Nortel has released software 6.1.2 for the Nortel Ethernet Routing Switch 5000 series switches. This includes the Ethernet Routing Switch 5510/5520/5530/5698/5650/5632. While there are a number of fixes in this software release there are some very interesting new features primarily concerned with VLAN assigned through 802.1x authentication (both EAP and non-EAP clients) in conjunction with RADIUS. Here is a list of the new features;
- Dynamic VLAN assignment from RADIUS server for EAP and non-EAP authenticated devices
- 802.1X Authentication, NEAP / MAC-based Authentication, and Guest VLAN functionality on the same port
- 802.1X Authentication and NEAP functionality with Radius, but with Radius response using VLAN names instead of VLAN ids
- 802.1X Authentication and NEAP with Fail-Open functionality
- Support for DDI SFPs
As always I would strongly suggest you review the release notes for yourself.
Cheers!
Related posts:






#1 by svl0r on December 29, 2009 - 3:04 pm
Kinda not worth upgrading until they release 6.1.3. At least for me it would nice to have the IST problem fixed. This way I can upgrade my DMZ core and switches.
#2 by Dan on February 25, 2010 - 9:48 am
I upgraded to 6.1.2.029 and now I get all of my switches trying to use the user name “nortel” to login using window IAS. I had radius set up on these switches but I’ve had to remove it because of this upgrade. It’s flooding our logs with bad logins. Any ideas why?
#3 by Michael McNamara on February 25, 2010 - 12:16 pm
Hi Dan,
I’ve noticed that as well but haven’t had time to dig into the problem. I’m wondering if the port based EAPoL process is trying to authenticate to the IAS/RADIUS server in preparation for authenticating EAPoL connections?
Thankfully I only have a few lab switches setup testing RADIUS.
If you can a support case to Avaya/Nortel might help. If I discover anything I’ll post back here.
Good Luck!
#4 by Dan on March 3, 2010 - 10:54 am
Michael,
Great site. I used it to setup my SNMPV3 settings. I went on Nortel’s ERS forum and got this answer from a guy there:
http://community.nortel.com/go/thread/5309?tstart=0
Hi Dan,
this “feature” cant currently disabled. In version 6.2.x it will be changed from Radius-Request to ICMP-Ping, but this will be also not be disabled.
This feature must/will be available for EAPoL-FailOpen.
The workaround is to configure the radius-server to accept that request.
good luck
matthias.neumann
#5 by Michael McNamara on March 3, 2010 - 7:41 pm
Thanks for the feedback Dan!
I always get excited when folks come back and help add to the discussion and/or topic if they learn something new.
Cheers!