Michael McNamara
technology, networking and IP telephony
Happy St. Patrick’s Day
Mar 17th
It’s really amazing how fast the days, weeks and months go by. If you’re looking for to listen to some traditional and folk music straight from Dublin, Ireland browse over to www.liveireland.com.
Cheers!
How to set passwords from the CLI?
Mar 11th
There have been quite a few comments posted to the Factory Reset Nortel Ethernet Switch article. One of those comments requested some help in how to set the passwords from the CLI (command line interface). You’ll obviously need the read-write password in order to login to the switch and reset the passwords. Without the read-write password you’ll need to factory reset the switch.
Note: I’m still trying to figure out the best way to display the CLI stuff… if I use the PRE HTML tag the font is really too small, if I don’t use the PRE HTML tag the formatting (spacing) gets lost making it difficult to compare the post with the real world output from a CLI interface.
Nortel Ethernet Routing Switch 5500 Series (v5.1)
Here’s how to set the passwords on the Nortel Ethernet Routing Switch 5500 Series (v5.1 software).
5520-48T-PWR>enable 5520-48T-PWR#config term Enter configuration commands, one per line. End with CNTL/Z.
What’s the syntax to set the read-only and read-write passwords?
5520-48T-PWR(config)#cli password ? read-only Modify read-only password read-write Modify read-write password serial Enable/disable serial port password. telnet Enable/disable telnet and web password.
We’ll use the commands below to set the read-only (RO) password to “readonlypassword” and the ready-write (RW) passwords to “readwritepassword”;
5520-48T-PWR(config)#cli password read-only readonlypassword 5520-48T-PWR(config)#cli password read-write readwritepassword
What is the syntax to enable the passwords on the serial and telnet interfaces?
5520-48T-PWR(config)#cli password serial ? local Use local password. none Disable password. radius Use RADIUS password authentication. tacacs Use TACACS+ AAA services 5520-48T-PWR(config)#cli password telnet ? local Use local password. none Disable password. radius Use RADIUS password authentication. tacacs Use TACACS+ AAA services
We’ll use the commands below to set the serial and telnet interface to use the local passwords we’ve just configured above. You could also use RADIUS and TACACS authentication if you set it up.
5520-48T-PWR(config)#cli password serial local 5520-48T-PWR(config)#cli password telnet local
And let’s not forget to save the configuration file (even though the switch should auto-save it).
5520-48T-PWR(config)#copy config nvram 5520-48T-PWR(config)#exit 5520-48T-PWR#disable 5520-48T-PWR>
Nortel Ethernet Routing Switch 4500 Series (v5.0)
The Nortel Ethernet Routing Switch 4500 Series (v5.0 software) is piratically identical to the 5500 series except that it does not yet support TACACS authentication.
4548GT-PWR(config)#cli password ? read-only Modify read-only password read-write Modify read-write password serial Enable/disable serial port password. telnet Enable/disable telnet and web password. 4548GT-PWR(config)#cli password serial ? local Use local password. none Disable password. radius Use RADIUS password authentication. 4548GT-PWR(config)#cli password telnet ? local Use local password. none Disable password. radius Use RADIUS password authentication.
Nortel Ethernet Switch 460/470 (v3.7.2)
The Nortel Ethernet Switch 460/470 (v3.7.2 software) is identical to the ERS 4500 series.
470-48T>enable 470-48T#config term Enter configuration commands, one per line. End with CNTL/Z. 470-48T(config)#cli password ? read-only Modify read-only password read-write Modify read-write password serial Enable/disable serial port password. telnet Enable/disable telnet and web password. 470-48T(config)#cli password serial ? local Use local password. none Disable password. radius Use RADIUS password authentication. 470-48T(config)#cli password telnet ? local Use local password. none Disable password. radius Use RADIUS password authentication.
Hopefully this should help a few folks out.
Cheers!
How to find a wireless device ?
Mar 8th
In this post I’ll review how you can find a specific wireless device on your Motorola WS5100 Wireless LAN Switch. We’re going to use the poor mans “locationing” as opposed to the features and integration that Motorola is currently building into the WS5100 and RFS7000 switches to support products such as AeroScout.
We want to locate the following device wireless-laptop.acme.org so we need to start by identifying the IP address of the device. Thanks to Dynamic DNS we can be assured that our DNS servers will have that information.
C:\> nslookup wireless-laptop.acme.org. Server: 10.1.1.1 Address: 10.1.1.1#53 Name: wireless-laptop.acme.org Address: 10.1.195.55
In most circumstances we’d now need to identify the MAC address of the wireless device. We can skip that step since the WS5100 will have the IP address of the client for us to search against.
WS5100# show wireless mobile-unit Number of mobile-units associated: 23 index MAC-address radio type wlan vlan/tunnel ready IP-address last active 1 00-1B-77-30-DF-80 30 11a 1 vlan 18 Y 10.1.195.57 1 Sec 2 00-20-E0-1A-0F-E5 58 11a 1 vlan 18 Y 10.1.195.48 20 Sec 3 00-13-E8-86-DF-F3 30 11a 1 vlan 18 Y 10.1.195.96 0 Sec 4 00-15-00-32-8C-EC 19 11a 1 vlan 18 Y 10.1.195.31 31 Sec 5 00-15-00-32-D6-46 29 11a 1 vlan 18 Y 10.1.195.50 16 Sec 6 00-15-00-32-D3-67 1 11g 2 vlan 17 Y 10.1.194.54 4 Sec 7 00-A0-F8-D4-46-9C 2 11b 4 vlan 22 Y 10.1.206.53 223 Sec 8 00-A0-F8-D4-48-FD 1 11b 4 vlan 22 Y 10.1.206.207 215 Sec 9 00-1B-77-2A-99-05 30 11a 1 vlan 18 Y 10.1.195.55 7 Sec 10 00-18-DE-7A-76-D0 30 11a 1 vlan 18 Y 10.1.195.67 16 Sec 11 00-16-6F-1D-F1-B9 1 11g 2 vlan 17 Y 10.1.194.44 6 Sec 12 00-1B-77-31-11-77 30 11a 1 vlan 18 Y 10.1.195.68 4 Sec 13 00-90-7A-04-16-5F 1 11b 3 vlan 21 Y 10.1.198.52 11 Sec 14 00-A0-F8-D6-3C-2A 1 11b 4 vlan 22 Y 10.1.206.70 652 Sec 15 00-A0-F8-D4-45-A5 2 11b 4 vlan 22 Y 10.1.206.252 170 Sec 16 00-13-E8-5B-ED-73 30 11a 1 vlan 18 Y 10.1.195.106 4 Sec 17 00-13-E8-5B-EE-39 30 11a 1 vlan 18 Y 10.1.195.111 23 Sec 18 00-18-DE-7A-9E-3A 30 11a 1 vlan 18 Y 10.1.195.77 20 Sec 20 00-90-7A-03-5E-C7 1 11b 3 vlan 21 Y 10.1.198.50 23 Sec 21 00-13-E8-86-C8-55 30 11a 1 vlan 18 Y 10.1.195.107 5 Sec 22 00-A0-F8-D4-48-5F 1 11b 4 vlan 22 Y 10.1.206.145 124 Sec 24 00-13-E8-86-C7-E7 30 11a 1 vlan 18 Y 10.1.195.110 10 Sec 26 00-1B-77-2A-5C-6C 30 11a 1 vlan 18 Y 10.1.195.81 37 Sec
Note: if you have a lot of mobile units you can use grep;
WS5100# show wireless mobile-unit | grep "10.1.195.55" 9 00-1B-77-2A-99-05 30 11a 1 vlan 18 Y 10.1.195.55 7 Sec
Now that we have the MU (Mobile Unit) index (the first number on the line) we can get the full details;
WS5100# show wireless mobile-unit 9 MAC: 00-1B-77-2A-99-05, IP Address: 10.1.195.55, Type: 11a, State: data-ready Radio Config Index: 30, Bssid: 00-15-70-12-1D-78 Wlan: 1, Vlan: vlan 18, Voice: N, Powersave: N, Classification: normal Encryption Type: tkip (key index: 1) Authentication Type: eap Last Assoc: 7990 seconds ago, Last Activity: 23 seconds ago, Roam-Count: 18 DHCP state : DHCPNONE AP Scan Support: N Session Timeout: 100 days 00:00:00 Idle Timeout: 0 days 00:30:00
In the information above we can see that the MU is associated to radio 30, so let’s look at radio 30;
WS5100# show wireless radio 30 Radio: 30, Mac: <00-15-70-11-34-32>, Type: 11a, ap Index: 7, vlan 198 Current Channel: 36 [5180 MHz], Configured Channel: acs Current Power: 17 dBm, Max ESS: 16, Max BSS: 4, Num Mu: 11 BSS: 00-15-70-12-1D-78, State: normal Current Data-Rates/Speed: basic6 9 basic12 18 basic24 36 48 54 Last Adoption: 0 days 20:55:16 ago Configuration: Adoption-pref-id: 0 Max-mobile-unit: 256, Detector: N, On-channel-scan: N WLAN-BSS mapping: [BSS 1]: 1 RTS-thres: 2346 bytes, Beacon-intvl: 100 K-uSec Dtim-count: [BSS 1]: 10 beacons Dtim-count: [BSS 2]: 10 beacons Dtim-count: [BSS 3]: 10 beacons Dtim-count: [BSS 4]: 10 beacons CCA level: 1, CCA Mode: 1, mobile-unit power: 0 dBm Short-Preamble: disabled, Antenna-Mode: diversity (both antennas) Placement: indoor, Channel-Mode: acs, Power: 20 dBm Data-Rates/Speed: basic6 9 basic12 18 basic24 36 48 54 WMM [best-effort]: aifsn: 3 txop-limit: 0 cwmin: 4 cwmax: 6 admission-control: disabled, max-mobile-unit: 32 WMM [background]: aifsn: 7 txop-limit: 0 cwmin: 4 cwmax: 10 admission-control: disabled, max-mobile-unit: 32 WMM [video]: aifsn: 1 txop-limit: 94 cwmin: 3 cwmax: 4 admission-control: disabled, max-mobile-unit: 32 WMM [voice]: aifsn: 1 txop-limit: 47 cwmin: 2 cwmax: 3 admission-control: disabled, max-mobile-unit: 32
It doesn’t look like the Motorola switch shows us the radio description above so we’ll need to use another command to get the description;
WS5100# show wireless radio config 30
Radio: 30, Description: Main Building Lobby, MAC: 00-15-70-11-34-32
Radio Type: 11a, AP Type: ap300
Adoption-pref-id: 0
Max-mobile-unit: 256, Detector: N, On-channel-scan: N
WLAN-BSS mapping: [BSS 1]: 1
RTS-thres: 2346 bytes, Beacon-intvl: 100 K-uSec
Dtim-count: [BSS 1]: 10 beacons
Dtim-count: [BSS 2]: 10 beacons
Dtim-count: [BSS 3]: 10 beacons
Dtim-count: [BSS 4]: 10 beacons
CCA level: 1, CCA Mode: 1, mobile-unit power: 0 dBm
Short-Preamble: disabled, Antenna-Mode: diversity (both antennas)
Placement: indoor, Channel-Mode: acs, Power: 20 dBm
Data-Rates/Speed: basic6 9 basic12 18 basic24 36 48 54
WMM [best-effort]: aifsn: 3 txop-limit: 0 cwmin: 4 cwmax: 6
admission-control: disabled, max-mobile-unit: 32
WMM [background]: aifsn: 7 txop-limit: 0 cwmin: 4 cwmax: 10
admission-control: disabled, max-mobile-unit: 32
WMM [video]: aifsn: 1 txop-limit: 94 cwmin: 3 cwmax: 4
admission-control: disabled, max-mobile-unit: 32
WMM [voice]: aifsn: 1 txop-limit: 47 cwmin: 2 cwmax: 3
admission-control: disabled, max-mobile-unit: 32
So it looks like the device we’re looking for, wireless-laptop.acme.org (10.1.193.55), is connected to radio 30 (802.11a) which has a description of “Main Building Lobby”. While this will give you an idea of the basic location it doesn’t provide you a specific location. While there are new APIs in the WS5100 and RFS7000 that can provide locationing by means of triangulation between multiple Access Ports, they require external applications and management software.
Obviously you’ll need to make sure that you’ve put descriptive locations on each radio (AP300) through the Motorola console when configuring/installing the APs.
Cheers!
Ethernet Frames Maligned
Mar 2nd
I thought I would share this story with everyone. We had discovered an issue with Ethernet frames being maligned/corrupted between the Motorola Access Port 300 (AP300) and the Motorola Wireless (WS5100) LAN Switch.
We had a ticket open with Motorola trying to understand why a significant number of our AP300s were rebooting themselves at odd hours during the early morning. Motorola had requested that we provide network traces at the Access Point and Wireless Switch. Surprisingly Motorola came back and pointed out that the payload in some of the Ethernet frames was getting modified between the Wireless Switch and the Access Port.
The fundamental equipment involved in this problem were as follows; Nortel Ethernet Switch 460 (ES 460), Ethernet Switch 470 (ES 470), Ethernet Routing Switch 5520 (ERS 5520), Ethernet Routing Switch 8600 (ERS8600); Motorola Wireless LAN Switch 5100 (WS5100) and Access Ports 300(AP300).
The Motorola WS5100s and AP300s are physically connected over the same Layer 2 Ethernet network. The “Ethernet 1” port on the WS5100 is connected to a Virtual Local Area Network (VLAN) which provides a single broadcast domain for all AP 300s to connect to the WS5100. The “Ethernet 2” port on the WS5100 is used as a trunk interface to bridge between the WLANs (wireless) and VLANs (wired) segments. We essentially have core switches and edge switches (distribution is collapsed down into the core). The core switch can be a single ERS8600 or a pair of ERS8600s (Layer 3) connected via an IST (Inter-Switch Trunk). At the edge we generally deploy ES470(Layer 2) or ERS5520(Layer 2). We have deployed ES460s (PoE) into closets where ES470s are already present to specifically support PoE and the wireless network.
Here is a quick topology of the network with respect to the WS5100s and AP300s.
We recently started deploying the ERS5520s (in place of the ES470s) which directly support PoE allowing us to deploy one less piece of equipment at the edge and also provides one less bridge (hop) to switch through.
We have been plagued by a problem that is affecting the Motorola AP300s causing them to randomly reset and re-adopt at different times of the day without warning or cause. In searching for the cause of this problem we’ve documented numerous Ethernet frames being maligned as they travel from the AP300 to the WS5100.
With respect to the examples I’m going to draw the following topology applies;
It should be noted that we do use the ES460s and ERS5520s to remark the 802.1p bits in the Ethernet frame so we can provide some measure of QoS with respect to the Nortel (Spectralink) Wireless LAN phones that we currently have deployed. In essence we mark all Ethernet packets on the “APVLAN” with a QoS level of 4 (“Gold”, BoSS-65530).
Network Trace Analysis
I will refer to the following two trace files;
“ers460side1.pcap” closet ES460 trace
“ers8600side1.pcap” core ERS8600 trace
I tried to merge up the two traces so each trace is synchronous with the other. We’ll focus on packet 3, you can see in the closet ES460 trace that bytes 15 and 16 are 0×20 and 0×12 respectively.
Looking at the other trace you can see that bytes 15 and 16 are different than in the first trace. You can see that the bits in 16 have been shifted to bytes 26.
You can again see the same problem in packet 4;
You can see it again in packets 6, 7, 10, 39, 43, 45, etc.
In the end the problem turned out to be a software/hardware issue with the Nortel Ethernet Routing Switch 8600. If DiffServ was enabled on the Ethernet port that was being mirrored, the mirrored data was somehow getting corrupted in the process of copying the packets. Once we disabled DiffServ on the Ethernet port the problem disappeared. We opened a case with Nortel but were told that it would be handled as an enhancement request, not a correction request (go figure!).
I personally no longer trust either the port mirror or packet capture facilities of the Nortel ERS 8600 and rely on physical taps so there can be no doubt or questions about the validity of the capture data.
We still have issues with our Motorola AP300s rebooting from time to time but they have been much better since Motorola released v2.1.3 software for the WS5000/WS5100s. We are currently working with Motorola to resolve issues in their v3.x software line that is causing our Nortel 2211 (Spectralink) wireless phones to occasionally reboot while idle and roaming.
Cheers!
Loading ...
RECENT COMMENTS