We’ve just recently come across this problem and I thought it would be a great topic to share and perhaps even solicit some feedback from others. As you might already know I’ve been deploying ADAC across a large number of Nortel Ethernet Routing Switch 5520s with great success. ADAC allows the switch to control the phones voice VLAN configuration.
Well we also ran into a problem after upgrading a number of those switches to v5.1.1.17. A network administrator had made VLAN changes to various ports on the switch prior to the upgrade but after ADAC had been enabled on the ports. After the upgrade the switch ports defaulted back to the original VLAN they were configured for when ADAC was first enabled. We performed some additional testing and found that this problem would occur if the switch was just reset (rebooted) so it doesn’t appear to be tied to the upgrade but rather the action of restarting the switch. Looking at how ADAC works I can understand the problem but I’m disappointed that Device Manager or the CLI interface doesn’t throw a warning when you try to change the VLAN configuration of a port with ADAC enabled.
The lesson here is that you should disable ADAC on any port where you intend to change the VLAN membership.
Anyone else seen this?
Cheers!
Michael,
Allthough I’ve been using ADAC on my 5520 switches to configure VoIP in my small network. I’m unable find the software version v5.1.1.17 on Nortel web site to confirm if there is any issues with it, when doing upgrades.
I guess this upgrade is only available to large scale customers.
Michael, going off the topic. I was wondering if you could share some thougths, configuration examples on security measures you have implemened in your VoIP network using ERS-5520 switches? Do you use any special hardware or software to secure the network.
Thanks for all the good stuff available here.
WK
Yes, we’ve seen this issue as well. Plus, at some sites where we have Branch Offices deployed (CS1000 that redirects back to the main site), you need to define TLAN ports (the ADAC created QoS vlan) for the CS1000 sig server and VGMC card(s). But ADAC only lets you define 1 uplink port and 1 call server port. If the uplink port is part of an MLT, you’re OK – all the ports in the MLT will be members of the TLAN/vlan.
For the sig server and VGMC card, I set them up as access ports in the TLAN. But it turns out that membership in the ADAC created TLAN is dynamic. If the switch/stack is reset or the power is interrupted, those ports come back without any vlan assignment. Nortel is working on this, the current workaround is to add the MACs for VGMC cards, sig servers, etc. to the ADAC mac table.
BTW, this is a great blog!
Hi Wiesiek,
You’ll need a support contract to download the latest software from Nortel’s website. The 5.1.1.17 image is just the SSH version of the 5.1.1 release. The software is available to anyone with a support contract, doesn’t matter how big or small an organization you might be working at/with.
The simple best practice is to place ACLs (IP Filters) on your routers to prevent general access to the ELAN/TLAN. The Nortel Call Server is very sensitive to traffic on the ELAN interface, as such if you’ve connected the ELAN to your production network you should take steps to make sure that only devices that need to communicate can communicate with that IP network.
Thanks for the comment!
—
Hi Bruce,
I know exactly what your referring to. Thankfully we connect our VGMCs, sig servers, etc to our core ERS 8600s and we only connect IP phones to the edge ERS 5520. We did have one situation quite sometime ago when we came upon the problem you mentioned above… trying to statically configure a port in the TLAN was not possible since ADAC would eventually remove the port from the VLAN.
Thanks for the comment!
Oho yes, I found this way back when 5.0.0 was released two years ago (in fact I found it in the beta!). I had a heated discussion with Nortel about it. This *is* documented (badly) and is working as designed. The documentation states something along the lines of “any changes to the VLAN configuration of ADAC-enabled ports are dynamic”.
Apparently, we’re supposed to understand that “dynamic” means not saved to the config. The reason given was that it was to be consistent with the operation of EAP VLAN override via RADIUS and to ensure that a port could reliably revert to its original state when a phone is subsequently unplugged. A dubious argument to my mind and I suspect that the real reason is that this was the easiest way to implement the feature.
I submitted a feature request for Nortel asking that this behaviour be changed on the uplink port at least, as in a typical deployment, one would be modifying the configuration of the uplink port fairly regularly (adding a new VLAN to an edge stack for example). With this limitation, one would have to temporarily remove the ADAC configuration from the uplink port causing all IP phones on that stack to stop working temporarily!
This problem made ADAC unworkable for us, and we haven’t used it since in any deployments.
Thanks for the comment Roberto!
I was just re-reading your comment Roberto. Why would you enable ADAC on your uplinks? You’d never be plugging a phone into your uplink ports?
As I previously said we’ve have great success with ADAC and have probably deployed around 500+ IP phones using ADAC.
Cheers!
I’ve noticed behaviour that is related to this, but using LLDP on 5500/4500 switches. We’re currently using Nortel phones with 5520/4526’s and LLDP and the named “voice” VLAN. I’ve noticed if I want to do a change of the “voice” VLAN ID dynamically, I need to reset LLDP to defaults and start again so the switch knows the correct vlan to push out the right details to the phones, otherwise it keeps pushing out the old VLAN ID.
Rebooting the switch doesn’t appear to help, only resetting LLDP to defaults and redoing the LLDP part of the config (even though nothing has changed).
Glen.
Hi Glen,
Thanks for the feedback and comment!
I am not sure if this directly relates to the above comments, but we have recently deployed some 1120/1440s and were using ADAC to do Qos and asign the Voice VLan to the ports. This proved to be a major problem with our stack of 5650s. Since there can only be 1 Adac uplink port per stack, if that stack member died, all of our phones in the stack went dead (power was still there but they were unable to reach the servers). This would remain like this until that switch was powered backup.
Anyone have any thoughts on this? Solutions aside from making sure both VLANs (data dn voice) are physically assigned to each port and onlyusing ADAC for QoS?
Hi RD,
You can create a Multi-Link Trunk and configure ADAC to use the first port in the trunk group (it will automatically be applied to all members of the trunk group). You can refer to this post, http://blog.michaelfmcnamara.com/2007/10/nortel-ers-5520-pwr-switch/ for an example of how to configure a 5520 switch with ADAC and LLDP-MED. When we have multiple switches in a stack we generally use ports 1/48 and 2/48 as the MLT members for the uplinks to the core network. In this way if we loose either of those switches we’ll still have an uplink to the core network.
The only downside of ADAC is that neither Device Manager nor the CLI interface warn users that try to make configuration changes to ports with ADAC enabled. You can find additional information at this post http://blog.michaelfmcnamara.com/2009/02/adac-and-vlan-configurations-part-2/.
Good Luck!
Thanks Michael. I’ll give it a try.
Thanks Michael. Worked like a charm (with a little editing). For anyone else reading, it was only successful when the referrenced uoplink port in the MLT was the last numerically. Not sure if tht is teh case for everyone else.
I had a similar error where we changed the PVID of ADAC enabled ports on a 4550T-PWR stack whilst phones were plugged in. The switches went into a reboot cycle and only a hard power cycle would bring them back up properly. The resolve as you so rightly pointed out was
1. Disable ADAC on all telephony ports.
2. Change PVID on all required ports.
3. Re-Enable ADAC on ports.
Downtime was unavoidable but only lasted 3-5 minutes in total.
Best advice is to plan,plan,plan and get the settled config before putting into production.
Thanks for the comment Peter!
Hi Michael,
I am trying to connect Nortel IP Phone 1120E for full DHCP with cisco 6509 switch ( which is a DHCP server ) . But I am not able to get this Full DHCP working without configuring the Voice VLAN ID in the IP Phone settings.
option 128 ascii “Nortel-i2004-A,10.2.224.15:4100,1,2;10.2.224.15:4100,1,2.”
option 191 VLAN-A:501.
where 501 is Voice DHCP VLAN.
Any clues ?
Hi Deepak,
You need DHCP addresses in the data (default) VLAN with option 191 defined. You need DHCP addresses with option 128 defined in the voice VLAN.
The IP phone will issue a DHCP request in the default VLAN. If it receives a response with option 191 it will issue a DHCP release and issue a DHCP request in the voice VLAN (VLAN tag equal to the value returned in option 191). The switch port needs to be configured as untag default VLAN (allowing trunking but only tagging the non PVID ports).
Good Luck!
Hi Michael,
If I hard code a Nortel IP Phone with an IP Address on the Voice VLAN and the IP Phone is connected to Port 1/3 which is associated with the command “vlan ports 1/1-47 tagging unTagPvidOnly”, shouldn’t the Phone work just fine without manual intervention of changing the Port’s PVID to be that of the Voice VLAN ID instead of the Data/Native VLAN?
This unfortunately didn’t work. The PVID for Port 1/3 had to be changed to the Voice VLAN ID.
Any ideas?
Hi Eric,
The unTagPvidOnly setting will only impact devices that you have connected to the PC port of the IP phone. Because those devices generally won’t understand the 802.1q header so the the PVID needs to be set to the data VLAN and the switch will strip the 802.1q headers off the Ethernet frames before it sends them down the IP phone and ultimately out the PC port.
How do you make it work? You need to set the Voice VLAN ID within the IP phone and you need to make sure that the port (1/3) is a member of that VLAN. With that done the IP phone will boot either with a static IP address of with a DHCP address if you have a DHCP pool available in that VLAN.
Good Luck!
Thanks Mike,
I just confirmed with the Client that the IP Phone wasn’t programmed with the Voice VLAN manually. So that most likely explains why it didn’t work as expected.
I just want to use this opportunity to say that I have been reviewing your Blog for months now and it has been been very informative in every way one can imagine.
I really appreciate the effort you have put into it and thanks again for the great work overall.
I guess, I speak for most of us when I say that your work as regards to your Blog is inspiring.
Thanks again!
Thanks for the comment Eric.
If you haven’t already drop by the discussion forums, it’s a great place to share your questions or help answer a few.
Cheers!
Hi Michael,
You are the Champ .. It works now !!
I was using option 191 is voice VLAN instead of data VLAN .
Thank you so much . You made my day .. Have a wonderful weekend !
I’m happy I was able to help.
Cheers!
Hi Michael,
How do I enable bluetooth in option 128 ? Tried with bt=1
option 128 ascii “Nortel-i2004-A,10.2.224.15:4100,1,2;10.2.224.15:4100,1,2;bt,1.”
Hi Deepak,
You can’t set that option with the legacy Nortel-i2004-A option. You need to use the Nortel-i2004-B option which requires UNIStim v2.3 or later firmware on the IP phones. You can find additional information on the Nortel-i2004-B option in this post. If you only have a few phones you can probably just enable bluetooth from the phone itself.
Cheers!
Thanks Michael . I have tried with B option already with bt set to y but it stops at DHCP option . I will play around with option B.
Hello Michael and everybody reading this.
Our infrastrucure :
Network : Nortel stacks with 5520 switches (firmware 6.0.1.002)
IP Phones : Cisco 7911
Data vlan configured on every port. Adac is configured to dynamicaly assigned voice vlan to a port. Unfortunately this not working well : We often see phones that go in the data vlan and stay.
Our switch configuration looks equal as yours but…something must be wrong.
It is interesting to note that :
a. disabling/enabling adac on the port can put the phone in the voicevlan.
b. disabling/enabling poe can also put he ipphone in the voice vlan.
c: this can happened on every port.
Michael,
I am very happy about your blog because i got lot of information on Nortel Switches.
I am facing one problem in ERS 5520 that whenever i remove the cable form port, i am not getting any cli messages (alter) on cli prompt . But in cisco switch wherever i disconnected port form cisco switch, i am getting alter messages on cli prompt. So i need a solution on ERS 5520 as well as ers8600.
Thanks
Hemant Shingane
Hi Michael,
i have a switch ers 4826GTE-PWR version 5.6.0.009. i am facing one issue when i connected the ip phone to the switch the ip phone got rebooted after dispaly the extension on the screen.
i am attaching the config also.
please suggest me or resolve my issue…….
vlan create 14 name vlan14 type port
vlan create 25 name vlan25 type port
vlan create 30 name voip type port
vlan create 35 name avayavsp type port
vlan port 23-24 tagging tagall
vlan port 3-11 tagging untagpvidOnly
vlan configcontrol automatic
vlan members add 14 23-24
vlan members add 25 1-10,23-24
vlan members add 30 1-10,23-24
vlan members add 35 11-24
vlan port 1-10 pvid 25
vlan members remove 1 1-22
vlan ports 23-24 filter-untagged-frame enable
interface fastEthernet 1-10
poe poe-priority high
Hi Navdeep,
How did you configure the IP phone?
How did you configure the DHCP server?
You provided some information about the network configuration but you didn’t tell me which port you connected the IP phone to?
Feel free to post over on the discussion forums.
Good Luck!
Hi Michael,
th naks for reply
the voice vlan is 25 and the port which the ip phone is connected is 5
the dhcp is globally define on the server and connected on the l3 switch
i have recived the logs on the switch is mentioned below…
4826GTS-PWR+(config)#show logging
Type Time Idx Src Message
—- —————————– —- — ——-
I 00:00:39:25 108 Link Down Trap for Port: 5
I 00:00:39:30 109 Link Down Trap for Port: 23
I 00:00:39:32 110 Trap: pethPsePortOnOffNotification
I 00:00:39:32 111 PoE Port Detection Status: Port 5
Status: Detecting
I 00:00:39:33 112 Link Up Trap for Port: 24
I 00:00:39:36 113 Trap: pethPsePortOnOffNotification
I 00:00:39:36 114 PoE Port Detection Status: Port 5
Status: Delivering Power
I 00:00:39:40 115 Link Down Trap for Port: 24
I 00:00:39:43 116 Link Up Trap for Port: 23
I 00:00:39:53 117 Link Up Trap for Port: 5
I 00:00:40:18 118 Trap: bsnConfigurationSavedToNvram
I 00:00:41:28 119 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:41:29 120 Trap: lldpRemTableChange Inserts =
18
I 00:00:42:04 121 Link Down Trap for Port: 5
I 00:00:42:28 122 Link Up Trap for Port: 5
4826GTS-PWR+(config)#
4826GTS-PWR+(config)#show logging
Type Time Idx Src Message
—- —————————– —- — ——-
I 00:00:39:25 108 Link Down Trap for Port: 5
I 00:00:39:30 109 Link Down Trap for Port: 23
I 00:00:39:32 110 Trap: pethPsePortOnOffNotification
I 00:00:39:32 111 PoE Port Detection Status: Port 5
Status: Detecting
I 00:00:39:33 112 Link Up Trap for Port: 24
I 00:00:39:36 113 Trap: pethPsePortOnOffNotification
I 00:00:39:36 114 PoE Port Detection Status: Port 5
Status: Delivering Power
I 00:00:39:40 115 Link Down Trap for Port: 24
I 00:00:39:43 116 Link Up Trap for Port: 23
I 00:00:39:53 117 Link Up Trap for Port: 5
I 00:00:40:18 118 Trap: bsnConfigurationSavedToNvram
I 00:00:41:28 119 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:41:29 120 Trap: lldpRemTableChange Inserts =
18
I 00:00:42:04 121 Link Down Trap for Port: 5
I 00:00:42:28 122 Link Up Trap for Port: 5
4826GTS-PWR+(config)#show logging
Type Time Idx Src Message
—- —————————– —- — ——-
I 00:00:39:25 108 Link Down Trap for Port: 5
I 00:00:39:30 109 Link Down Trap for Port: 23
I 00:00:39:32 110 Trap: pethPsePortOnOffNotification
I 00:00:39:32 111 PoE Port Detection Status: Port 5
Status: Detecting
I 00:00:39:33 112 Link Up Trap for Port: 24
I 00:00:39:36 113 Trap: pethPsePortOnOffNotification
I 00:00:39:36 114 PoE Port Detection Status: Port 5
Status: Delivering Power
I 00:00:39:40 115 Link Down Trap for Port: 24
I 00:00:39:43 116 Link Up Trap for Port: 23
I 00:00:39:53 117 Link Up Trap for Port: 5
I 00:00:40:18 118 Trap: bsnConfigurationSavedToNvram
I 00:00:41:28 119 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:41:29 120 Trap: lldpRemTableChange Inserts =
18
I 00:00:42:04 121 Link Down Trap for Port: 5
I 00:00:42:28 122 Link Up Trap for Port: 5
I 00:00:44:04 123 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:44:04 124 Trap: lldpRemTableChange Inserts =
19
I 00:00:44:43 125 Link Down Trap for Port: 5
I 00:00:45:07 126 Link Up Trap for Port: 5
I 00:00:46:39 127 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:46:39 128 Trap: lldpRemTableChange Inserts =
20
I 00:00:47:15 129 Link Down Trap for Port: 5
I 00:00:47:40 130 Link Up Trap for Port: 5
I 00:00:48:41 131 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:48:44 132 Trap: lldpRemTableChange Inserts =
21
I 00:00:49:08 133 Link Down Trap for Port: 5
I 00:00:49:33 134 Link Up Trap for Port: 5
I 00:00:50:33 135 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:50:34 136 Trap: lldpRemTableChange Inserts =
22
I 00:00:51:02 137 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:51:04 138 Link Down Trap for Port: 5
I 00:00:51:04 139 Trap: lldpRemTableChange Inserts =
23
I 00:00:51:28 140 Link Up Trap for Port: 5
I 00:00:52:59 141 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:52:59 142 Trap: lldpRemTableChange Inserts =
24
I 00:00:53:38 143 Link Down Trap for Port: 5
I 00:00:54:03 144 Link Up Trap for Port: 5
I 00:00:55:04 145 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:55:04 146 Trap: lldpRemTableChange Inserts =
25
I 00:00:55:31 147 Link Down Trap for Port: 5
I 00:00:55:55 148 Link Up Trap for Port: 5
I 00:00:56:57 149 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:56:59 150 Trap: lldpRemTableChange Inserts =
26
I 00:00:57:24 151 Link Down Trap for Port: 5
4826GTS-PWR+(config)#
4826GTS-PWR+(config)#
4826GTS-PWR+(config)#
4826GTS-PWR+(config)#
4826GTS-PWR+(config)#
4826GTS-PWR+(config)#
4826GTS-PWR+(config)#set p
4826GTS-PWR+(config)#set p
4826GTS-PWR+(config)#set p
4826GTS-PWR+(config)#set p
4826GTS-PWR+(config)#set p
4826GTS-PWR+(config)#set pO
4826GTS-PWR+(config)#set pO
4826GTS-PWR+(config)#set pO
4826GTS-PWR+(config)#set pO
4826GTS-PWR+(config)#?
Configure commands:
adac Modify ADAC settings
arp Configure a static ARP entry
asset-id Configure the Asset-ID
audit Enable audit log save settings
auto-pvid Enable Auto-PVID (for all ports).
autosave Change autosave settings
autotopology Enable the autotopology protocol
banner Set custom banner info
cli Modify password settings
clock Global RTC configuration subcommands
default Set a command to its defaults
eapol Enable/disable EAPOL protocol.
edm Modify EDM settings
end Exit from configure mode
energy-saver Configure global energy saver settings
exit Exit from configure mode
http-port Set the TCP port on which web server will listen
interface Select an interface to configure
ip Global IP configuration subcommands
ipmgr Modify IP Manager settings.
ipv6 Global IPv6 configuration subcommands
4826GTS-PWR+(config)#SHOPW LOGG
4826GTS-PWR+(config)#SHOW LOGG
4826GTS-PWR+(config)#SHOW LOGGing
Type Time Idx Src Message
—- —————————– —- — ——-
I 00:00:39:25 108 Link Down Trap for Port: 5
I 00:00:39:30 109 Link Down Trap for Port: 23
I 00:00:39:32 110 Trap: pethPsePortOnOffNotification
I 00:00:39:32 111 PoE Port Detection Status: Port 5
Status: Detecting
I 00:00:39:33 112 Link Up Trap for Port: 24
I 00:00:39:36 113 Trap: pethPsePortOnOffNotification
I 00:00:39:36 114 PoE Port Detection Status: Port 5
Status: Delivering Power
I 00:00:39:40 115 Link Down Trap for Port: 24
I 00:00:39:43 116 Link Up Trap for Port: 23
I 00:00:39:53 117 Link Up Trap for Port: 5
I 00:00:40:18 118 Trap: bsnConfigurationSavedToNvram
I 00:00:41:28 119 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:41:29 120 Trap: lldpRemTableChange Inserts =
18
I 00:00:42:04 121 Link Down Trap for Port: 5
I 00:00:42:28 122 Link Up Trap for Port: 5
I 00:00:44:04 123 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:44:04 124 Trap: lldpRemTableChange Inserts =
19
I 00:00:44:43 125 Link Down Trap for Port: 5
I 00:00:45:07 126 Link Up Trap for Port: 5
I 00:00:46:39 127 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:46:39 128 Trap: lldpRemTableChange Inserts =
20
I 00:00:47:15 129 Link Down Trap for Port: 5
I 00:00:47:40 130 Link Up Trap for Port: 5
I 00:00:48:41 131 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:48:44 132 Trap: lldpRemTableChange Inserts =
21
I 00:00:49:08 133 Link Down Trap for Port: 5
I 00:00:49:33 134 Link Up Trap for Port: 5
I 00:00:50:33 135 Trap: lldpXMedTopologyChangeDetect
ed, Subtype = 5 Class = 3
I 00:00:50:34 136 Trap: lldpRemTableChange Inserts =