How to install an Advanced License on the Ethernet Routing Switch 8600

10
December 10, 2011
by Michael McNamara in

We’re still deploying Avaya’s Ethernet Routing Switch 8600s and now with 5.x software and above you need an Advanced License to run an IST/SMLT cluster. In the previous 3.x and 4.x software you didn’t need the Advanced License, just the Base License to run an IST/SMLT cluster. You’ll need a license for each Ethernet Routing Switch 8600.

Correction: As pointed out by Masch below in the comments you do not need an Advanced or Premium License to run SMLT on the Ethernet Routing Switch 8600. You do need an Advanced License to run SMLT on the Ethernet Routing Switch 8300. I’m not really sure why I was under that impression or if I mixed the ERS8300 and ERS8600 up.

Once you purchase an Advanced License from Avaya (or a reseller) you’ll receive a certificate with a license authorization code. You need to take that code along with the MAC address of the Ethernet Routing Switch 8600 and go to the Avaya eLicensing Portal. The portal is a little different from most sites in that you don’t create an account but rather you create a license bank securing it with a password. You upload your license authorization code to your license bank and then from the license bank you generate a license file by entering the MAC address of the switch. You then download the license file that you just generated and upload that file to your switch.

You can place the license file on your TFTP server and then download it from there or you can upload it directly using FTP (assuming you have it enabled). In the example below I’ll place the file on my TFTP server and copy the license file down from there to the Ethernet Routing Switch 8600.

ERS-8610:5# copy l10.1.1.1:/sw8600r1-lic.lic /flash/license.lic
Device /flash has 15101952 bytes of free

With the license file uploaded let’s try to load the license into the switch;

ERS-8610:5# config load-license
License File does not exist
License File does not exist
License File does not exist

You need to make sure that the license file is located at /flash/license.dat. In this example I uploaded it to the wrong filename (license.lic) so I’ll rename it now with move command;

ERS-8610:5# mv /flash/license.lic /flash/license.dat

Let’s try that again;

ERS-8610:5# config load-license

Now we can check to see that the license is installed properly.

ERS-8610:5# show license all

License file name : license.dat
License Type : ADVANCED
MD5 of Key : 6d97e0c5 f74a9540 xxxxxxxx 570b7512
MD5 of File : 9ee16adc 97c3394b xxxxxxxx abf81e72
Generation Time : 2011/12/06 06:17:26
Expiration Time :
Base Mac Addr : 00:1d:42:xx:xx:xx
flags : 0x00000022 SITE MEMO
memo :
Advanced License

Now if you have multiple CPU/SFs you need to copy the license file to the standby CPU/SF. If you have savetostandby enabled in your boot.cfg file then all you need to-do is to save the configuration. If you don’t have savetostandby enabled you need to manually copy the license file to your standby CPU/SF (copy /flash/license.dat 127.0.0.6:/flash/license.dat if slot 6 was your standby CPU/SF).

ERS-8610:5# save config
Save config to file /flash/config.cfg successful.
Save license to file license.dat successful.
Save to slave file /flash/config.cfg successful.
Save license file license.dat to standby successful.

Cheers!

UNIStim Firmware Release 5.3 for IP Deskphones

2
December 6, 2011
by Michael McNamara in ,

Avaya has released UNIStim firmware 5.3 for their IP deskphones;

  • 0621C8J for the 2007 IP deskphone
  • 0623C8J, 0624C8J, 0625C8J, 0627C8J, 0626C8J for the 1110, 1120E, 1140E, 1150E and 1165E IP deskphones
  • 062AC8J for the 1200 series IP deskphones

As always I recommend you review the release notes for all the details.

This release includes the following enhancements;

  • LLDP Advertisement on PC port
  • Support for new audio profile configuration option through Zero Touch Provisioning to support Australian/New Zealand S004 audio standard (applies to 1165E only)
  • Support for BCM to IP Office migrations to upgrade IP Deskphones from UNIStim to SIP (1120E, 1140E, 1220, 1230 IP Deskphones only)

I noticed the following warning concerning Avaya’s (formerly Nortel) Contact Recording and Quality Monitoring (CRQM) if you are using Secure Calling;

IMPORTANT NOTE: If a customer is using secure call recording with Avaya Call Recorder (ACR) then they should not upgrade to UNIStim 5.3 until an ACR patch (101055) is available and the functionality is enabled by updating a specific entry in the ACR 10.1 properties file. Note the 101055 patch for ACR10.1 is Generally Available, however, the default operation with this patch applied is to NOT enable the new functionality. Therefore if a customer site is using UNIStim 5.3 and secure call recording, then a specific entry needs to be added into the ACR 10.1 properties file which enables the new functionality. The specific string that needs to be entered will be published once system level regression testing is completed, expected later this month. At that time, this Product Bulletin will be updated.

Cheers!

Avaya Split MultiLink Trunking (SMLT) Layer 2 Trunking

3
December 5, 2011
by Michael McNamara in ,

It was recently pointed out to me that I had never written a post documenting how to configure SMLT to a edge/closet switch. While there are plenty of examples in the Avaya/Nortel technical guides I’ll humor the folks that are interested. In this example I’ll configure a pair of ERS 8600 switches utilizing SMLT over SLT (Single Link Trunks).

Let’s assume that these switches are already setup in an IST pair (future post?) and that we want to add a new edge/closet switch to the network. We’ll utilize port 1/7 on both ERS 8600 switches to connect to ports 1/47 and 1/48 on the edge switch. The edge switch should be setup as an MLT. You can refer to this post for additional details regarding how to configure the edge switch.

Here’s a diagram of our example topology…

SMLT Layer 2 Topology Diagram

Step 1.

Let’s start configuring the ERS8600-A switch;

config ethernet 1/7 perform-tagging enable
config ethernet 1/7 untagged-frames-discard enable
config ethernet 1/7 default-vlan-id 200
config ethernet 1/7 cp-limit enable multicast-limit 7500 broadcast-limit 5000
config ethernet 1/7 enable-diffserv true
config ethernet 1/7 slpp packet-rx enable
config ethernet 1/7 slpp packet-rx-threshold 5
config ethernet 1/7 mstp cist forceportstate disable
config ethernet 1/7 mstp msti 1 forceportstate disable
config ethernet 1/7 smlt 107 create
config ethernet 1/7 vlacp  enable
config ethernet 1/7 vlacp  fast-periodic-time 500
config ethernet 1/7 vlacp  timeout short
config ethernet 1/7 vlacp  timeout-scale 5

Let’s break down those commands and review each;

  • config ethernet 1/7 perform-tagging enable

This command will enable tagging to make the port an 802.1q trunk port. This will enable us to trunk multiple VLANs over the single interface, it will also preserve an Layer 2 QoS/CoS information.

  • config ethernet 1/7 untagged-frames-discard enable

This command will discard any non 802.1q tagged frames that are received on the port. This can be a valuable defense measure in protecting your network. What would happen if the edge switch was accidentally factory reset with both uplinks still connected? A loop would result, however, with this feature all frames from the edge switch will be discarded until the switch is reconfigured.

  • config ethernet 1/7 default-vlan-id 200

This command will set the PVID to our management VLAN. This value will only be considered if the port receives a frame which doesn’t have an 802.1q header and hence is missing the VLAN ID. The command “untagged-frames-discard enable” essentially negates this command but we set it anyway so we’re consistent in our configurations.

  • config ethernet 1/7 cp-limit enable multicast-limit 7500 broadcast-limit 5000

This command will enable CP-Limit to protect the core network from too many Multicast or broadcast packets flooding the link. CP-Limit will shutdown the link to try and protect the core network. This is just one of many defense mechanisms available to help protect your network.

  • config ethernet 1/7 enable-diffserv true

This command will enable DiffServ (Layer 3 QoS) on the switch port and set it for Trusted, so the switch will honor all DiffServ marked packets and give those packets the appropriate priority and queuing.

  • config ethernet 1/7 slpp packet-rx enable
  • config ethernet 1/7 slpp packet-rx-threshold 5

These commands will enable Simple Loop Protection Protocol (SLPP) to help detect any misconfiguration of the MultiLink trunks on the edge/closet switch.

  • config ethernet 1/7 mstp cist forceportstate disable
  • config ethernet 1/7 mstp msti 1 forceportstate disable

These commands will disable Multiple Spanning Tree Protocol (MSTP) no the switch ports. Spanning Tree is not compatible with Avaya’s Split Trunking Protocol since we are quite literally creating a loop in the physical topology. If this switch was running STP the command would like so, ethernet 1/7 stg 1 stp disable.

  • config ethernet 1/7 smlt 107 create

Here’s the command that you’ve been waiting for … this command essentially creates a S-SMLT or Single Link Trunk (SLT). The  ID used in the connection needs to match the peer ERS 8600 switch.

Design note – in my networks I use numbers to denote the different IDFs or ICRs. I usually add 100 to those numbers for the SMLT ID and VLAN IDs. Since this is IDF #7 (or ICR #7) the SMLT ID is 100 + 7 = 107 and the VLAN for this closet will eventually be 107. If I was still using VRRP the VRRP ID would also be 107. You can use whatever number you’d like but they must match on the two ERS 8600s!

  • config ethernet 1/7 vlacp  enable
  • config ethernet 1/7 vlacp  fast-periodic-time 500
  • config ethernet 1/7 vlacp  timeout short
  • config ethernet 1/7 vlacp  timeout-scale 5

These commands enable VLACP on the port and utilize the recommended values from Avaya.

You should repeat the commands above in Step 1 on both Avaya Ethernet Routing Switch 8600s, substitute the appropriate port numbers and SMLT ID. 

Design note – in my networks the edge/closet switches are still Layer 2 only so I perform all the routing in the core switches. I will usually have a “default” VLAN per edge/closet switch although I do have multiple VLANs that span multiple edge/closet switches.

Step 2.

With the port configured now we’ll build the VLAN that we’ll associate with most ports on the edge switch.

config vlan 107 create byport-mstprstp 1 name "10-1-112-0/23"
config vlan 107 add-mlt 1
config vlan 107 ports add 1/7 member portmember
config vlan 107 fdb-entry aging-time 21601
config vlan 107 ip create 10.1.112.1.1/255.255.254.0 mac_offset 0
config vlan 107 ip igmp proxy-snoop enable
config vlan 107 ip igmp snoop enable
config vlan 107 ip dhcp-relay enable
config vlan 107 ip ospf interface-type passive
config vlan 107 ip ospf enable
config vlan 107 ip rsmlt enable
config vlan 107 ip rsmlt holdup-timer 9999

Let’s break down those commands and review each;

  • config vlan 107 create byport-mstprstp 1 name “10-1-112-0/23″

This command will create VLAN 107 and make it a port based VLAN with the name “10-1-112-0/23″. You might be asking what the mstprstp is… this specific switch I’m working with has been deployed with MSTP enabled. If you have a switch still using STP (default) then the command would look like so config vlan 107 create byport 1 name “10-1-112-0/23″

  • config vlan 107 add-mlt 1

This command will add VLAN 107 to our IST which in this case happens to be MLT ID 1.

  • config vlan 107 ports add 1/7 member portmember

This command will add VLAN 107 to port 1/7 which we are using to connect our edge/closet switch.

  • config vlan 107 fdb-entry aging-time 21601

This command will set the default FDB aging time for all MAC information learned in this VLAN to 6 hours and 1 second. This is a best practice recommendation by Avaya to help reduce the ARP broadcast storms that can result when the FDB table expires a large number of entries which then in turn causes them to be removed from the ARP table causing the switch to re-ARP for them.

  • config vlan 107 ip create 10.1.112.1.1/255.255.254.0 mac_offset 0

This command will configure a Layer 3 interface on VLAN 107 with the IP address of 10.1.112.1/23. Your mac_offset will differ depending on how many IP interfaces you already have deployed on your switch.

  • config vlan 107 ip igmp proxy-snoop enable
  • config vlan 107 ip igmp snoop enable

This command will enable IGMP snooping and proxy on the VLAN.

  • config vlan 107 ip dhcp-relay enable
  • config vlan 107 ip dhcp-relay create-fwd-path server 10.1.1.100
  • config vlan 107 ip dhcp-relay enable-fwd-path server 10.1.1.100

These commands will enable DHCP relay on the VLAN, and forward all DHCP requests to 10.1.1.100.

  • config vlan 107 ip ospf interface-type passive
  • config vlan 107 ip ospf enable

This command will enable OSPF on the VLAN and will set it to passive (best practice for edge/closet VLANs).

  • config vlan 107 ip rsmlt enable
  • config vlan 107 ip rsmlt holdup-timer 9999

This command will enable RSMLT which replaces the VRRP functionality. We set the holdup-timer to infinity, we don’t want the ERS 8600 to stop accepting packets for it’s peer at anytime.

You should repeat the commands above in Step 2 on both Avaya Ethernet Routing Switch 8600s, substitute the appropriate IP address and ports.

Step 3.

There are a few items that we still need to take care of to round out the configuration.

We need to enable SLPP for VLAN 107;

  • config slpp operation enable
  • config slpp add 107

These commands will enable SLPP globally and will also enable SLPP in VLAN 107.

Step 4.

Here are some commands you can use to verify the configuration and operation.

You can check the SMLT table and verify that the trunk is configured as SMLT and operating as SMLT;

ERS-8610-A:5# show smlt info
================================================================================
Mlt SMLT Info
================================================================================
MLT   SMLT     ADMIN    CURRENT
ID    ID       TYPE     TYPE
--------------------------------------------------------------------------------
4     4        smlt     smlt
10    10       smlt     norm
15    15       smlt     norm

================================================================================
Port SMLT Info
================================================================================
PORT  SMLT     ADMIN    CURRENT
NUM   ID       TYPE     TYPE
--------------------------------------------------------------------------------
1/7   3        smlt     smlt
4/4   6        smlt     smlt

You can check the MLT table and verify that VLAN 107 is a member of MLT 1 (IST);

ERS-8610-A:5# show mlt info
================================================================================
Mlt Info
================================================================================
PORT    SVLAN  MLT   MLT        PORT         VLAN
MLTID IFINDEX NAME      TYPE    TYPE  ADMIN CURRENT    MEMBERS      IDS
--------------------------------------------------------------------------------
1   6144  MLT-IST      trunk   normal ist    ist      1/1,4/1,8/1       1 2 3 4 5 9 10 20 21 25 99 100 101 102 103 107 198 199 200

You can verify that the IST is up and operational between the two ERS 8600 switches;

ERS-8610-A:5# show mlt ist info
================================================================================
Mlt IST Info
================================================================================
MLT   IP                   VLAN     ENABLE   IST
ID    ADDRESS              ID       IST      STATUS
--------------------------------------------------------------------------------
1     10.1.100.2         100      true     up

You can check the state of VLACP on port 1/7 to confirm that VLACP is enable and up.

ERS-86010-A:5# show port info vlacp port 1/7
================================================================================
VLACP Information
================================================================================
INDEX ADMIN   OPER    PORT   FAST    SLOW    TIMEOUT TIMEOUT ETHER      MAC
ENABLED ENABLED STATE  TIME    TIME    TIME    SCALE   TYPE       ADDR
--------------------------------------------------------------------------------
1/7   true    true    UP    500     30000   short     5      0x8103    01:80:c2:00:11:00

You can check the SONMP topology tables to make sure you have the correct port(s).

ERS-8610-A:5# show sys topology
================================================================================
Topology Table
================================================================================
Local                                                                     Rem
Port  IpAddress       SegmentId MacAddress   ChassisType      BT LS  CS   Port
--------------------------------------------------------------------------------
0/0  10.1.1.1      0x000000  0004387xxxxx ERS8610          12 Yes HtBt  0/0
1/1  10.1.1.2      0x000101  000fcdfxxxxx ERS8610          12 Yes HtBt  1/1
1/7  10.1.255.20   0x00012f  0014c73xxxxx mBayStack5520-48T-PWR 12 Yes HtBt  1/47

Cheers!

Go to Top