Posts tagged ES470

Network Time Protocol (NTP)

16
June 15, 2008
by Michael McNamara in , ,

anclock

I’m sometimes amazed at how many large organizations don’t have a centralized Network Time Protocol (NTP) server setup and devices configured appropriately. When troubleshooting a problem it’s vital that the timestamps in the logs for each switch, router, server and appliance match up correctly.

I’m currently using two CentOS Linux servers to provide time services to over 10,000 devices in the network. My two servers are themselves syncing up with pool.ntp.org over the Internet. With CentOS I didn’t need to build the software, I only needed to install the NTP package through YUM and then configure it appropriately. It was really easy, much easier than it was say 10 years ago when you had to compile the NTP software (University of Delaware) by hand hoping you didn’t run into some missing library of version mismatch with the compiler.

We would first need to install the NTP software using YUM;
[root@hostname ]# yum install ntp

We would need to start the NTP daemons;
[root@hostname ]# service ntpd start

We would need to configure the server so the NTP software would start after every reboot;
[root@hostname ]# chkconfig ntpd on

With that step done we’d have ourselves and internal NTP server which would sync itself to the Internet (default configuration file in /etc/ntp.conf) and then our internal devices would sync to it.

Here are the CLI commands for configuring the ERS 8600 switch properly;

config bootconfig tz dst-name "EDT"
config bootconfig tz name "EST"
config bootconfig tz offset-from-utc 300
config bootconfig tz dst-end M11.1.0/0200
config bootconfig tz dst-start M3.2.0/0200

config ntp server create a.b.c.d
config ntp server create a.b.c.d
config ntp server create a.b.c.d
config ntp enable true

I’ve add the two configuration statements for the new Daylight Saving Time changes that were enacted in 2007. Please also note that I’m in the Eastern timezone (EDT/EST) so if you’re not in the Eastern timezone you would need to supplement your timezone abbreviation appropriately.

Here are the commands for an ES460,ES470,ERS4500 or ERS5500 series switch

5520-48T-PWR# config terminal
5520-48T-PWR (config)# sntp server primary a.b.c.d
5520-48T-PWR (config)# sntp server secondary a.b.c.d
5520-48T-PWR (config)# sntp enable
5520-48T-PWR (config)# exit5520-48T-PWR#

The ERS 4500/5500 Series now supports Daylight Saving Time. This feature is NOT supported on the ES460 and ES470 switches. --CORRECTION: this feature is support on the ES460/470 as of v3.7.x software, please see update at the bottom of this post for additional information. If you wanted to configure the timezone on the ERS4500/ERS5500 switch you would use the following commands;

5520-48T-PWR>enable
5520-48T-PWR# config terminal
5520-48T-PWR (config)# clock time-zone EST -5
5520-48T-PWR (config)# clock summer-time EDT date 9 Mar 2008 2:00 2 Nov 2008 2:00 +60
5520-48T-PWR (config)# exit
5520-48T-PWR#

You can use “show sntp” and “show clock” the ERS 5500 Series switch to check out your changes;

5530-24TFD#show sntp
SNTP Status:                      Enabled
Primary server address:         10.1.20.1
Secondary server address:     10.1.20.1
Sync interval:                      24 hours
Last sync source:                 10.1.20.1
Primary server sync failures:    0
Secondary server sync failures: 0
Last sync time:                  2008-06-14 14:47:31 GMT-04:00
Next sync time:                  2008-06-15 14:47:31 GMT-04:00
Current time:                     2008-06-15 13:52:24 GMT-04:00

5530-24TFD#show clock
Current SNTP time  :    2008-06-15 13:52:29 GMT-04:00
Summer time is set to:
start: 28 March 2007 at 02:00
end: 30 August 2008 at 15:00
Offset: 60 minutes. Timezone will be 'EDT'Time Zone is set to 'EST', offset from UTC is -05:00

Hopefully this will provide a brief look into NTP,SNTP and you’ll agree that it really isn’t that hard to setup and configure properly.

Cheers!

Update: June 17, 2008

After posting the article above I decided I would confirm that the Daylight Saving Time feature was not available on the Nortel Ethernet Switch 460/470. I found that as of v3.7.x software the feature is supported on the switches. The configuration commands are identical to the ERS4500/ERS5500 switches. Here’s an example specifically for the Eastern timezone.

470-48T>enable470-48T#config term
Enter configuration commands, one per line.  End with CNTL/Z.
470-48T(config)#clock time-zone EST -5 00
470-48T(config)#clock summer-time EDT date 9 Mar 2008 02:00 2 Nov 2008 2:00 +60
470-48T(config)#show clock summer-time
Summer time is set to:start: 9 March 2008 at 02:00end: 2 November 2008 at 02:00
Offset: 60 minutes. Timezone will be 'EDT'
470-48T(config)#exit

Cheers!

How much uptime is too much?

7
June 5, 2008
by Michael McNamara in

A quick story for everyone…

We generally perform software upgrades on all our routers and switches twice a year. It really helps to keep our network infrastructure current and it also helps to reduced unscheduled downtime.

Last fall we decided to skip the bi-yearly maintenance because there were just too many projects on the docket. This spring we came across a very interesting issue that we had never seen in the past. We started to notice that multiple Nortel Ethernet Switch 460/470 switches/stacks were rebooting themselves all over our network. It took us a few hours to realize that every switch that had rebooted had just eclipsed approximately 500 days of uptime. All the affected switches were running FW 3.6.0.6 with SW v3.6.4.08. The switches were literally rebooting themselves in the same order in which they had been upgraded almost 500 days earlier.

I’m currently trying to confirm with Nortel that this “bug” has been removed from the 3.7.x software release.

This was one occasion where the network was just too good for itself.

Cheers!

Update: Tuesday June 10, 2008

I received a formal response from Nortel today that included the following:

Analysis of the issue :-
When the BS-470 switches reaches 497 days the system time rolls over and during this period management communication will be lost. This is caused by the use of a 32 bit counter, which when it rolls back to 0, initiates an internal software synchronization to align all timers. This is only loss of IP management and not switching functionality.

This issue still open and can be fixed by rebooting the switches before reaching the 497 day mark.

When I inquired if the problem had been resolved in the v3.7.x software release I was told it had not. It would seem that a lot of folks just don’t expect switches to be running that long these days.

Cheers!

Update: Wednesday November 4, 2008

Last week Nortel released a technical service bulletin entitled, “Ethernet Routing Switches: SysUpTime approaching 497 days can cause the switch or stack to behave in some unexpected way“. They also released a video that documents a workaround to the problem.

Let me save you the time and effort of downloading either. Nortel solution is truely masterful; reboot the switch.

While I’ve been know to defend Nortel there’s just no defense for this. I’m completely floored at Nortel’s response.

Cheers!

How to set passwords from the CLI?

9
March 11, 2008
by Michael McNamara in ,

There have been quite a few comments posted to the Factory Reset Nortel Ethernet Switch article. One of those comments requested some help in how to set the passwords from the CLI (command line interface). You’ll obviously need the read-write password in order to login to the switch and reset the passwords. Without the read-write password you’ll need to factory reset the switch.

Note: I’m still trying to figure out the best way to display the CLI stuff… if I use the PRE HTML tag the font is really too small, if I don’t use the PRE HTML tag the formatting (spacing) gets lost making it difficult to compare the post with the real world output from a CLI interface.

Nortel Ethernet Routing Switch 5500 Series (v5.1)

Here’s how to set the passwords on the Nortel Ethernet Routing Switch 5500 Series (v5.1 software).

5520-48T-PWR>enable
5520-48T-PWR#config term
Enter configuration commands, one per line.  End with CNTL/Z.

What’s the syntax to set the read-only and read-write passwords?

5520-48T-PWR(config)#cli password ?
read-only   Modify read-only password
read-write  Modify read-write password
serial      Enable/disable serial port password.
telnet      Enable/disable telnet and web password.

We’ll use the commands below to set the read-only (RO) password to “readonlypassword” and the ready-write (RW) passwords to “readwritepassword”;

5520-48T-PWR(config)#cli password read-only readonlypassword
5520-48T-PWR(config)#cli password read-write readwritepassword

What is the syntax to enable the passwords on the serial and telnet interfaces?

5520-48T-PWR(config)#cli password serial ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.
tacacs  Use TACACS+ AAA services

5520-48T-PWR(config)#cli password telnet ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.
tacacs  Use TACACS+ AAA services

We’ll use the commands below to set the serial and telnet interface to use the local passwords we’ve just configured above. You could also use RADIUS and TACACS authentication if you set it up.

5520-48T-PWR(config)#cli password serial local
5520-48T-PWR(config)#cli password telnet local

And let’s not forget to save the configuration file (even though the switch should auto-save it).

5520-48T-PWR(config)#copy config nvram
5520-48T-PWR(config)#exit
5520-48T-PWR#disable
5520-48T-PWR>

Nortel Ethernet Routing Switch 4500 Series (v5.0)

The Nortel Ethernet Routing Switch 4500 Series (v5.0 software) is piratically identical to the 5500 series except that it does not yet support TACACS authentication.

4548GT-PWR(config)#cli password ?
read-only   Modify read-only password
read-write  Modify read-write password
serial      Enable/disable serial port password.
telnet      Enable/disable telnet and web password.

4548GT-PWR(config)#cli password serial ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.

4548GT-PWR(config)#cli password telnet ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.

Nortel Ethernet Switch 460/470 (v3.7.2)

The Nortel Ethernet Switch 460/470 (v3.7.2 software) is identical to the ERS 4500 series.

470-48T>enable
470-48T#config term
Enter configuration commands, one per line.  End with CNTL/Z.

470-48T(config)#cli password ?
read-only   Modify read-only password
read-write  Modify read-write password
serial      Enable/disable serial port password.
telnet      Enable/disable telnet and web password.

470-48T(config)#cli password serial ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.

470-48T(config)#cli password telnet ?
local   Use local password.
none    Disable password.
radius  Use RADIUS password authentication.

Hopefully this should help a few folks out.

Cheers!

Go to Top