-port 1024-65535 dst-port
"RADIUS" type default
name "RADIUS" src-port 1812-1813 dst-port 1024name "RADIUS" src-port 1024-65535 dst-port 1812"NFS" type default
name "NFS" src-port 2049 dst-port 1024-65535
name "NFS" src-port 1024-65535 dst-port 2049
"CVS" type default
name "CVS" src-port 2401 dst-port 1024-65535
name "CVS" src-port 1024-65535 dst-port 2401
"Symantec Anti Virus" type default
name "Symantec Anti Virus" src-port 2967 dst-port
name "Symantec Anti Virus" src-port 1024-65535 dst"MySQL" type default
name "MySQL" src-port 3306 dst-port 1024-65535
name "MySQL" src-port 1024-65535 dst-port 3306
"SAP" type default
name "SAP" src-port 3200,3300-3388,3390-3399,3600name "SAP" src-port 1024-65535 dst-port 3200,3300"AOL" type default
name "AOL" src-port 5190-5193 dst-port 1024-65535
name "AOL" src-port 1024-65535 dst-port 5190-5193
"PCAnywhere" type default
name "PCAnywhere" src-port 5631-5632 dst-port 1024name "PCAnywhere" src-port 1024-65535 dst-port
"XWindows" type default
name "XWindows" src-port 6000-6063 dst-port 1024name "XWindows" src-port 1024-65535 dst-port 6000"NetApp SnapMirror" type default
name "NetApp SnapMirror" src-port 10566 dst-port
name "NetApp SnapMirror" src-port 1024-65535 dst"Filenet" type default
name "Filenet" src-port 32768-32774 dst-port 1024name "Filenet" src-port 1024-65535 dst-port 32768"Traceroute" type default
name "Traceroute" src-port 33434-33534 dst-port

29 of 33
JNPR_ISM200
config application rule add name "Traceroute" src-port 1024-65535 dst-port

33434-33534 proto 17
config application add name "Microsoft SQL Monitor" type default
config application rule add name "Microsoft SQL Monitor" src-port 1434 dst-port
1024-65535
config application rule add name "Microsoft SQL Monitor" src-port 1024-65535
dst-port 1434
config application add name "Oracle SQLNet v2" type default
config application rule add name "Oracle SQLNet v2" src-port 1521 dst-port
1024-65535 proto 6
config application rule add name "Oracle SQLNet v2" src-port 1024-65535 dstport 1521 proto 6
config application add name "Oracle SQLNet v1" type default
config application rule add name "Oracle SQLNet v1" src-port 1525 dst-port
1024-65535 proto 6
config application rule add name "Oracle SQLNet v1" src-port 1024-65535 dstport 1525 proto 6
config application add name "Oracle SQLNet" type default
config application rule add name "Oracle SQLNet" src-port 1529 dst-port 102465535 proto 6
config application rule add name "Oracle SQLNet" src-port 1024-65535 dst-port
1529 proto 6
config application add name "UniSQL" type default
config application rule add name "UniSQL" src-port 1978 dst-port 1024-65535
config application rule add name "UniSQL" src-port 1024-65535 dst-port 1978
config application add name "UniSQL Java" type default
config application rule add name "UniSQL Java" src-port 1979 dst-port 102465535 proto 6
config application rule add name "UniSQL Java" src-port 1024-65535 dst-port
1979 proto 6
config application add name "RTP" type default
config application rule add name "RTP" src-port 2048-3048 dst-port 1024-65535
proto 17
config application rule add name "RTP" src-port 1024-65535 dst-port 2048-3048
proto 17
config application add name "UDP" type default
config application rule add name "UDP" proto 17
config mon-apps clear
config mon-apps add "Avaya RTP" "H.248" "H.323" "ICMP" "UDP"
config ip set ip-address 192.168.100.31
config ip set default-gateway 192.168.100.254
config ip set subnet-mask 255.255.255.0
config reg-server set ip-address 192.168.100.31
# *** WARNING *** DO NOT CHANGE THE PASSWORD!
config reg-server set encrypt-pass "So9NqxN9UhQVSLUUl6S3Hg=="
config reg-server community remote-sr add "default-192.168.100.31"
172.28.240.10
config reg-server community remote-sr add "default-192.168.100.31"
192.168.100.31
config sntp set sntp on
config sntp set ip-address 172.28.10.12
config sntp set interval 1440
config prime-time set days Sun,Mon,Tue,Wed,Thu,Fri,Sat
config prime-time set hours 0-24
config route set precedence dynamic
config route-poll set remote-port 514
config route-poll set sec-remote-port 514
config route-poll set mode none
config route-poll set frequency 5
config route-poll set remote-command "show ip route"
config reduction-subnet set mode include
config reduction-subnet set wan-reduction-subnet off
AL; Reviewed:
SPOC 10/3/2008

30 of 33
JNPR_ISM200
config reduction-subnet set carveout on

config reduction-subnet add enable 172.28.10.0/255.255.255.0
172.28.11.0/255.255.255.0 192.168.100.0/255.255.255.0
config reduction-subnet add disable 172.28.40.0/255.255.255.0
172.28.50.0/255.255.255.0 172.28.51.0/255.255.255.0 172.28.102.0/255.255.255.0
172.28.112.0/255.255.255.0 172.28.122.0/255.255.255.0
172.28.130.0/255.255.255.0 172.221.0.0/255.255.255.0 172.231.0.0/255.255.255.0
192.168.1.0/255.255.255.0
config filter set mode-applications exclude
config filter add application "Avaya RTP" "Groupwise" "H.248" "H.323" "HTTPS"
"SNTP" "SSH" "Traceroute"
config filter set mode-address-pair off
config filter set ip-protocol enable 1
config ospf set ospf on
config ospf set area 0.0.0.0
config ospf set auth-type none
config ospf set dead-interval 40
config rip set rip off
config rip set version 2
config rip set auth-type none
config reduction set tunnelmode udp
config reduction set max-flows 256
config reduction set lan-wan-check on
config reduction set heartbeat-frequency 5
config reduction set tos-bit 0
config reduction set header-compression off
config reduction network-sequence-mirroring set mode on
config reduction network-sequence-mirroring endpoint set mode all
config reduction network-sequence-mirroring application mode exclude
config reduction network-sequence-mirroring application add "Avaya RTP"
config reduction network-sequence-mirroring application add "Groupwise"
config reduction network-sequence-mirroring application add "H.248"
config reduction network-sequence-mirroring application add "H.323"
config reduction network-sequence-mirroring application add "HTTPS"
config reduction network-sequence-mirroring application add "ICA"
config reduction network-sequence-mirroring application add "ICMP"
config reduction network-sequence-mirroring application add "MS Terminal
Services"
config reduction network-sequence-mirroring application add "Novell NCP"
config reduction network-sequence-mirroring application add "RADIUS"
config reduction network-sequence-mirroring application add "SNTP"
config reduction network-sequence-mirroring application add "SSH"
config reduction network-sequence-mirroring application add "Telnet"
config reduction network-sequence-mirroring application add "Traceroute"
config reduction network-sequence-mirroring application add "XWindows"
config reduction network-sequence-mirroring set disk-access-policy 1
config system topology type hub community-size small
config snmp set snmp on
config snmp set read-community "QypKFpOlUvU="
config snmp set write-community "kXUk1umJ6ww="
config snmp set trap off
config snmp set auth-failure-trap off
config interface set speed-duplex local auto
config interface set speed-duplex remote auto
config interface set propagate-failure local-to-remote off
config interface set propagate-failure remote-to-local off
config interface set enable-periodic-test on
config interface set down-time local-to-remote 15
config interface set down-time remote-to-local 15
config interface set vlan mode off id 1 native-id 1 preserve off
config syslog set syslog off
config syslog set severity CE
AL; Reviewed:
SPOC 10/3/2008

31 of 33
JNPR_ISM200
config syslog set facility local0

config qos outbound set mode bw-weighted-fair-queueing
config qos outbound set oversubscribed-mode off
config qos outbound set wan-framing-overhead 14
config qos outbound set congestion-control-mode on
config qos outbound set congestion-control-endpoint-policy all
config qos outbound class add "Avaya VoIP" id 1
config qos outbound class set quickstart "Avaya VoIP" 50.00 60.00 6
config qos outbound class application move "Avaya VoIP" "Avaya RTP"
config qos outbound class application move "Avaya VoIP" "H.248"
config qos outbound class application move "Avaya VoIP" "H.323"
config qos outbound template add "Wizard-PrimeTime" id 0 hidden off
config qos outbound template set bw-guaranteed "Wizard-PrimeTime" "Avaya VoIP"
50.00
config qos outbound template set bw-max "Wizard-PrimeTime" "Avaya VoIP" 60.00
config qos outbound template set priority "Wizard-PrimeTime" "Avaya VoIP" 6
config qos outbound template add "Wizard-NonPrimeTime" id 1 hidden off
config qos outbound template set bw-guaranteed "Wizard-NonPrimeTime" "Avaya
VoIP" 50.00
config qos outbound template set bw-max "Wizard-NonPrimeTime" "Avaya VoIP"
60.00
config qos outbound template set priority "Wizard-NonPrimeTime" "Avaya VoIP" 6
config qos outbound template add "PTO-172.28.240.10" id 2 hidden on
config qos outbound template set bw-guaranteed "PTO-172.28.240.10" "Avaya VoIP"
26.66
config qos outbound template set bw-max "PTO-172.28.240.10" "Avaya VoIP" 33.33
config qos outbound template set priority "PTO-172.28.240.10" "Avaya VoIP" 6
config qos outbound tunnel add 172.28.240.10 1500
config qos outbound tunnel set non-prime-time 172.28.240.10 "WizardNonPrimeTime"
config qos outbound tunnel set prime-time 172.28.240.10 "PTO-172.28.240.10"
config qos outbound tunnel set congestion-control-mode 172.28.240.10 on
config ipsec set common-pass-phrase-mode off
config acceleration set enable-all-endpoints on
config acceleration set heartbeat-misses passthru 15 disconnect 30
config acceleration active-flow-pipelining set mode on
config acceleration http set data-types header-only
config acceleration active-flow-pipelining application mode exclude
config acceleration cifs application add "CIFS"
config acceleration exchange application add "Exchange"
config acceleration fast-connection application add "HTTP"
config acceleration http application add "HTTP" pre-fetch on
config acceleration active-flow-pipelining application add "ICA"
config acceleration active-flow-pipelining application add "ICMP"
config acceleration active-flow-pipelining application add "MS Terminal
Services"
config acceleration active-flow-pipelining application add "Novell NCP"
config acceleration active-flow-pipelining application add "RADIUS"
config acceleration active-flow-pipelining application add "Telnet"
config acceleration active-flow-pipelining application add "Traceroute"
config acceleration active-flow-pipelining application add "XWindows"
config acceleration endpoint set ip-address default active-flow-pipelining on
config top-talker data-collect-period continuous
config login-banner set text "none"
AL; Reviewed:
SPOC 10/3/2008

32 of 33
JNPR_ISM200
Avaya and the Avaya Logo are trademarks of Avaya Inc. All trademarks identified by
and are registered trademarks or trademarks, respectively, of Avaya Inc. All other
trademarks are the property of their respective owners. The information provided in
these Application Notes is subject to change without notice. The configurations,
technical data, and recommendations provided in these Application Notes are believed to
be accurate and dependable, but are presented without express or implied warranty.
Users are responsible for their application of any products specified in these Application
Notes.
Please e-mail any questions or comments pertaining to these Application Notes along
with the full title name and filename, located in the lower right corner, directly to the
Avaya Solution & Interoperability Test Lab at interoplabnotes@list.avaya.com
AL; Reviewed:
SPOC 10/3/2008

33 of 33
JNPR_ISM200

JNPR Ism200 PDF

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

JNPR Ism200 PDF

Încărcat de

Drepturi de autor:

Formate disponibile

Avaya Solution & Interoperability Test Lab

Configuring Juniper Networks WXC Integrated

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

Figure 1: Sample Network Configuration

Solution & Interoperability Test Lab Application Notes

4. Equipment and Software Validated

Avaya Communication Manager with

5. Configure Juniper Networks J6350

2. Enter into configuration mode by typing configure at the prompt.

3. Configure the interfaces. The local Ethernet ge-0/0/2 interface is configured as an

Solution & Interoperability Test Lab Application Notes

routing-options static route 0.0.0.0/0 next-hop 10.10.240.1

trust interfaces ge-0/0/2.0

security-zone untrust host-inbound-traffic protocols

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

trust then permit application-services reverse-redirect-wx

8. Save change using the commit command.

Solution & Interoperability Test Lab Application Notes

6. Configure Juniper Networks ISM 200

2. Select Configuration Quick Configuration WAN Acceleration

Solution & Interoperability Test Lab Application Notes

4. Create a new application definition for Avaya VoIP traffic by selecting

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

Assign the newly created traffic class Avaya_VoIP to the application

Solution & Interoperability Test Lab Application Notes

7. Set the Topology to Spoke by selecting Device Setup Advanced Topology

Solution & Interoperability Test Lab Application Notes

10. Configure the Application Filter by selecting Basic Application Filter.

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

22. Click Submit to complete and activate the changes.

Solution & Interoperability Test Lab Application Notes

23. Click Save to commit all configurations.

7. Configure Juniper Networks WXC-250

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

8. Configure Juniper Networks M7i

t1-0/0/0 clocking internal

routing-options static route 172.16.0.0/16 next-hop 172.16.254.4

Solution & Interoperability Test Lab Application Notes

9. Configure Avaya Communication Manager

Solution & Interoperability Test Lab Application Notes

Solution & Interoperability Test Lab Application Notes

3. Enabled monitoring of application by selecting Applications Monitoring

The following is a screen capture of the Executive Monitor report showing

Solution & Interoperability Test Lab Application Notes

12. Additional References

Solution & Interoperability Test Lab Application Notes

13. Appendix A WXC-250 configuration

Solution & Interoperability Test Lab Application Notes

rule add name "ICA" src-port 1024-65535 dst-port 1494

"HTTPS" type default

rule add name "MS Terminal Services" src-port 1024-65535

"SNMP" type default

Solution & Interoperability Test Lab Application Notes