Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

AVAYA Switch Configuration

Overview

Obtain complete visibility into your network traffic and bandwidth performance in real-time. Identify traffic peaks, top applications, and conversations using different flow technologies so that you can analyze what and by whom your bandwidth is being used.

For NetFlow analysis, you need to configure your devices to export flows to Seceon CCE Device, which is the NetFlow collector. The CCE Device will be listening to the particular port to receive flows.

Note: Use Port 6343 for SFlow, 9995 for NetFlow or flow

We configure NetFlow from the devices and push the Network traffic to our APE via CCE.

Steps Of Configuration

  • Login to Avaya Switch

  • Configure IP Flow Information Export (IPFIX) using the following commands:

  • Go into “config” mode and run the command

ip ipfix enable
ip ipfix sampling-rate 1024
ip ipfix active-timeout 1
ip ipfix export-interval 15
ip ipfix collector {CCE IP} dest-port {0000} enable
ip ipfix collector protocol UDP

  • Enter global configuration mode on the switch or MSFC, and issue the following commands for each interface on which you want to enable flow:

interface {INTERFACE_NAME}
ip ipfix enable

Verification of Net flows After configuration

Netflows should be verified from the UI and from CCE to ensure that right types of traffic information is fed to the OTM. Below are both the steps of verification. You may also do additional due diligence to ensure that the traffic information fed to the OTM is comprehensive for your security use.

  • From the Collector-Syslog Server (CCE): This can involve logging into the CCE and checking the configuration settings, testing connectivity and functionality of the various components, and comparing the actual results against the expected or desired outcomes.

  • From the UI: This can involve logging into the user interface and checking the configuration settings, monitoring the logs and flows, and comparing the actual results against the expected or desired outcomes.

Both methods can be used to ensure that the system is properly configured and working as intended.

Using UI

STEP 1:Log in to UI >> SYSTEM

STEP 2: >> Logs and flows collection status

STEP 3: >>To verify the source device IP from the UI:

  • Log in to the user interface

  • Navigate to the "SYSTEM" section

  • Look for the "SOURCE DEVICE IP"

  • Check the IP address that is displayed

  • Compare the IP address displayed against the expected source device IP

This will allow you to ensure that the system is properly identifying the source device IP and that it matches the expected IP address..

Verification Through CCE server (Login to CCE Server and run the following command)

Below command should be run on the CCE server to check whether we are getting logs or not d

“sudo tcpdump -i any port (6343 or 9995) and host <IP address of switch>”

Seceon Inc. All rights reserved. https://www.seceon.com