Michael McNamara

You’re going to have to read this document for yourself. Somehow its possible for an i2002, i2004, i2007, 1120e, 1140e and 1150e to throw a loop into the network when the devices are powered by external power supplies as opposed to using a PoE (Power Over Ethernet) switch.

As a rule of thumb I enable Spanning Tree with Fast Learning on all our edge switches since the auto MDI-X feature makes it very easy for a user or inattentive network engineer to physically put a loop in the connect by connecting to edge ports with the same patch cable.

Cheers!

Update: Thursday December 18, 2008

I’ve fixed the broken link above… Thanks Bob!

Nortel has released a new version of software for the Ethernet Routing Switch 5500 that adds quite a few new software features along with support for the Nortel Ethernet Routing Switch 5600 Series.

I’ve posted the release notes for those that are interested in browsing them. I thought I would note that there is a  resolved issue in 6.0 for people experiencing problems with ADAC changing the port PVID.

Here are the five new ERS 5600 models;

• Nortel Ethernet Routing Switch 5698-TFD
• Nortel Ethernet Routing Switch 5698-TFD-PWR
• Nortel Ethernet Routing Switch 5650-TD
• Nortel Ethernet Routing Switch 5650-TD-PWR
• Nortel Ethernet Routing Switch 5632-FD

Just don’t try to manage that 6.0 switch with an older version of Nortel’s Java Device Manager. Device Manager support for the ERS5500 and ERS5600 v6.0.0 will be in Java Device Manager v6.1.6 targeted for availability from www.nortel.com by 2008-12-19.

Cheers!

Update: Sunday December 21, 2008
Nortel has now released software v6.0.1 for the Nortel ERS 5500/5600 series.

Cheers!

The Nortel Discovery Protocol (NDP) formerly called SynOptics Network Management Protocol (SONMP) is a data link layer (Layer 2) network protocol for topology discovery of Nortel devices. It’s very similar to the Cisco Discovery Protocol (CDP) if only just a little simpler.

I’ve used the Nortel Discovery Protocol on a number of occasions to help document and troubleshoot problems within a network. While Nortel’s Java Device Manager (GUI) provides support for displaying the topology table it leaves some very vital information out, specifically the remote card and port from where the connection is originating. You can however, view that information from the CLI interface of Nortel’s Ethernet Switches (ES) and Ethernet Routing Switches (ERS).

Here’s an example of the topology table from an Ethernet Routing Switch 5530 stack which is Split MultiLink Trunk (SMLT) connected to a cluster pair of Ethernet Routing Switch 8600s;

5530-24TFD#show autotopology nmm-table
LSlot                                                                     RSlot
LPort IP Addr          Seg ID  MAC Addr     Chassis Type     BT LS   CS   RPort
----- --------------- -------- ------------ ---------------- -- --- ----  -----
0/ 0 10.102.255.65   0x000000 00159BEACC00 5530-24TFD       12 Yes HTBT    NA
1/23 10.102.1.5      0x000406 0004387070E8 Passport 8610    12 Yes HTBT   4/ 6
2/47 10.102.1.6      0x000406 000FCDF1E0E8 Passport 8610    12 Yes HTBT   4/ 6

You can see from the information above that ports 1/23 and 2/47 on the ERS 5530 connect to port 4/6 on the ERS 8600 Core A (10.102.1.5) and port 4/6 on the ERS 8600 Core B (10.102.1.6).

Looking at one of the core ERS 8600 switches we can see the following topology table;

ERS8600:5# show sys topology

================================================================================
Topology Table
================================================================================
Local                                                                     Rem
Port  IpAddress       SegmentId MacAddress   ChassisType      BT LS  CS   Port
--------------------------------------------------------------------------------
0/0  10.102.1.5      0x000000  000438707000 ERS8610          12 Yes HtBt  0/0
1/1  10.102.1.6      0x000101  000fcdf1e000 ERS8610          12 Yes HtBt  1/1
1/5  10.102.255.19   0x00012f  001e7e7b0c01 mBayStack4500-48GT-PWR 12 Yes HtBt  1/47
1/6  10.102.255.35   0x000130  000cf73c25c1 mBayStack470     12 Yes HtBt  1/48
1/7  10.102.255.60   0x00012f  0014c733e401 mBayStack5520-48T-PWR 12 Yes HtBt  1/47
2/20 10.102.1.9      0x000201  001d427b7040 ERS8610          12 Yes HtBt  2/1
4/1  10.102.1.6      0x000401  000fcdf1e0c0 ERS8610          12 Yes HtBt  4/1
4/4  10.102.255.45   0x000119  0011f9abc541 mBayStack470-24T 12 Yes HtBt  1/25
4/6  10.102.255.65   0x000117  00159beacc00 mERS5530-24TFD   12 Yes HtBt  1/23
4/7  10.102.255.75   0x000132  000e40eb4031 Passport1648     12 Yes HtBt  1/50
9/1  10.102.255.25   0x000119  00802deb6150 mBayStack450     12 Yes HtBt  1/25

You can see from this table that there are quite a few edge/closet switches connected to this specific ERS 8600 and you can quickly and easily identify which ports they are connected to.

Cheers!

I recently started having a problem launching Nortel’s Java Device Manager on my Windows XP desktop. Upon launching the application nothing would appear on my desktop but I could see the “java.exe” process in Task Manager.

I tried uninstalling the application but the uninstall appeared to hang toward the end as it was cleaning out the registry, I eventually had to kill the uninstall process. I even tried installing the latest and greatest version only to be denied at every turn. Then I recalled that the application liked to keep a list of recently accessed switches and settings somewhere on the hard disk.

I found the location under “C:\Documents and Settings\<USER_ID>\jdm” although be warned that the folder is hidden so you’ll need to make sure that you can see hidden files (Tools -> Folder Options -> View -> Show hidden files and folders). I deleted the folder and bang I was back in business again.

I was fearing the dreaded Windows re-install, thank god I didn’t have to go through that!

Cheers!

I thought I would take a break from my usual material and post something a little different. Please forgive me as this article bares little technical value but I just felt like posting anyway. Like every company out there we’ve been involved in evaluating the dizzying array of Thin Client and Virtual Desktop solutions on the market today.

I recently had the opportunity to evaluate the Sun Ray 270 Virtual Display Client solution from Sun Microsystems. It’s a really clean all in one solution that features a 17″ display with an integrated Smart Card reader. The solution required the use of a Sun Solaris x86 server to act as the middleware between either a Microsoft Terminal Server or Citrix Metaframe Server. Users sessions were initiated by the insertion of a Smart Card and the solution excelled at hotdesking, allowing a user to remove their Smart Card and go to another Sun Ray and pickup exactly where they left off from the previous session by simply inserting their Smart Card and entering their password (if it was configured to prompt for a password).

The Sun Ray client located the Sun Solaris servers within the same local network by use of a broadcast packet. When the Sun Ray client was outside the local network we had to configure special DHCP options which enabled the Sun Ray to “locate” to the back-end Sun Solaris servers.

We did have some interoperability issues with Windows 2008 Terminal Services Session Broker that Sun hopes to have resolved sometime in the coming year.

The only real feature the device was missing was an integrated 802.11 wireless solution. The reseller did point out that the Sun Ray can be paired with a few 802.11 bridges to provide wireless connectivity.

While we didn’t actually select the Sun Ray for the project we were evaluating I was really impressed with the solution and would advise anyone looking at thin client solutions to give their nearest Sun reseller a call. If your interested in hotdesking and/or Smart Card support in a thin client then you should definitely check out this solution.

Cheers!

With the recent surge in gas prices many employers and employees have taken to telecommuting. The surge has given rise to an avalanche of trouble tickets and support calls from folks trying to use their employers virtual private network solution from their home personal computers and broadband connections.

One typical problem that some users might encounter when using the Nortel VPN client is the “Checking for banner text” message. During the initial stage of connecting the Nortel VPN client will display the “Checking for banner text” message and then either become unresponsive or report to the user that the connection was lost.

Let me paraphrase from the Nortel documentation:

A common reason for the banner message to stop responding is a firewall or router, placed somewhere along the path from the remote computer to the gateway, which blocks ESP or Authentication Header (AH) traffic. The firewall can be a personal firewall installed on the remote computer, a firewall or router at the Internet Service Provider (ISP), or a corporate firewall. In this situation, IPsec Internet Security and Key Management Protocol (ISAKMP) traffic that negotiates the tunnel establishment goes through the tunnel, but the ESP- or AH-encapsulated traffic inside the tunnel does not get through. When the banner text is retrieved through the established tunnel, the banner message or other traffic secured by the ESP or AH never reaches the client and the Nortel VPN Client continues to wait for a response from the gateway until a timeout period is reached. To resolve this issue, ensure the following traffic is allowed to pass through the firewalls along the path:

UDP protocol (17) port 500, both inbound and outbound
ESP protocol (50), both inbound and outbound
AH protocol (51), both inbound and outbound

The same scenario occurs as in the previous section if Network Address Translation Transversal (NAT-T) is configured and the firewall blocks the UDP port selected for NAT-T along the path. To resolve this issue, you’ll need to ensure the port that is being utilized can pass through the firewalls on a personal, corporate, or ISP level. You’ll need to contact whomever is managing the VPN router to determine which UDP port you might need to open.

Cheers!