I’ve had a number of discussions recently with people asking how to configure VLANs and IP routing on the stackable Avaya Ethernet Routing Switches. I thought I would take a step back and document some basic configurations for those that might still have questions or for anyone that might be looking for some example configurations. In this post I specifically focus on how to configure multiple VLANs with IP routing on a single Ethernet Routing Switch 5520. (In a future post I’ll examine how to tag VLANs between multiple switches.) The example configuration below should be applicable to any model of the Ethernet Routing Switch 4500 or Ethernet Routing Switch 5000 series switches. This example configuration matches a build I recently setup to test the compatibility of the Avaya 1100 and 1200 series IP phones to connect to an Asterisk IP PBX. You can review a diagram of the test network in the figure to the right.
We have a single Ethernet Routing Switch 5520 (running software 6.2) with 3 separate VLANs each with their own Layer 3 IP interface. We’ll enable IP routing, configure DHCP forwarding (relay) and apply some basic best practices. The CentOS Linux sever at 192.168.1.6 will server multiple rolls; SIP server, DHCP server and TFTP server. In this example I’ll assume that the switch has a factory default configuration.
Let’s get started by entering configuration mode;
enable config terminal
The “Default VLAN” already exists in the factory configuration so let’s rename it and assign an IP address to the Layer 3 IP interface;
vlan name 1 "192-168-1-0/24" interface vlan 1 ip address 192.168.1.50 255.255.255.0 1 exit
Let’s create VLAN 100, assign ports 13-24 to that VLAN, set the PVID for each port to VLAN 100, create a Layer 3 IP interface and enable DHCP relay;
vlan create 100 name "192-168-100-0/24" type port vlan members remove 1 13-24 vlan members add 100 13-24 vlan port 13-24 pvid 100 interface vlan 100 ip address 192.168.100.1 255.255.255.0 2 ip dhcp-relay exit ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable
Let’s create VLAN 200, assign ports 25-36 to that VLAN, set the PVID for each port to VLAN 200, create a Layer 3 IP interface and enable DHCP relay;
vlan create 200 name "192-168-200-0/24" type port vlan members remove 1 25-36 vlan members add 200 25-36 vlan port 25-36 pvid 200 interface vlan 200 ip address 192.168.200.1 255.255.255.0 3 ip dhcp-relay exit ip dhcp-relay fwd-path 192.168.200.1 192.168.1.6 enable
Let’s make sure that IP routing is enabled globally;
ip routing
There’s no need to add any additional IP static routes since this is a closed network. However, if there was an Internet router at 192.168.1.1 we would use the following command to create a default route to 192.168.1.1;
ip route 0.0.0.0 0.0.0.0 192.168.1.1 1
Whenever you remove a port from all VLANs it get’s removed from the Spanning Tree Group so it’s always a good idea to re-apply Spanning Tree to every port and set it to Fast learning. It’s also usually a very good idea to enable broadcast and Multicast rate-limiting (this is done in the hardware ASIC), setting it to 10% of the maximum port utilization;
interface fastEthenet All spanning-tree learning fast rate-limit both 10 exit
Cheers!
Great post Michael, i hope you don’t mind but i shared it as a link with our community @ http://blog.combatnetworks.com
AD
Hi Adam,
I don’t mind at all…
Cheers!
vlan members add 200 25-36
vlan port 25-36 pvid 200
is the pvid suppose to be 200 or 100 ? did you make a type o or is that proper config.?.
Let’s suppose you want all untagged traffic to be vlan 100 and allow vlan 200 in on that port for example a phone with a desktop connected. Where the phone tags voice as vlan 200 and data untagged. Would this be correct?
vlan members add 200 25-36
vlan port 25-36 pvid 100
Also, in that same scenario would you set the vlan configcontrol autopvid or flexible should work also?
Hi Xvs,
The example in the post is correct for the topic of the post, a simple access port configured in a single VLAN.
If you were to connect an IP phone to that port then your assumptions would be correct. However, you’d need to issue a few additional commands;
You could use autopvid or flexible, it doesn’t matter if you manually set the PVID yourself which is always best practice.
Cheers!
Hi Micheal,
I tried to follow your steps to configure my switches (stack) and the stack didn’t accept #IP routing or #Interface vlan 100 commands. I am new using these switches. I think the IOS version is old and I cannot find information what to do. Here is the information of the stack when I am trying to connect via telnet:
Ethernet Routing Switch 4548GT-PWR Nortel
Copyright 1996-2007
HW:04 FW:5.1.0.8 SW:v5.1.0.000
Hi Santiago,
You need to be running software release 5.4 of later on the Ethernet Routing Switch 4500 series.
Cheers!
hi Michael,
i know that this post is too old, but i have been search in to the web for many hours and i found your blog/webpage.
i follow this steps for create VLANs in a Ethernet Routing switch 4550-t PoE,
1. I create 3 VLANs
one for ELAN, another for TLAN and last for TLAN for Telephones
i try to explain mi problema.
– First configure my CallServer switch avaya-nortel rls 7.5 with signaling server then these are my IP`s
Callserver ip – ELAN 192.168.28.4
TLAN 10.94.16.55
Signaling server ELAN 10.94.16.55
Node IP TLAN 10.94.16.57
Telephones 192.168.29.0/24 255.255.255.0
when i connect my 4550-t to the client network with default configuration the switch assign me some direccions in this segment 10.94.16.xx, that is the segment “TLAN” of the client and it`s used for his computers. i have connect the ELAN and TLAN from callserver and signaling server and node in the switch also, but when i connect one telephone in the switch this assign me by DHCP some ip from client segment (TLAN) for example 10.94.16.65 and it`s automatically connect,
but i need some direcction that 192.168.29.xx segment but conect to the IP node in this case 10.96.16.57
when i configure 3 VLANS in the switch i found some inconvenients these are:
– witch ip direction need to put to the switch? i mean in wich segment
– i have to put the STACK or SWITCH ip ?
– i use your procedure for create VLANs, but i need to communicate from VLAN of telephones in this case 192.168.29.xx to the ip node 10.94.16.57 for sign telephones to the callserver.
i hope i expressed myself correctly.
thanks.
Héctor
Hi Hector,
You’ve got a few hurdles to overcome… the default configuration of any ERS 4000 or 5000 switch has all ports in VLAN 1 and all ports set to UnTagAll (Access) ports. You would need to implement this switch using a Layer 3 configuration. Assuming the customer already has a router you could need to update that router’s routing table with routes to the new IP networks you’ve built, likewise you’d need to configure routes in the 4550 to reach the customers existing router.
You might want to see some consulting help… at least for your first one or two implementations.
Good Luck!
Hi Micheal,
i use 3 stacked 5520 with software 6.03 and i have 4 vlans. i assighned l3 ips for vlans as vlan1: 192.168.1.1/24, vlan10:192.168.10.1/22, vlan30: 192.168.30.1/22, vlan40: 192.168.40.1/22. then aply dhcprelay to all vlans its working fine(i connect DHCP server and Internet Router in vlan 1). all i follow the above conf examples. i also give static route. but i can’t get internet in the vlans 10,30,40 i can get internet in vlan1 only. i can ping the gateways,pcs form eny vlan to enyvlan but, i can’t ping internet router. i using belkin n600. ip is 192.168.1.254/24. if thire is any static routing made into the internet router or any config should we have todo make this
work… i made the config as u give … everything working fine without internet for other vlans …. pls any guide and help me…
Hi udayakumar,
You need to add the appropriate routes to your Belkin router so it knows how to get back to your other VLANs.
192.168.10.0/22 -> 192.168.1.1
192.168.30.0/22 -> 192.168.1.1
192.168.40.0/22 -> 192.168.1.1
You’ll probably also need to check that you have a NAT table entry for those networks. You need to NAT the traffic as it passes through the Belkin so it gets a public IP address.
Good Luck!
Hello Michael,
Sorry to bother you again with simple questions, If I configured my stack using both “ip routing” and “ip route 0.0.0.0 0.0.0.0 192.168.1.1 1” so all the vlans have access to internet, Will be ok keeping “ip default-gateway 192.168.1.1” or I need to remove it? Right now my stack has VLAN1 on all the ports and the default gateway is 192.168.1.1 (internet access).
Hi Santiago,
You can leave the command in place. If you aren’t doing routing the command is utilized for the management interface of the switch.
Cheers!
Hi Michael,
I have stackable Avaya 5520s which I want to access the config exactly. I want to print them for my vendor to check what is the problem with my additional VLANs. How can I get those using an ethernet cable? My other question is if I add 2 more VLANs to my existing 192.168.89.0/24 (192.168.10.0/24 and 11.0/24) How can I configure them so that it would talk with my existing 89.0/24 and uses my VPN and internet with gateway 89.10, Do I need to assign or isolate other VLANS to specific ports? Please help me with this, my background is on Servers & OS not on Networking. Thanks.
Hi Gev,
You can use the following command from the CLI interface to output the entire configuration;
“show running-config”
With regard to your other questions you would need to add those VLANs to the ERS 5520, you would also need to enable routing.
If you have additional questions I would suggest you post them on the forums, http://forums.networkinfrastructure.info/index.php
Good Luck!
Hi Michael,
For resilience I have 2 DHCP servers in the 192.168.100.0 vlan, serving without overlapping addresses. If one DHCP server goes down the other one can respond.
How can a client in the other vlans access both servers. Do I have two dhcp_relay commands? is this possible?
Hi Has,
You’ll need multiple DHCP relays for each VLAN. You can find the commands in the post below for the stackable switches.
http://blog.michaelfmcnamara.com/2011/01/vlans-ip-routing-ethernet-routing-switch/
Good Luck!
Hi Michael,
Just to get this clear in my head; in the example:-
http://blog.michaelfmcnamara.com/2011/01/vlans-ip-routing-ethernet-routing-switch/
ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable
is used to define a fwd-path in vlan 100 and …
ip dhcp-relay fwd-path 192.168.200.1 192.168.1.6 enable
is used to define fwd-path in vlan 200.
BUT I have 2 DHCP servers (let say 192.168.1.6 and 192.168.1.7) I want clients in vlan 100 to use either DHCP server. Do I issue the following 2 commands?
ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable
ip dhcp-relay fwd-path 192.168.100.1 192.168.1.7 enable
I must admit that this looks wrong to me? Should I be using something other than 192.168.100.1 in the second command?
In general the command is:-
ip dhcp_relay fwd-path ADDR1 ADDR2 enable
ADDR2 signifies the DHCP server
What does the ADDR1 signify ?
is it a ‘virtual address’ for the DHCP server ?
is it the router interface in the vlan?
Hi Michael,
Just to get this clear in my head; in the example:-
http://blog.michaelfmcnamara.com/2011/01/vlans-ip-routing-ethernet-routing-switch/
ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable
is used to define a fwd-path in vlan 100 and …
ip dhcp-relay fwd-path 192.168.200.1 192.168.1.6 enable
is used to define fwd-path in vlan 200.
BUT I have 2 DHCP servers (let say 192.168.1.6 and 192.168.1.7) I want clients in vlan 100 to use either DHCP server. Do I issue the following 2 commands?
ip dhcp-relay fwd-path 192.168.100.1 192.168.1.6 enable
ip dhcp-relay fwd-path 192.168.100.1 192.168.1.7 enable
I must admit that this looks wrong to me? Should I be using something other than 192.168.100.1 in the second command?
In general the command is:-
ip dhcp_relay fwd-path enable
What does the address signify ?
is it a ‘virtual address’ for the DHCP server ?
is it the router interface in the vlan?
Hi There,
I wondered if anyone knows how to either load-balance between Broadband circuits and/or use a specific broadband as a backup route?
Thanks
Rob
Hi Rob,
You’d configure that functionality in your perimeter Internet router or firewall. You can set lower metric routes that will kick in if the primary route fails. There are also third party appliances that will help mesh multiple, disparate Internet connections into a single connection. You can look at solutions from Barracuda Networks, Peplink, XRoads Internet etc. These appliances make it easy to aggregate multiple Internet links such as DSL, Cable Modem, FiOS (FTTP), T1, etc. and take the complexity out of the mix for the average network manager/engineer.
Cheers!
Hi Everyone,
Using Michael’s excellent blog …
http://blog.michaelfmcnamara.com/2011/01/vlans-ip-routing-ethernet-routing-switch/
I have created, and am using a vlan, for which I configured the interface thus ..
Baystack(config)# interface vlan 5
Baystack(config)# ip address 10.10.31.254 255.255.224.000 5
As I populated this vlan- I configured each host with ‘default gateway’ 10.10.31.254, this works fine because my Internet router was situated in ‘VLAN 1’ which is the default vlan.
I want to relocate the Internet router into ‘VLAN 5’ and I want to set its IP address to 10.10.31.254/19, this way I will avoid having to change the ‘default gateway’ setting which I have already configured on each of my existing hosts. To allow this, I expect that I must change the ‘vlan 5’ interface address to something else first.
o Can I do this?
o How Can I do this?
o What ‘pitfalls’ do I need to consider…
For instance all the hosts left behind in the ‘default vlan’ inside which the ‘Internet router’ originally resided will need their ‘default gateway’ changed to the address of the Baystack cascade, but If I do that, then how does that know that the ‘Internet router’ now resides in ‘vlan 5’ with address 10.10.31.254?
Is there anyone who understands what I am attempting to achieve and can advise me?
Hi,
I have a nortel 3510-24t switch and I followed what you said in your post but the vlans could not see each other. I made some changes on the network as i dont have/ dont want a dhcp server. I disabled the dhcp-relay. but i can not establish an inter vlan connection. How can i make vlans with no dhcp using static addresses? plz help!
Hi McAdams,
I’m not sure why you wouldn’t want a DHCP server but in any case… if you want to static the configuration you need to make sure you configure all the appropriate information. Since you didn’t provide too much information I’m going to guess that you are not configuring the default gateway on the desktops/laptops.
You should verify that you can ping the default gateway from each laptop/desktop, then perform a tracert and see where it dies – that will provide you a clue where to look.
Good Luck!
Thax micheal, i configured the vlans with static ip addreses its working because i can ping each pc from a different vlan. but i can only open shared files from one pc but not the other way round. i can even tracert all computers its working fine. i tried to disable firewalls but still can not access shared folders.
I doubt if i configured my gateways well. for example vlan 100 has ip address 192.168.100.1, and a computer on that vlan i gave it the ip 192.168.100.2/24 with gateway 192.168.100.1, is this correct or i have to use a different gateway say like from the other vlan? i read another post it said the gateway has to be the vlan ip address you are trying to access, is this true? say like the other vlan has ip address 192.168.200.1 and host has 192.168.200.2 to reach this host you would use 192.168.200.1 as your gateway? plz help!
Your configuration is correct… your gateway MUST be on the same network as your device.
If you can ping and traceroute your problem is no likely to be the network but rather to be somewhere else, like a Windows Firewall or similar.
Good Luck!
Thax bro. thats perfect.
This is a little off topic. I have a company using a macaffe vulnerability scanner and they are freezing up our ERS 5500 routers in the field. We have to boot them to get them to come back. It’s just a discovery scan. Any ideas?
Hi micheal,
I have a nortel switch 3550-24t which have two vlans, A and B. Vlan B has gigabit ports 21 and 22, while vlan A has Gigabit ports 23 and 24. I want to connect a netgear switch to vlan B on ports 21 and 22, so that the netgear switch can connect to many computers all belonging to the same vlan. Is it possible that without creating vlan B on netgear switch i can connect it to the ports on nortel switch so that instead of connecting two computers to port 21 and 22 i can connect the netgear switch and have many computers connected to the netgear switch all on the same vlan using the vlan ip as their default gateway? All i want it to allow many computers connected to a single vlan instead of only two computers on ports 21 and 22.
Hi Micheal,
I have created vlans on a nortel switch and configured static route to a dhcp server for dynamic ip addressing. here is one vlan settings:
vlan create 20 name student type port
vlan members remove 1 5
vlan members add 20 5
vlan port 5 pvid 20
interface vlan 20
ip address 192.168.200.1 255.255.255.0 2
ip dhcp-relay
exit
ip dhcp-relay 192.168.200.1 192.168.300.6 enable
::asumming that the dhcp server is at 192.168.300.6 in another subnet.
but when i connect a laptop to vlan 20 it can not receive an ip address. when i tried to ping the server it worked but suddenly the ping did not work anymore.
there is a switch between the server and the switch that has vlans, i assumed that the second switch will be in one vlan so there is no need to create a trunk between them.
::how can i go about troubleshooting the dhcp problem in this scenario?
You should start your troubleshooting according to the OSI layers, and then work through all the different points between A (laptop) and B (DHCP server).
Do you have Layer 1 (link) between the Avaya 5520 and this “other” switch? If you have link are you bridging/trunking the VLANs correctly? Can you see the MAC/FDB table populate on both switches? Your next step would be to start a SPAN or port mirror and perform a packet trace, do you see the DHCP request arriving at the DHCP server? Do you see the DHCP reply going back to the workstation/laptop.
Good Luck!
Hi Micheal,
Let me put the problem in this way.The switch is not a 5500 but a nortel 3510-24t, the other switch is a netgear switch. I have a problem with configuring the netgear because i dont have its console cable or do not know its ip address to start managing it. I created a vlan on the nortel switch lets say vlan A but instead of plugin the dhcp server i pruged in the netgear switch so that i can not just connect the server but also other computers all in vlan A. I assumed that because the cable in plugedin to vlan A and all computers including the server have to be in vlan A i should not set the Vlan A and a trunk on the netgear (if this is not true plz let me know. I also did this because i dont have a way / cable to configure the netgear with vlan A. Since the cable between the netgear and nortel has to carry only vlan A data, does it have to be a trunk. and if it has to be a trunk, how can i make a trunk that is compatible on both switches? i herad that 802.1q is excellent but how can i make it? you said about port mirroring and packet trace how can i do it on nortel? am not well schooled on nortel products, I am used to cisco since they are common.
the dhcp issue is worked out, its actually the dhcp server that had a problem. I removed superscope and made subscope for each vlan and it all worked well.
Hi micheal,
I hope this discussion is not closed. What is the difference between using
ip dhcp-relay fwd-path and ip dhcp-relay broadcast
because i want to put two dhcp servers in my network, in case one fails the other one picks up. i was wondering how to set two ip relay paths to the servers.
You can have multiple DHCP relays (IP helpers) per IP interface. The syntax is different dependent on switch model and software release.
You just need to enable DHCP on the specific VLAN and then setup a DHCP relay, you can repeat the command with multiple DHCP servers.
The switch will send the DHCP requests to both DHCP servers, it’s up to the DHCP servers to decide who will respond. If both DHCP servers respond then the client will usually accept the DHCP response that arrives first.
Hopefully that answers the question? Good Luck!
Hello Michael,
Is it possible to enable dhcp-relay WITHOUT enabling ip routing on my L3 avaya switch?
For security reasons, I disabled routing between vlans on the switch so that all traffic goes through the firewall. [except for dhcp traffic]
Howard
Hi Howard,
You need IP enabled in order for the switch to act as a DHCP relay. You could create filters to block inter-vlan traffic but the switch would need a route to the DHCP server. In short the switch will take the DHCP broadcast and wrap it up into a unicast frame and send it to the DHCP server. The DHCP server will respond with a unicast frame which the switch will unwrap and then broadcast back onto the VLAN from which it came.
Good Luck!
Hi Michael,
Need your help with a weird problem, I have posted this on http://forums.networkinfrastructure.info/nortel-bayrs-routing/nortelavaya-5500-stack-routing-issue/ as well.
We have got a Stack of 6 Nortel 5500 Switches running FW:5.0.0.4 SW:v5.1.4.021.
Configuration:
IP Routing enabled globally
5 L3 VLANs configured (Routing enabled on the interfaces)
Default-gateway pointing to a.a.a.a
Static Default Route pointing to a.a.a.a (Where a.a.a.a is our WAN Router)
I thought we only needed a default route if we are running the stack in L3, but as this stack was built by a 3rd party and almost 3 years ago no configuration changes were made since then.
I was working on a change last night were we had to do the following
Add 4 new Static Routes Pointing to a.a.a.a
Add a new default Route Pointing to b.b.b.b (where b.b.b.b was our Firewall)
I made the changes in this order:
Added the 4 new Static Routes
Deleted the old default route and default gateway
Added the new default route (as the stack is running in L3, I didnt add the default-gateway)
Everything was working fine, no services were affected.
However after this change I have noticed that I cannot Ping the VLAN gateways of the stack from the remote sites. All services are running as normal, I can even traceroute/ssh/snmp to the vlan gateways but just cannot ping them. Very very strange, never saw this in my life before ……
There are no Firewalls or ACL’s so nothing is being blocked anywhere.
I tried adding the default-gateway pointing to the new b.b.b.b (but still cannot ping the vlan gateways). Services remain unaffected.
However if I rollback and just leave the default route pointing to old a.a.a.a, services are still unaffected but we cannot ping the vlan gateways.
If I rollback and leave the default route and default-gateway pointing to the old a.a.a.a, I can now ping the vlan gateways..
Please help! I am pulling my hair out here ……..
Regards,
Meraj
You’ve already posted in the forums so let’s keep the conversation in a single location.
Cheers!
Hi Michael,
I Posted a question and it has disappeared, please advise if I am doing anything wrong here?
Meraj
I manually approve all new posts to help keep the SPAM off the site.
Your question is up now… and I will respond in a few minutes.
Cheers!
Hi micheal,
I have this configuration for trunk ports on a cisco 3548 xl switch:
interface gi0/1
switchport mode trunk
switchport trunk encapsulation dot1q
this works from cisco switch to another cisco switch, but how can i match this configuration on a nortel 3510-24t switch so that their is communication between the two switches using the same 802.1q standard as on the cisco switch? many thanks in advance.
Thanks for your very informative posts. I am in the process of creating a wireless VLAN. I have successfully created two vlans that are getting DHCP addresses from a DHCP server on the data VLAN. This new VLAN will have wireless APs all over the place, not just off one interface of the 5632 ERS. In addition, the fiber on these interfaces will carry DHCP traffic for both the wired and wireless vlans. How do I implement this so the WAPs get appropriate IP addresses?
Hi David,
The answer depends on the wireless equipment you’re going to be using… most vendors support tunnels between the APs and the WLCs utilizing CAPWAP, MINT, LWAPP, etc. In that case you only need to present the VLANs that you’ll need to bridge to the WLAN at the WLC. If you are going to try and bridge the traffic locally at the AP then you’ll obviously need to configure the port and AP for 802.1q trunking to carry multiple VLANs.
Good Luck!
Thank you for your answer. The VLAN is created correctly, I have confirmed that by pinging all of the VLAN 17 switch interfaces from PCs on the other VLANs. What I am having trouble with is getting a DHCP address to the wireless clients from the VLAN 17 pool. The DHCP server is on VLAN1, and I have the following statements in the 5632 ERS:
ip dhcp-relay fwd-path 10.17.1.254 10.1.20.101
interface vlan 17
ip dhcp relay broadcast
The DHPC process does not complete. In fact, I connected to the SSID with an Iphone, and it received a 169.254.x.x address, meaning it could not contact a DHCP server. I am trying to troubleshoot with Wireshark, but it is slow going.
I am working with Avaya to get at the problem, but the tech I am working with is not much help.
Hi David,
You’ve enabled DHCP on the VLAN interface along with creating the relay, yes?
In the logs of your DHCP server can you see the DHCP requests? If you don’t have access to the logs setup a packet trace.
As previously suggested I would advise you to just connect to a PC to a port in VLAN 17 and confirm that DHCP works properly. If that works then you know the issue isn’t with DHCP but with your wireless configuration and/or Access Point.
The switch can ping the DHCP server?
Good Luck!
Thanks for your response. I have connected a laptop to the port, and it is getting an address from the VLAN 17 pool. I had a subnet mask mismatch in the DHCP pool. However, I cannot ping any of the VLAN 17 devices from VLAN 1. There is a route on the switch to the 10.17.0.0 network.
I am using ports 2/33-35 for VLAN 17. I have them tagged UntagPvidOnly. The Pvid on these ports is set to 17. If I configure the ports to be members of VLAN 17 only, the devices get IP addresses from the VLAN 17 scope, but I cannot ping them from VLAN 1. If I make the ports members of VLAN 1 and VLAN 17, the devices get IP addresses from the VLAN 1 scope. The devices are all directly connected to the switch.
Is the tagging correct? If so, what could be the issue?
Hi Michael,
kindly .. i need best practice configuration for 5520 as L2 for dot1x using NAC solution
knowing that we have voip on the same network ports .
I would suggest looking at the Avaya IP Telephony Deployment Technical Configuration Guide.
Good Luck!
Many Thanks
I have multiple Ethernet Routing switches, but one is the core, and functions as a router. How do they interract? Does one function as the router and the others as L2 switches? Should the ones added after the L3 device route all inter VLAN traffic to the first one?
For instance, I have six VLANs set up on a 5632 stack in one building. In another building, there are deviices on several VLANs on a 5520. Should theere be a statement in the ip routing section pointing the traffic to the 5632 to get to where it needs to go? I apologize for adding on to this. You mentioned at the top about writing a future post for routing and tagging for VLANs between multiple switches.
You can either router or switch/bridge depending on the configuration of the switch.
If you have multiple VLANs and you want devices on each VLAN to be able to communicate with each other you need to route between the VLANs. Whether you route in the core or route at the edge you need a switch/router with an IP address in each VLAN.
There are plenty of great resources on the net that have already described this topic in detail.
http://www.cisco.com/c/en/us/support/docs/lan-switching/integrated-routing-bridging-irb/17054-741-10.html
Good Luck!
Hi Michael,
thanks for this article which had helped me to understand the Avaya/Nortel switch configuration up to some level. I have switch in lab environment 4524 and have two DHCP server in two different subnets (e.g. 192.168.2.2 & 192.168.3.2)and internet is being provided through these two servers separately . so what I did I created two VLAN’s VLAN-2 with interface IP 192.168.2.1 and VLAN-3 with interface IP 192.168.3.1 and DHCP-relay for 192.168.2.1 –>192.168.2.2 & DHCP-relay for 192.168.3.1 –>192.168.3.2…. everything works fine. clients are getting IP addresses from their corresponding servers ..but internet is not working either of the client machines…
so what I did I put the default route 0.0.0.0 0.0.0.0 192.168.2.2 or 0.0.0.0 0.0.0.0 192.168.3.2 which works but both VLANs are getting internet from single server depends on what has been defined in default route…
I tried to define the static route but doesn’t help either. is there any way to get it done to provide internet from both vlan from their corresponding servers only ?
thanks .
Mudasir
Hi Mudasir,
You don’t need to use a DHCP relay when the DHCP server is in the same VLAN as the clients. In our DHCP configuration you need to specify the default gateway for the clients… then you won’t need to pub a default route in every client.
Good Luck!
Hi Michael,
We’ve got a 5530 that we are trying to create a layer 3 route to. We aren’t using any advanced routing, just static routes. This is all being trunked to a Cisco switch by the way. The main problem, is that when I try to ping the data (vlan 200) or phone (vlan 300) from my pc, I get the reply from [cisco interconnect IP]: TTL expired in transit. Doing a tracert to the data or phone IP address results in a loop between the interconnect IP address of the 5530 and Cisco switch.
I’m not sure if this is the main problem, but once we enable IP routing on the switch, it automatically adds local direct routes to the routing table. These direct routes are for the management and interconnect vlan subnets, and have the next hop IP as the LOCAL address of the management (vlan 100) and interconnect vlans (vlan 500). I would assume the next hop automatically adds the connected router, and not the local IP address. Would this be what is causing the pinging back and forth between the 5530 and the Cisco switch? I can ping the interconnect IP address just fine, it is only the data and phone vlan IP’s that have this behavior. Thank you.
Hi Ed,
Assuming you are having the Cisco switch act as the Layer 3 router you’ll just need to extend/trunk the VLANs to the Avaya 5530 – no need to have the 5530 do any routing. If you want to-do routing on the Avaya 5530 you’ll need to add new VLANs and IP subnets and setup the appropriate routing.
Good Luck!
Hi,
How to configure two different ip for default vlan 1 & switch ip in avaya ers 3524power +
Hi Alaudeen,
You need to add the IP interfaces to the respective VLANs.
vlan name 1 “192-168-1-0/24”
interface vlan 1
ip address 192.168.1.50 255.255.255.0 1
exit
vlan name 2 “192-168-2-0/24”
interface vlan 2
ip address 192.168.2.50 255.255.255.0 1
exit
Cheers!
Firstly, let me show my appreciation for your articles on the ERS platform. You’ve saved me thousands of pages of frustratingly reading Nortel’s documents.
Question: When using a DHCP Relay for a specific VLAN, is it necessary to enable routing on that VLAN? I noted that when the IP interface is added to the VLAN that routing on that VLAN is automatically enabled.
Hi Craig,
I’m not 100% sure… don’t believe I ever tried to enable DHCP relay without have IP routing enabled. I would expect that whatever device is acting as the router for that VLAN should also be doing the DHCP relay for that VLAN.
Cheers!
Michael, I would really appreciate if you would answer this intriguing matter for me.
We have a Call Server CS1000 etc. connecting to Nortel/Avaya ERS5520 switch setup as L2 device.
When creating VLANs for TLAN and ELAN network/subnets.
One of the options is if you want it to be “VoiceEnabled”.
The question is.
Do I enable those VLAN’s as a VoiceEnabled for CS1000/ Call Server, SMG Server or is this only for VLAN that has VoIP phones connected to it?
Thank you in advance for your time and answer.
WK
Hi Wesley,
This is usually for the VLAN that will have the IP phones attached… this will tell the switch which VLAN to return in the LLDP advertisements, etc.
Cheers!
Thank you Michael for your time and answer.
Maybe this is not a right place to ask this question.
However, I was wondering if you would share some best practices to configure ports on Avaya ERS-5000/5500 series switches for Signaling Server, Voice Gateway Media Cards, Media Gateways, etc.
Perhaps some QOS real-life examples to remark/classify traffic at Layer 2.
I found Nortel/Avaya QoS is hard to understand.
Maybe any forums that do discuss this topic.
Thank you once again for your much appreciated help time.
Wesley
You generally need to configure the switch port to be “trusted”, once you’ve done that the Signaling Servers and Media Gateways will automatically add their DSCP QOS values to the IP packets. This is Layer 3 QoS not Layer 2 802.1p.
Cheers!
Hello. first of all, I just want to say that some of your posts have been very helpful to me as I have recently bought a Nortel 5520-24T-PWR for my house client network. Maybe you can crack the code on this one… I have Ubiquiti Unifi APs, and am trying to get a guest VLAN setup. I have a very basic switch configuration, with all ports assigned to PVID 1. I want to use VLAN 3 for my guest network, but after adding VLAN 3 to the router port and AP port (both ports are set to untag PVID only), I can’t seem to communicate with the router (and thus can’t get a ping or IP). Any suggestions?
Hi Justin,
You need to determine what going to-do your routing? Is it the Nortel switch or is it your home router? The Nortel can do it but you need to add routes to your home router to tell it where to send traffic for the new IP network that we’re adding.
Good Luck
Thanks for the reply! My pfSense router is taking care of all routing for me. My goal is to get all of my main client network traffic (PVID 1/ untagged) and guest network (VLAN 3) to come out the same port (port 1) to my router, but I can’t get my VLAN 3 traffic to pass to my router. In terms of the device, I want to pass VLAN 3 and untagged traffic between port 3 and port 1.
If you are using multiple CAT5 cables between your router and switch then just set the ports to be “Access” ports and make them a member of whatever VLAN you would like (Access ports can only be a member of a single VLAN). If you are going to use a single CAT5 cable between the router and switch then you need to make the link a Trunk (TagAll in Avaya/Nortel speak).
Cheers!
hi Michael,
can you please describe what following command do in VPN? isn’t it serve same purpose?
A first command, assign vlan 2014 to port 14-16 and second command does the same..then why Avaya have two different command?
vlan members 2104 2/14-16
vlan ports 2/14-16 pvid 2104
further i also see following config…if untagged packet received on port range 18-25, do it assign to vlan 115 or 5?
vlan members 115 2/18-25
vlan ports 2/18-25 pvid 5
Hi Yank…
Let’s not confuse VPN with VLAN… very different things…
The second command determines which VLAN an untagged packet will be placed into if it is received on the port.
When you have a VoIP deployment you set the PVID to the data VLAN because the PC will not tag packets so those need to be placed on the DATA VLAN. The IP phone will tag packets for the VOICE VLAN, but you still need to add that VLAN to the port as well.
Cheers!
Thanks for your reply ! and sorry for confusion. i mean its VLAN not VPN…
so PVID is like a native vlan in Cisco!!!
Let me ask you this for further clarification, if i am not using VIOP connection and port is only being used as access port (host only), can i be used first command only – vlan members 115 2/18-25? would that be enough?
You are correct… PVID is the native VLAN… if you are not doing VoIP then you just need to add those ports to the DATA VLAN but you should also set the PVID.
Awesome! thanks for you reply!!
Dear All,
It’s humble request
How to create One Vlan port configuration for Nortel Ethernet Routing Switch 3510-24T
Thanks
Zubair
Plenty of examples already on here… start reading!
Hi Michael, I found your blog looking around for my ‘new’ ERS-5520-48-PWR.
I bought it refurbished as a rack server to build my network at home. I’m new to these kind of devices but not to IT as I’m a software developer.
My goal is to use ESXi on the HP DL160 G6 with 3 virtual machine: one for Sophos UTM (firewall), one for surveillance system (Zoneminder on top of Ubuntu Server) and the third with Ubuntu Server running Docker for NAS, Plex, Hassio.
I think to create four VLANs: one for IP cameras, one for smart devices, one for main use and the last one for guests (wifi only).
An Ubiquiti Unifi Access Point serves the WiFi lan.
I read some your articles but I’m confused on the command ‘ip routing’ because I’d like that cameras and IOT devices (all of them will work with static ip) cannot go outside of their VLANs but still reacheables from servers.
So:
– IP cams ZoneMinder Internet (Sophos firewall)
– IOT dev Hassio Internet (Sophos firewall)
– Main lan* Internet (Sophos firewall)
* Main lan (PCs, Smart TV, Hassio NAS, Plex Downloader, etc) can go to Internet via Sophos (as Hassio and ZoneMinder) and can go to ZoneMinder
I’m doing wrong this way?
But I never used managed switches and I don’t know how to setup the ERS-5520 so I’m searching the web and I found you.
Can you give me an help with some examples of setups?
Best regards
Sorry, the schema was cleaned publishing it.
ip cams TO zoneminder TO internet (sophos firewall)
iot devs TO hassio TO internet (sophos firewall)
main lan* TO internet (sophos firewall)
* Main lan (PCs, Smart TV, Hassio, NAS, Plex Downloader, etc) can go to Internet via Sophos and can go to ZoneMinder
Hi PeVa,
If you don’t want the IP cameras to be able to speak with anyone just don’t put an IP address on the switch for that VLAN. That’s the easiest way… then only devices that are on that VLAN will be able to talk to the IP cameras.
Cheers!
Thanks,
can I make an example if I understand it?
IOT VLAN: I put a 192.168.100.xxx addresses range for iot devices VLAN, then I add one of these ips (ie 192.168.100.1) to the server with home assistant and this will be reachable with an ip like 192.168.1.10:8123 (if I assign the 192.168.1.10 to the same server). I think that I must match all VLAN tags with the aggregation ports to the server.
Am I wrong?