Avaya G250 Media Gateway

The Avaya G250 Media Gateway is an H.248 media gateway that is managed by a server running Communication Manager software.
The G250 Media Gateway is a high-performance converged telephony and networking device that is located in small branch locations, providing all infrastructure needs in one box — telephone exchange and data networking. The G250 is designed for very small branch offices with two to 12 users. The G250 features a VoIP engine, WAN router, and Power over Ethernet LAN switch. The G250 supports legacy analog telephones, but not DCP telephones.

The G250 Media Gateway integrates seamlessly with the following Avaya media servers:
• S8700,
• S8710,
• S8500, and
• S8300

These servers run Avaya Communication Manager call processing software to provide the same top quality telephony services to the small branch office as to the headquarters of the organization. The media server can be located at the headquarters and serve the G250 remotely.
The G250 can optionally house an internal Avaya S8300 media server as a local survivable processor (Enhanced Local Survivability) or as the main media server for stand-alone deployment. As a local survivable processor, the S8300 is capable of providing full Communication Manager functionality in the event that the connection with the server is lost.
As an alternative to the local survivable processor, the G250 can instead be configured for Standard Local Survivability (SLS). The G250 supports the connection of PCs, LAN switches, IP phones, analog telephones, and trunks, via fixed analog and PoE ports on the chassis. A media module slot supports either of two WAN media modules, for connection to a WAN.
The G250 is available in a special BRI model (G250-BRI). The G250-BRI replaces three out of four of the G250’s fixed analog trunk ports with two ISDN BRI trunk ports. The G250-BRI model, therefore, supports 5 trunks altogether (one analog trunk and two B channels on each of the two BRI ports).

The G250 supports the following:
• Traditional telephones and trunks
• Call center agents (only when controlled by an S8500 or S8700-series Media Server or when controlled by an S8300 Media Server in a G350 or G700 Media Gateway)
• SSHv2 for authenticated and encrypted management channels
• RADIUS for authentication
• Remote administration access using a modem
• Inter-Gateway Alternate Routing (IGAR), a Communication Manager feature which, under certain definable conditions, uses the PSTN as an alternative to the WAN interface for routing calls
• Transport, using its VoIP services, of the following:
    - Fax, Teletypewriter device (TTY), and modem calls over a corporate IP intranet using pass-through mode
    - Fax and TTY calls using proprietary relay mode
Note: The path between endpoints for fax transmissions must use Avaya telecommunications and networking equipment. Faxes sent to non-Avaya endpoints cannot be encrypted.
    - 64kbps clear channel transport in support of BRI Secure Phone and data appliances (does not include support for H.320 video)
    - T.38 Fax over the Internet (including endpoints connected to non-Avaya systems)
    - Modem tones over a corporate IP intranet

In addition, the G250 Media Gateway has the following features:
• 802.1X Port Based access control, available on the switched 10/100 Power over Ethernet ports
• Compliance with Federal Information Processing Standards (FIPS-140-2) for secure communications. In addition to IPSec VPN and other network capabilities, current FIPS compliance includes the following actions:
    - Shutdown of various encryptions, including media, signaling, ASG, SSHv2, modem, USB port, and CHAP encryptions
    - Restriction of telnet, SNMPv3, and TFTP/FTP file transfer to an IPSec tunnel
• DHCP Server for providing IP addresses to IP hosts, for example, to IP Phones
• DHCP client for retrieving dynamic IP addresses from a DHCP server, especially an Internet Service Provider when using PPPoE and broadband cable modem connections
• Dynamic Call Admission Control (CAC) for Fast Ethernet, Serial, and GRE tunnel interfaces.
Dynamic CAC informs the primary controller of the actual bandwidth of the interface and tells the controller to block calls when the bandwidth is exhausted.
• Dynamic IP addressing
• Firewall support, with stateless access lists that filter traffic based on IP and Protocol headers
• Generic Route Encapsulation (GRE) Tunnels
• Link Layer Discovery Protocol (LLDP) support, which enhances the ability of network management tools to discover and maintain accurate network topologies in multi-vendor environments
• Management Information Base (MIB) and threshold alarming support for monitoring VoIP quality
• Modem backup connection, which provides redundant connectivity between the G250 Media Gateway and its primary controller using a serial modem.
• Point-to-point protocol over Ethernet (PPPoE) support
• Policy-based routing
• Port mirroring
• Power-over-Ethernet LAN switching
• Compressed RTP, for improved utilization of WAN uplinks
• Integrated packet Sniffer for capturing IP traffic for later analysis and troubleshooting (for example, by an Ethereal analyzer)
• SNMP v3
• SNMP traps, v1 and v2 only, sent to the primary controller
• Survivability features for continuous voice services
• SYN cookies, which protect the G250 Media Gateway from SYN attacks
• Syslog support, to an external or internal logger
• Built-in TFTP server from which IP phones can download firmware and configuration files
• Unnumbered IP configuration, which allows you to configure a PPP interface without assigning an IP address. The interface borrows an address, in this case. This capability enables the G250 Media Gateway to use its serial modem connection for server connections in the event of WAN failure.
• VoIP Media Gateway services, including bearer and control encryption
• IPSec Virtual Private Network (VPN), which supports the following features:
    - Standards-based IPSec implementation [RFC 2401-RFC 2412...]
    - Standard encryption and authentication algorithms for IKE and ESP: DES,TDES, AES (128bit), MD5-HMAC, SHA1-HMAC, IKE DH groups 1 &2.
    - ESP for data protection and IKE (main mode) for key exchange.
    - Quick Mode key negotiation with Perfect Forward Secrecy (PFS).
    - IKE peer authentication through preshared secret.
    - Multiple IPSec peers, up to 50, for Mesh and hub-and-spoke IPSec topologies.
    - IPSec protection can be applied on any output port and on many ports concurrently, for maximum installation flexibility.
    - Per-interface security policy with bypass capability.
    - Peer failure detection
    - IPSec is integrated into the router and can be used with other features such as GRE tunneling.
    - Random pre-shared key generation service
    - Load Balancing and resiliency achievable through integration with core routing features such as backup interface and GRE
    - DNS resolver, which resolves VPN remote peer host names to an IP address by sending queries to DNS servers and receiving replies
    - Continuous mode for the VPN tunnel
    - Network Address Translation (NAT) traversal, which translates internal IP addresses that are non-unique externally into addresses that can connect to the Internet
    - Systems Application Architecture (SAA) object tracking, which tracks the state (up/down) of remote devices using keepalive probes and notifies registered applications when the state changes.
• WAN backup with xDSL modem
• WAN connectivity and routing
    - E1/T1, V.35/X.21, and Ethernet
    - Link-layer protocols — PPP, PPP over Ethernet, Ethernet, and Frame-Relay
    - RIPv2 and OSPFv2 routing protocols and VRRP redundancy
• WAN Quality of Service (QoS)
• Weighted Fair Queuing (WFQ)

Avaya G250 Media Gateway chassis

Figure notes:
Number Description of Device
1. V1 — S8300/LSP Slot
2. V2 — WAN Media Module Slot
3. Analog port LEDs
4. Analog trunks — ports v301 to v304
5. Analog line ports — ports v305, v306
6. System LEDs
7. Console port
8. USB port
9. Contact Closure (CCA) port
10. Ethernet WAN (ETH WAN) port
11. PoE LAN (ETH LAN PoE) ports
12. Reset (RST) button
13. Alternate Software Bank (ASB) button
Avaya G250-BRI Media Gateway chassis

Figure notes:
Number Description of Device
1. V1 — S8300/LSP Slot
2. V2 — WAN Media Module Slot
3. Analog port LEDs
4. Analog trunks — port v301
5. Analog line ports — ports v302, v303
7. ISDN BRI trunks
8. System LEDs
9. Console port
10. USB port
11. Contact Closure (CCA) port
12. Ethernet WAN (ETH WAN) port
13. PoE LAN (ETH LAN PoE) ports
14. Reset (RST) button
15. Alternate Software Bank (ASB) button