[ad name=”ad-articlebodysq”]Update: July 30, 2009
I’ve added a command to disable the User Interface Button (UI Button) “no ui-button enable”.
Update: February 7, 2009
It was time to update this article with some additional information and settings that I’m now using in all my switch deployments. The big change is the updated ADAC MAC address table. Please also note the VLACP time-out scale change and I’ve updated the year field for the Daylight Saving Time change.
Update: August 13, 2008
This was one of the first articles I wrote back in October 2007 and it is by far the most popular article out of all 110 articles that I currently have published. With that said I decided to come back and spruce up this post with some additional “tweaks” that I’ve added over the past 10 months. I’m also going to attack a link to a text file so folks can just download the file of commands, tweak the specific individual settings such as IP address and VLAN information, and then cut and paste into the CLI interface of the Nortel Ethernet Routing Switch 5520. It will hopefully save folks from having to cut and paste each section.
Note: just a quick warning about cutting and pasting into the CLI interface, I’ve often found that the buffer will overflow if I try to paste an entire configuration at once. I usually need to break it into at least two or three sections and cut and paste those section one at a time.
In this post I’ll try to outline how you can configure the Nortel Ethernet Routing Switch 5520 in a VoIP environment using Nortel i2002/i2004 Internet Telephones (this procedure will also work the same with the i2007/1120E/
1140E phones).
You’ll obviously need a ERS 5520 switch and you’ll need SW 5.0.6.22 or later and FW 5.0.0.3 or later (there are known issues with earlier software versions that create inconsistent results using LLDP with the i2002/i2004 phones). I would strongly advise that you start with a default configuration. From the CLI issue the following commands to reset the switch to factory defaults;
5520-48T-PWR> enable 5520-48T-PWR# boot default
The switch should reboot with a default configuration. Let’s proceed with the configuration;
5520-48T-PWR> enable 5520-48T-PWR# configure terminal
Let’s set the local read-only and read-write passwords;
5520-48T-PWR (config)#cli password read-only readpass 5520-48T-PWR (config)#cli password read-write writepass 5520-48T-PWR (config)#cli password serial local 5520-48T-PWR (config)#cli password telnet local
Let’s disable the user interface button (UI button);
5520-48T-PWR (config)# no ui-button enableEnable AUTOPVID;
5520-48T-PWR (config)# vlan configcontrol autopvid
We’ll be up linking this switch using a MultiLink trunk on ports 47 and 48 so we’ll enable tagging on the fiber uplinks;
5520-48T-PWR (config)# vlan ports 47,48 tagging enable
Let’s create the data VLAN (VID 100) and management VLAN (VID 200) on the switch;
5520-48T-PWR (config)# vlan members remove 1 ALL 5520-48T-PWR (config)# vlan create 200 name "10-1-200-0/24" type port 5520-48T-PWR (config)# vlan members add 200 47,48 5520-48T-PWR (config)# vlan create 100 name "10-1-100-0/24" type port 5520-48T-PWR (config)# vlan members add 100 1-48 5520-48T-PWR (config)# vlan port 1-46 pvid 100 5520-48T-PWR (config)# vlan port 47,48 pvid 200
Let’s make VLAN 200 the management VLAN and assign the IP address;
5520-48T-PWR (config)# vlan mgmt 200 5520-48T-PWR (config)# ip address switch 10.1.200.10 netmask 255.255.255.0 default-gateway 10.1.200.1
Let’s setup Simple Network Management Protocol (SNMP);
5520-48T-PWR (config)# snmp-server authentication-trap disable 5520-48T-PWR (config)# snmp-server community ro 5520-48T-PWR (config)# snmp-server community rw 5520-48T-PWR (config)# snmp-server host
Let’s configure the logging so it will overwrite the oldest events;
5520-48T-PWR (config)# logging volatile overwrite 5520-48T-PWR (config)# logging enable
Let’s setup Simple Network Time Protocol (SNTP);
5520-48T-PWR (config)# sntp server primary address 5520-48T-PWR (config)# sntp server secondary address 5520-48T-PWR (config)# sntp enable
Depending on the version of switch software your running you may be able to configure Daylight Saving Time;
5520-48T-PWR (config)#clock time-zone EST -5 5520-48T-PWR (config)#clock summer-time EDT date 9 Mar 2009 2:00 2 Nov 2009 2:00 +60
Let’s setup the MultiLink trunk that will connect the switch back to the backbone;
5520-48T-PWR (config)# mlt 1 disable 5520-48T-PWR (config)# mlt 1 name "MLT-8600" 5520-48T-PWR (config)# mlt 1 learning disable 5520-48T-PWR (config)# mlt 1 member 47,48 5520-48T-PWR (config)# mlt 1 enable
Let’s setup ADAC (Automatic Detection and Automatic Configuration) for our i2002/i2004 phones. We’ll using VLAN 50 as our voice VLAN and we’ll use port 48 as our uplink (the switch will add 47 automatically because of the MLT configuration). There is a new command to clear the ADAC MAC address table that may be missing from earlier versions, “no adac mac-range-table”. I’ve also updated the list of entries that I use.
5520-48T-PWR (config)# adac voice-vlan 50 5520-48T-PWR (config)# adac op-mode tagged-frames 5520-48T-PWR (config)# adac uplink-port 48 5520-48T-PWR (config)# no adac mac-range-table 5520-48T-PWR (config)# adac mac-range-table low-end 00:0a:e4:75:00:00 high-end 00:0a:e4:75:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:13:65:00:00:00 high-end 00:13:65:ff:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:14:c2:00:00:00 high-end 00:14:c2:ff:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:16:ca:00:00:00 high-end 00:16:ca:ff:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:17:65:00:00:00 high-end 00:17:65:ff:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:19:69:00:00:00 high-end 00:19:69:ff:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:19:e1:00:00:00 high-end 00:19:e1:ff:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:1b:ba:00:00:00 high-end 00:1b:ba:ff:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:1e:ca:00:00:00 high-end 00:1e:ca:ff:ff:ff 5520-48T-PWR (config)# adac mac-range-table low-end 00:22:67:00:00:00 high-end 00:22:67:ff:ff:ff 5520-48T-PWR (config)# adac enable
We need to strip the 802.1q tag from any packets in the PVID VLAN from going to the phone. In this design we’re expecting to connect IP phones to ports 1 – 46.
5520-48T-PWR (config)# vlan port 1-46 tagging untagpvidOnly
Let’s configure LLDP for the ports we expect to connect IP phones (1 – 46);
5520-48T-PWR (config)# interface fastEthernet 1-46
5520-48T-PWR (config-if)# vlan ports 1-46 filter-unregistered-frames disable
5520-48T-PWR (config-if)# lldp tx-tlv port-desc sys-cap sys-desc sys-name
5520-48T-PWR (config-if)# lldp status txAndRx config-notification
5520-48T-PWR (config-if)# lldp tx-tlv med extendedPSE med-capabilities network-policy
5520-48T-PWR (config-if)# poe poe-priority high
5520-48T-PWR (config-if)# spanning-tree learning fast
5520-48T-PWR (config-if)# adac enable
5520-48T-PWR (config-if)# exitThe option in RED above was added after an issue was discovered when trying to upgrade the firmware on the IP phones. The filter-unregistered-frames is enabled by default and should be disabled to avoid and issues with upgrading the firmware on the IP phones. We are attempting to investigate further with Nortel and our voice vendor Shared Technologies.
Let’s disable the two remaining ports that share the GBIC interfaces incase we need those in the future;
5520-48T-PWR (config)# interface fastEthernet 45-46 5520-48T-PWR (config-if)# shutdown 5520-48T-PWR (config-if)# exit
Let’s setup a QoS interface group to trust all traffic that will ingress on the fiber uplinks. By default the ERS 5520 switch will strip all QoS tags on all ports. Thankfully ADAC will take care of the QoS settings for all VoIP traffic.
5520-48T-PWR (config)# qos if-group name allUpLinks class trusted 5520-48T-PWR (config)# interface fastEthernet 47,48 5520-48T-PWR (config)# qos if-assign port 47,48 name allUpLinks 5520-48T-PWR (config)# exit
Let’s set the SNMP information;
5520-48T-PWR (config)# snmp-server name "sw-icr1-1east.sub.domain.org" 5520-48T-PWR (config)# snmp-server location "Acme Internet Phone Company (ICR1)" 5520-48T-PWR (config)# snmp-server contact "Network Infrastructure Team"
Let’s enable rate limiting for all broadcast and multicast traffic to 10% of the link;
5520-48T-PWR (config)# interface fastEthernet ALL 5520-48T-PWR (config-if)# rate-limit both 5 5520-48T-PWR (config-if)# exit
Let’s setup VLACP (Virtual Link Aggregation Protocol) on the uplinks to the core;
5520-48T-PWR (config)# interface fastEthernet 47,48 5520-48T-PWR (config-if)# vlacp port 47,48 timeout short 5520-48T-PWR (config-if)# vlacp port 47,48 timeout-scale 5 5520-48T-PWR (config-if)# vlacp port 47,48 enable 5520-48T-PWR (config-if)# exit 5520-48T-PWR (config)# vlacp enable
That’s it your done! Well hopefully your done.
In my next post I’ll tell you what DHCP options you’ll need to configure on your DHCP server in order for the phones to boot properly and connect to the Nortel Call Server.
Cheers!
Man thanks for the tips on setup I found this very interesting and got me pointed in the right direction.
Hi, thanks a lot for the precise info. I have a few questions:
1) What can happen if some tagged packets go to the phone’s PVID? (referring tho the untag pvid command)
2) Do you always need to enable both MLT & VLACP? I (mis)understood that it was an option to use one protocol or the other..
3) I wonder why you did not include any spanning tree commands in this article. Are they in by default somehow on the ERS?
4)In the case of a single link trunk from one switch to another, is it true that you would need to disable stp on the trunk port? What protection could be the best choice then, apart from rate limiting?
thanks in advance!
Hi Charles,
Let me try to answer our questions (which are very good by the way);
1) The end device (laptop or desktop) will not understand the 802.1q frame and will just drop the frames leaving any device you plug into the PC port on the phone unusable. In essence this command just tells the switch to leave the 802.1q headers on the voice VLAN traffic so the phone can identify those frames but strip the 802.1q headers for the PC traffic so the PC won’t freak out – it’s not expecting an 802.1q frame.
2) These are two very different protocols. MLT allows you to trunk two physical links into a single link at Layer 2 for additional bandwidth and additional redundancy should one link fail. VLACP is a method used to detect a communication problem over a link and mark the port as down so you don’t end up switch/bridging packets across a dead uplink – an uplink that has link but there’s nobody home on the far end. I use VLACP where I have Ethernet Switch 470s because the GBICs don’t support autonegotiation. Without autonegotiation there’s no ability to detect a far end failure – say a single fiber strand breaks, one switch will still have link while the other won’t have link. VLACP would detect that loss of connectivity and mark the port as down keeping your network from switching/bridging/routing traffic down a dead link where the packets would ultimately be lost forever.
3) I did include Spanning Tree commands. I recommend that everything use “fast start” because of the auto MDI/MDI-X feature where an end-user or confused technician could easily put a loop into your network by mistakenly cabling two ports together. Search for “spanning-tree” above, here’s the reference;
5520-48T-PWR (config-if)# spanning-tree learning fast
Note: you should NOT run Spanning Tree on your MLT ports!
4) Spanning Tree as a system wide protocol. We use to run Spanning Tree across an ATM LAN where it sometimes took 90 seconds for Spanning Tree to converge. We employ a few layers of protection; the first is at the closet switch which I discussed in the answer above using “spanning-tree learning fast” on all edge ports, the second we use SLPP (Simple Loop Protection Protocol) on our ERS 8600 cores and lastly we use CP limiting on the ERS 8600 cores which will shutdown an uplink if too many broadcast or multicast frames start flooding the network from that specific uplink.
Great questions and thanks for the comment!
Thanks for being so helpful!
Mike,
You mentioned do NOT run spanning tree on MLT ports. Is that means we should disable STP on MLT ports? I am planning to cofigure 4ports MLT on two 5510-48 switches. What is your suggestion. Thanks in advance.
Alpha
You can run STP across a MLT but I would not recommend it. So my advice would be to disable STP on all ports which are going to belong to the MLT, on both switches.
Good Luck!
Michael,
one more question for you if you have time regarding ‘rate-limiting’
we have sometimes seen issues where a user will bring a linksys/home switch in and plug it into their drop (unauthorized).
the linksys/netgear/etc switch does NOT from STP. we are now implementing STP BPDU-Filtering/Guard on our edge ports to prevent unauthorized switches connecting to the network, but this doesn’t help with un-managed switches (which would be the majority of what people would bring in from their home).
now, if they connect a cable from the linksys switch to itself again (creating a loop), the flood of broadcast packets will also egress out the single uplink into the production network.
rate-limiting (e.g. 10% setting), will suppress this flood of broad/multi-cast traffic to 10% of the link, which is great because it will save the network … but the problem is , how do we then know a loop has occurred?
does the switch send an SNMP-trap when this threshold is hit? that is the biggest concern. the network will be saved from a storm, but at the same time if i am not alerted or notified, then the loop continues to exist (suppressed).
any suggestions?
thanks, again!
You’re keeping me busy there Michael! :)
The rate limiting feature is built into the ASCIC hardware so there’s no reliance on actual switch software – which is a good thing. While your basically correct, you’ll generally know soon enough that there’s a problem. While rate limiting will keep the majority of your switches reachable/manageable you still going to experience all sorts of MAC/FDB issues because of the loop. If you have a management system that is performing threshold monitoring that system will generally alert you to the surge in traffic. I’m currently using a combination of HP Open View and MRTG. In the majority of instances you’ll see SLPP kick-in and eventually CP-LIMIT will kick in at the core isolating the edge switch in question.
In a ultra secure environment you could configure MAC security (old school way) or you could go with a Network Access Control (NAC) solution which integrates with the latest Nortel switches.
With regard to your example… Spanning Tree enabled on the edge access ports will help save you 99% of the time in my experience.
Cheers!
just discovered your blog a few days ago and it’s nice to have discussion (just found the nortel community forums as well) :)))
that’s good to hear that the rate-limiting is done in ASIC; no sense in overwhelming the CPU with rate-limiting enabled no all ports…
but i wish there was a way to admin_down the interface when those thresholds were reached on the edge switches (5520, 460)…i would much rather have the interface be disabled than the traffic limited until I found the issue/error.
i’m using Open View as well, so maybe i need to do some tweaking/etc but not sure where to start for this topic at hand…
many of our IDFs/switches in different campuses are not connected via SMLT. many are DMLT or single-uplink, depending on our availability of fiber backbone and 8600 interfaces. slowly trying to migrate these to SMLT, but it does take a lot of time for the campuses in different countries where i’m not on-site, physically…so SLPP wouldn’t help for those locations (uplinks are NOT SMLT).
i’ve noticed CP-Limit appears to be enabled by default for 8300 and 8600s. this is generally the case when there is a loop and an interface is auto-disabled. i have not configured these thresholds, so they must be at default values (enabled by default); i have also noticed (and remember working with Nortel on a case about this years ago), that there is a separate per-interface CP-Limit. i’m trying to recall, but I remember (this was back in 3.5.x.x days), that you eat up resources by enabling the CP-Limit on a per-interface basis, and as a result could only do so many interfaces. i’ll have to re-investigate this, but it was like there was two seperate types of rate-limiters on the 8600.
thanks!
Hi Michael,
If we have question regarding nortel, how could i submit it ?
Thanks,
Hello Samir,
I happy to try and help. What’s your question?
Cheers!
Hi,
We have been advised by Nortel that STP is required when assigning multiple VLANs on a trunk. Is this correct? as you mentioned above that STP should be disabled on the MLT…
Cheers!
Alex
Also, I presume the same rules apply for SMLT’s?
We currently have two edge switches configured with MLT’s that connect to the core and form a SMLT. There seem to have been a few inconsistencies when they were initially configured as one has STP disabled on the trunk and the other enabled.
Hi Alex,
I’m not sure who you’ve been talking to at Nortel but you certainly don’t need STP enabled on a trunk just because you have multiple VLANs (802.1q) traversing that link. If you had multiple trunks between two switches without using a MLT/DMLT/SMLT configuration you would certainly need STP enabled between those switches in order to prevent the Layer 2 loops that would be present in such a configuration.
It’s my recommendation NOT to running STP between your edge and core switches. I definitely recommend you run it on your edge switches but not on the ports that uplink to your core (or distribution) network. You can run it if you chose to I just don’t find it very useful to-do so and there can be implementation differences between some vendors (example, Cisco floods BPDUs across all ports in an etherchannel configuration with Nortel only floods BPDUs across the lowest interface in a MultiLink trunk configuration).
In an SMLT configuration you CAN NOT run STP at all between your edge and core (or distribution) switches because it defeats the whole purpose of building a network architecture that is active/active as opposed to active/passive. In an SMLT design both uplinks from the edge are actively passing and receiving traffic, unlike when you use STP/RSTP/MSTP traffic can only traverse one of the uplinks while STP blocks the other uplink.
Hopefully that helps a little. Good Luck!
Thanks Michael,
That has cleared up a few things! – I’m still getting to know the network as I have only recently joined the company!
As you mentioned STP is disabled on the SMLT configs on our two core switches. We have around 20 edge switches which after further investigation 7 have STP enabled on the MLT trunks. We attempted to disable STP on one of the edge MTL trunks (connected to each core as SMLT) but had to quickly change this back as once we re-enabled to trunk we lost connectivity from the edge switch.
I will be getting back in touch with Nortel with your comments and see where we go from there.
Thanks again!
Alex
Sir,
Thanks for the patience.
In fact I am working in a place where we have only Nortel Access Swtiches, but NTP is not yet configured.
Wondering how to interrupt the logs with out having NTP configured in swtiches.
Kindly help …
Hi Shine,
It can be ugly to read the logs without the proper date/time and timezone set. I believe the switches count up from the time they were started/booted.
Depending on the version of software on the switch you should be able to issue a “show log sort-reverse” from the CLI interface and it will show you the log from the bottom up (latest events first). You’ll need to then do the math to figure out how to match up the timestamp in in the logs to the real date/time.
If you have access and configure NTP the timestamps in the log will be automatically updated so you can read them properly. You can have a look at the post Network Time Protocol (NTP) for information on how to configure NTP.
Good Luck!
Hi, just found the posts here.
Michael Gagnon raised a question regarding loop backs abnd better detection, however I don’t believe it was answered.
I work for a company which has all 5520’s at the edge and an 8600 at the core. We randomly see the issue of a loop back with will bring that edge device down and is often very difficult to locate the looped device.
We are already using Rate limiting on the trunks to protect the network, as well as Spanning Tree, however as mentioned earlier in the posts we eventually CP-Limit kicks in and the 8600 will block the port. This takes our edge offline and we need to troubleshoot the issue by placing the switch back online.
Also – The syslog does not seem to every indicate where the problem originated from.
Does anyone have any advise that could help us identify and/or prevent the broadcast storm which occurs.
Any advise would be most appreciated
Hi Luke,
I believe the basic answers to your questions can be found throughout the different comments.
I generally follow a “defense in layers” approach… utilizing the different features such as STP, SLPP, Rate Limiting, BPDU Guard, CP-Limit and Ext CP-Limit to provide an overall defense against any situation where a high rate of broadcast/multicast frames might endanger the general operation of the network.
In short Spanning Tree running on the edge switch (edge ports only please, no STP on the uplinks) should cure 99% of any loop induced problems by preventing any the loop from either within that specific switch/stack/closet or downstream of that switch/stack/closet (someone plugging in an unmanaged hub/switch). SLPP helps to protect against and MLT configuration issue on the edge switch by disabling one of the MLT downlinks. I use rate limiting on all ports not just trunk uplinks. This prevents any single port from injecting too many multicast/broadcast frames into the network although you need to test this feature carefully if you have multicast applications. Ultimately CP-Limit protects the core network from an single switch/stack/closet flooding the CPUs with too many broadcast/multicast frames.
In my experience Spanning Tree (Fast Learning) has resolved 99.9% of issues in my environment (I have over 24,000 switch ports in my environment). In a few instances I’m happy to sacrifice a switch/stack/closet using CP-Limit to protect the rest of the network. The log on the ERS 5500 series switches will not show you “where the problem is”, what would be the need for us network engineers? If you are using Spanning Tree you can look at the switch port interfaces to see which port is in a blocking mode as opposed to forwarding mode.
Hopefully that answers some of your questions.
Good Luck!
Hi Michael,
Thanks a lot for this post!
Maybe you also can answer to my question: is there any way to configure the LLDP on the switch so that it will send two Network Policy TLVs – one for the Voice Application and one the Voice Signaling Application? This is needed to provide different dscp values to IP phones – one will be used by the phone for control traffic (between the IP phone and the Signaling Server) and the other for media traffic (between the Ip phones)
Many thanks,
Nadya
Hi Nadya,
I believe this is already the case with Nortel’s IP phones and their integration with ADAC/LLDP but I can’t be 100% sure. You’d need to run a packet capture against the data stream to see if the control traffic is tagged differently than the actual RTP stream. The Nortel IP phones themselves have configuration options for Control Priority Bits, Media Priority Bits, Control DSCP and Media DSCP. Are they both being set to the same Expedite Forward (EF) when using ADAC/LLDP with an Nortel IP phone? I’m not really sure although I could probably get a quick packet trace. Is there a way to set different 802.1p bits and DSCP entries? I don’t really know the answer to be truthful.
I’ll look at a few packet traces to see if the packets are marked differently.
Sorry I couldn’t really help!
Mike, thank you for the answer!
The reason why I’m asking you is that I work at the company which is Nortel partner and we develop FirmWare for the Nortel IP phones.
You are correct that IP phones themselves have configuration options and in the current FW releases when some DSCP and 802.1p Priority is sent by the switch in the Network Policy TLV (for Voice Application type), the IP phone applies these values to both – Control and Media traffic.
Currently official IP phones FW supports only Network Policy TLV for Voice application type.
So I modified IP phones FW so that it sends and accepts two Networks Policy TLVs (for voice and voice signaling applications), now I need to configure the switch somehow to send to the phones two Network Policy TLVs as well.
Looks like nobody knows the answer, most likely it is not possible in current Baystack software :)
Many thanks for your help!
Hi Nadya,
Very interesting… thanks for the post!
Mike
Hi mike,
I m having a technical problem.
We are using Nortel switches(8600).We are maiantaing MRTG for inter buliding links.When we create an access point to secure the telnet,MRTG will stops functioning.But i wil be able to telenet to system and i am also able to ping, but MRTG is not fuctioning.We need a solution where we wil be able to use MRTG when we use access policy to secure telnet.Wil u plz help me
Hi Thomas,
I had thought I replied to your post (perhaps you posted in the forums?) but I see you have a reply here without any response… sorry for that.
I’m guessing that when you enable the Access Policy your not making allowances in the policy for the server/desktop running MRTG to be allowed to perform SNMP queries against the switch.
Have a look at this post for an example of how to configure an Access Policy; http://blog.michaelfmcnamara.com/2008/01/ers-8600-access-policy/
Good Luck!
Michael,
What about enabling SLPP on the edge switch ports?
Hi Mike,
In an SMLT configuration it’s best practice to enable SLPP on the edge ports at the core switch (not the edge switch).
I have an article that describes SLPP here;
http://blog.michaelfmcnamara.com/2007/12/simple-loop-prevention-protocol-slpp/
While SLPP is applicable it doesn’t get configured on the edge ERS5520 itself but rather on the core switch.
If you are running any of the ERS 5500 series switches in a Layer 3 configuration with the Advanced Routing License then those switches themselves can act as core switches as opposed to just being a Layer 2 edge switch.
Thanks for the comment!
Michael, I just wanted to thank you for this post. Nortel is limited when it comes to online information and your site is a great resource.
I just found your site today and have already forwarded it off to probably 10 people.
Thanks in advance for any solutions your provide me, I’ll be sure to give credit where credit is due!
Hi Todd,
I really appreciate the comment and I’m happy to hear that you found the information useful.
Cheers!
Hi Michael, I hope all is well. I have a quick design idea/question for you. I read from your posts, also from Nortel docs that STP on MLT links should be a no-no. I have a bit different scenario. Imagine if you will 3 ‘Edge Closets’ with 3 stacked 5520’s in each closet. Each Edge Closet uses MLT to connect two fiber connections to the core respectfully. So all is fine and dandy, I can have STP disabled and we are good. But I have a small enough campus I was able to run Ethernet cable to the edge closets between them. So again, I have 2 fiber connections using a mlt link for each edge closet connecting to the core. But edge closet 1 and 2 have an Ethernet cable run to edge closet 3. The reason is if (knock on wood) someone cut the fiber my mlt is worth nothing and both links are down, thus my edge closet. With STP if the fiber is cut in edge closet 1 the Ethernet cable will provide a link to the core (the Ethernet port is blocking via stp, but when the fiber mlt link is disabled the Ethernet port is brought online to edge closet 3), not the best for ‘best practice’ but will be enough for them to be online for a period of time until the primary link is repaired. Again I use STP for this config,
Now if I would disable stp on the mlt ports, I would imagine it would create a loop and down the network goes…. anywho, i did my best to explain this…. hope it makes sense. let me know your thoughts when you have time.
Thanks!
Todd
Hi Todd,
Before I respond let me encourage you to post any furture questions/follow-ups on the forums; http://forums.networkinfrastructure.info/nortel-ethernet-switching/.
You can most certainly run Spanning Tree in an MLT configuration. You cannot run Spanning Tree in an SMLT configuration. I’ve made the personal decision to avoid using Spanning Tree where ever possible and instead rely on Layer 3 routing and Nortel’s proprietary IST/SMLT technology.
With respect to your specific configuration you can certainly enable and run STP between your closets and your core switch (you didn’t say what switch you had in the core). You only need to be mindful of how Nortel’s proprietary Spanning Tree works, unless you configure all your switches for RSTP or MSTP (you’ll need to make sure that your running a software version that supports RSTP and/or MSTP on both your core and edge switches). In short you need to align the ports in your MLT from the lowest ifNum to the highest ifNum. Example; port 1/48 on the 5520 connects to port 1/8 on the core while port 2/48 connects to port 2/8 on the core. If you were to cross those ports using Nortel’s proprietary Spanning Tree you would probably experience issues since Nortel only broadcasts BPDUs on one port (the lowest ifNum in the MLT) while other vendors like Cisco broadcast BPDUs on all ports in the EtherChannel (MLT).
You would definitely need to-do your homework though and make sure that you set the root bridge priority on your core switch properly. You might also need to tweak the STP path costs to make sure that the interconnects between your edge switches are the ports that go into blocking and not your MLT uplinks.
I’ve avoided such configuration because I believe it leads to overly complex networks that often tend to fail on their own or through some unforeseen circumstances. As an alternative you could also have ports configured and cables ready (just unplugged) such that if you had an actual disaster you could quickly wire up the ports to an alternate edge switch. It would require manually connecting the patch cables but it would restore you to service much faster than waiting for the cabling vendor to re-splice your fiber pairs.
Cheers!
Good advice, thanks for the info.
Hi Michael
I have been reading your site for a while now and was wondering if you had any guidance on the use of DHCP-Relay to enable multiple subnets across multiple VLANs on ERS 5520.
Basically I have a situation where I need to do the following:
I have 20 VLAN’s each VLAN needs to have a different subnet (and clients issued DHCP), the way it was explained to me was this, I have simplified this config to one switch acting as the core and one as the edge (and I still get the same issue):
1. On the core switch, I put the dhcp server on port 1, member of all the vlans, pvid=1 (default vlan) and untag pvid only (ip address of switch = 172.16.119.25)
2. I have made the sfp port (48) as the trunk and member of all vlans
3. On the edge switch I set all (a part from the trunk port) as pvid=vlan id (say 106) and unTagPvidOnly.
4. I give vlan106 (not vlan 1) on the edge and ip address on the range it given 172.16.126.5 /24
5. Set a dhcp-relay from 172.16.126.5 to our dhcp server (172.16.119.201)
I have run a wireshark trace and I can see the address being offered, even to the point that the dhcp server thinks the address has been allocated – alas it never makes it to the client. I have seen on other forums that this is common and the exact issue with relays and redhat.
The switches are ERS 5520’s running, Software version = v6.1.2.028 and diag=v60009
Many thanks for any help you can give JP
Hi Jason,
I would urge you to use the discussion forums in the future… you’ll find that there are quite a few people that are now following the forums and have a lot of advice and help to offer.
With all that said you’ve taken the time to describe your situation in detail so I’ll respond here.
You only need to enable DHCP relay on your router (Layer 3 switch) for that VLAN, that would be your core switch. So for your edge switches (Layer 2) there is nothing you need to on those switches. All your configuration is going to be on your Layer 3 switch/router.
The DHCP server should be connected to the network just like any other server. The switch port (1) should be configured as an access (unTagAll) port. The port should be a member of the VLAN that matches the IP network assigned to the DHCP server.
1) If VLAN 1 was IP network 172.16.119.0/24 (core switch might be 172.16.119.1/24) then you would assign port 1 to VLAN 1.
2) the uplinks/downlinks all need to be configured as trunks, you need to extend the necessary VLANs to all the switches that will be connecting devices to that VLAN.
3) you could set the ports as unTagAll but unTagPvidOnly will also work. The PVID should be set to whatever VLAN the port is a member of.
4) for VLAN 106, you need to create the VLAN on your core switch, create an IP interface (this will be the default gateway for the PCs), enable DHCP/BOOTP and configure a DHCP relay address of 172.16.119.201 (your DHCP server). your edge switch will just be a Layer 2 device and you will bridge the frames to the core, not route them to the core. Make VLAN 106 a member of all downlinks from the core, create VLAN 106 on your edge switches, and add the switch ports in question to the VLAN making sure that the PVID is also set properly.
5) you are basically correct but I would advise that you use .1 for your IP interfaces if possible, makes thing much easier to follow (at least for me).
I suspect you have a configuration issue somewhere… DHCP relay isn’t that hard anymore.
In short the DHCP relay agent (the core switch running the .1 interface – the default gateway for the DHCP clients) will see the DHCP discover broadcast from the client. The broadcast will be forwarded from the edge switch to the core, the core will see the broadcast and forward the DHCP request via a unicast packet to the DHCP server. The DHCP server will respond by sending a unicast packet back to the router (.1 interface) and the router will broadcast the response as a broadcast to all ports in the VLAN which eventually floods back down to the edge (Layer 2) switch and all ports in the VLAN.
You need to be precise with your VLAN assignments, you should only assign IP interfaces to the core switch, leave the edge switches are Layer 2 switches only.
Good Luck!
Hi Michael
Thanks very much for your guidance, with a couple of site adjustments that work very well.
Should you ever be in London I owe you a few beers!
Cheers
Hi Mike,
Need your help here. So here is the situation.
We have two set of stacked switches in two Racks. And would like to configure MLT/LACP/Etherchannels between them.
So four ports of MLT between Sw1 – Sw6 And four ports of MLT between Sw5 – Sw10 (for redundancy)
Stack1-Rack1 Stack2-Rack2
Cisco 3750 Nortel 5510-48t
Sw1 Sw6
Sw2 Sw7
Sw3 Sw8
Sw4 Sw9
Sw5 Sw10
Question:
1. Is this scenario possible/recommended.
2. Are both sets will remain active at the same time? How does the failover/failback will take place?
3. Does one set need to be Active /Passive or Master/slave?
4. STP needs to be disabled on all 16 ports?
Thanks a budle in advance for your response.
I am not expert in networking so I don’t know detailed difference betw MLT/LACP/Etherchannel.
As per the documents I found online I think on Nortel (5510) side we have to configure MLT and on Cisco side Etherchannel?
Also I found Nortel MLT can be configured through GUI also by taking console in IE?
but in cisco there is no such feature.
Please share your knowledge.
Michael,
I’m going to deploy an ERS-5520 to one of my remote locations. I currently have 2 5520’s at my office and management vlan of 200.
My question is in regards to management vlan.
What would be the best practice to create management vlan in remote location?
Can I somehow connect my current one with the remote mgmt vlan?
I would be very thank full if you could share your input on this matter.
Thanks
Wesley
Hi Wesley,
At my remote sites I usually don’t worry about a management VLAN and just lump the switches/routers in the local VLAN. I reserve IP addresses .1 – .24 for switches/routers/etc, .25 – .49 for servers, .50 – .254 for edge devices (PCs, printers, etc).
Good Luck!
Thanks for the info.
If you don’t mind I have another blond moment.
I’m using ADAC – LLDP Detection for my Voice VLAN and QOS. 5520 will be routing to my corporate network over MPLS, provisioned for us by provider. In the configuration like this.
Do I tell ADAC that my UPLINK port is the one connected to my providers switch/router or I don’t need to do that at all?
Will I have to tag the port on 5520?
Thanks
Hi Wesley,
Are you going to have the ERS 5520 perform the routing? Or are you bridging (tagging) the voice VLAN across the MPLS link?
Cheers!
Hi Michael,
I’m going to have ERS 5520 perform routing.
Thanks
That’s going to create some issues and will probably prevent you from utilizing ADAC/LLDP-MED. Why? The feature is only intended to be used with switches configured as Layer 2 devices with an upstream switch performing the actual routing between the VLANs.
I ran into this issue almost a year ago working on some new designs and I didn’t see any easy way around the problem other than deploy a second ERS 5520/5530 as the edge/WAN router and then keep the first ERS 5520 configured as a Layer2 switch with ADAC/LLDP-MED.
Let me know if that doesn’t make sense.
Michael thanks for explanation and the tips.
After doing some research I found an example in the Avaya IP Telephony Deployment TCG NN48500-591 Ver 1.3
Link here “http://support.nortel.com/go/main.jsp?cscat=DOCDETAIL&id=984451&poid=14761”
“Auto Configuration Using Ethernet Routing Switch 5520-PWR and Ethernet Routing Switch 4526-GTX-PWR and DHCP for IP Phones”
In the mentioned example the ERS-5520 is configured as a layer 3 switch with DHCP provisioning IP Phones. QoS configured using traffic profiles.
Investigating further I found another TCG. Avaya IP Telephony Deployment TCG NN48500-517 Ver 7.0 from October 2010.
Link here “http://support.nortel.com/go/main.jsp?cscat=DOCDETAIL&id=965097&poid=14761”
In this TCG under Auto Configuration with a Stackable Ethernet Routing Switch using DHCP and LLDP-MED.
I found if the switch is updated with the latest image and diag software you can configure LLDP-MED with or without ADAC, page 21.
Although the article is used with layer 2 switches. I assume, I can use LLDP-MED without ADAC to detect IP Phones. Use MED policy values to assign DSCP, priority and tagging to Voice VLAN. Remark the Data VLAN with a QoS level of Standard using traffic profile.
Please correct me if I do not understand something here.
Here is something else I’m not so sure about. In the first example they have 3 VLAN’s (data, voice and core). The core is a separate VLAN 260, connecting 5520 to some kind of WAN router and being the default gateway for the network. There are not too many details about that VLAN configuration. My concern is.
When voice packets leave 5520 and travel through core VLAN260 to my corporate network, over the WAN.What will happen to those voice packets and the DSCP values as well as priority assigned to them? Do I need to do something on the core VLAN260 to preserve assigned values? Finally tell my WAN provider to set their end to be aware of voice traffic and give them higher priority too?
Any advice from your site
Thanks
Hi Wesley,
With regard to QoS the switch with not modify any packets as they egress the a switch port unless a traffic filter has been configured to-do so. The switch will automatically honor any QoS (Diffserv/802.1p) tagged packets that it forwards between ports (across the backplane). The important part to understand is how the switch deals with the packets as they ingress the switch, that’s where you can rely on ADAC to take care of the QoS or you can setup specific traffic filters that will apply a set QoS level based on VLAN ID or some other criteria.
This is why we setup trunks at “Trusted” but this trusted approach only applies to packets on ingress (into the switch) and has no bearing on egress out of the switch). So any packets that arrive on a “Trusted” port will be bridged through the switch unmodified and the packet will egress the switch with the same Diffserv/802.1p tag that it ingressed with.
Hopefully that makes sense… the issue with ADAC is that you may have problems creating a Layer 3 IP interface on a VLAN that is automatically created by the ADAC process. With ADAC you don’t create the voice VLAN yourself, the ADAC configuration does that for you. I’m not 100% sure because I’ve never had to utilize an edge switch as a Layer 3 router when working with ADAC/LLDP-MED.
Cheers!
Hi Micchael
A customer has recently taken receipt of two new Nortel 5530-24tfd switches for back-up purposes and is having difficulty copying the running config of the live switch onto the new switches. The older original switch is firmware version 4.2.0.12 Software version v4.2.0.002 and the new switches are firmware version v6.0.0.6 software version v6.1.0.006.
I do not have any Nortel knowledge at all and only work on Cisco kit but can’t imagine that a change in firmware/softrware would cause such a reaction to loading a config that works on one switch onto another of the same vendor.
Is there any difference in the new switch command set? Can you advise please on the method I should use to carry out this task? Is he possibly trying to load too much at once as it is a 1MB file? With Cisco hyperterminal I set a delay in the ASCII setup do slow the delivery down. Should they be doing the same thing- this was my first thought when asked to deal with the problem? Cheers etc pgatt62
Hi Patrick,
You neglected to mention exactly what switches your customer has today… assuming they are in the ERS 5500 series the basic CLI interface should be the same. You’ll obviously find a lot of features in the 6.x software that are missing in the 4.x software. With a Nortel/Avaya switch there is a trick to restoring a configuration… you need to factory reset the destination switch first before you try and load either an ASCII or BINARY configuration file. You can also, as you suggested, cut and paste various sections of the configuration file at a time. Again as you suggested you don’t want to cut and paste too much at one time as you’ll fill up and overwrite the buffer and you might miss some commands.
I would suggest you review the ASCII configuration and then manually cut and paste the important sections. Assuming your customer doesn’t have a complicated configuration this should be fairly easy. It might also just be easier to document the configuration and then just re-configure the new switch manually.
If you spend a short amount of time with the CLI you’ll find that it’s pretty logical although it does have some minor annoyances.
Good Luck!
Hi Michael
Thanks for the prompt reply. I’ll try to implement that as soon as.
Cheers Again
Pat
Hi Michael
Following is another reply to my original question. Could you give me you thoughts if poss;
“To load a backed up config to a new switch, it has to be exactly the same hardware and software level. Any differences and the config will not load.
The only way you could do it would be to upgrade the old switches to version 6 software and then copy the config. To do this i belive would require a stepped upgrade as i don’t think you would go from 4 to 6. Check the release notes to confirm upgrade path.”
Regards etc Pat
Hi Pat,
If you are trying to use the binary configuration file then the statement above is applicable and correct. With that said you can use the ASCII configuration file and you can certainly cut-n-paste various sections of the configuration and port it to another similar switch. It’s not 100% fool proof but it certainly can be done.
Now even with the ASCII configuration the commands (and syntax) can change between software versions so some amount of tweaking might be necessary.
Good Luck!
Thanks for all your help so far. I’m on a webex tomorrow to discuss a solution to this.How would you do it or recommend its done ?
1.Go for a block cut and paste with or without a factory reset command to start with? (“boot default”, then give it an ip address so I can access it over the network as I cant get physical access to it)….. or
2.Go for the hardware and software compatibility by possibly asking the client to add the switches into the stack and then let the master switch set them up to the same as it even if it means a downgrade?
Hi Michael
Sorry for being a pest but could you clarify something for me.
As you know I’m trying to work out a solution for a customer with newer software/firmware versions on 5530 switches that refuse to take the config of the older version switch.
They suggested that we downgraded the newer switches to the older version it might work and how could we do this.
Looking through your blog back catalogue I’ve found three different opinions, could you set me straight on this:
1. July 22 470 Stack Troubleshooting; “One very important note! You can only stack switches that are running the same version of software (boot code and agent code). I believe the “Base” light will blink amber if you try to stack two switches together that are not running the same software”
2.July 31 5500 Stack Troubleshooting; “You can add a switch to the stack and the base unit will automatically push the running firmware/software to the recently added switch. You may need to be running at least v4.2 software for this to work although I’ve been unable to confirm as of yet.”
3.August 10 Cascade Nortel Switches ” The newer Ethernet Routing Switch 4500/5500 series switches will try to automatically upgrade any switch that is added to the stack and isn’t running the appropriate software version.”
Could option 3 possibly mean convert other switches in stack to same version the base is running? If so will a version downgrade also be possible?
Thanks Pat
Hi Pat,
Sorry for the late reply… missed your previous message until the comment below was made.
The Ethernet Routing Switch 5000 series (v4.1 software and later) will automatically upgrade the software of switches in the stack that don’t already match. The Ethernet Switch 470 does not have this feature and will instead refuse to stack with switches that aren’t running the same version.
I think if you try and run through the conversion (ahead of time) you’ll get a lot of your questions answered.
Good Luck!
Hi Michael,
I have a Nortel 5520 model, and I need to configure 3 VLAN’s with its IP for each of those VLAN.
I was looking for an article which explains this issue, but I didn’t see nothing about.
Please can you tell me a link with some article who explains how can I do it? Or Anything like this?
Thank you
You can assign IP addresses to the VLAN interfaces and then enable IP forwarding.
You just need to repeat the above statements substituting the appropriate VLAN and IP address information.
Good Luck!
Hi Mike,
I am sorry to disturb you, but I have a question.
Do you think it is possible to work LLDP-Med without enabling and configurating the Automatic Detection and Automatic Configuration ?
I have heard today (by the mouth of a person I am moderately confident) it was possible to do this on the lastest software versions of ERS-45xxT-PWR series ?
What do you think ?
thank you.
Best regards
Damien
Hi Damien,
I’m not 100% sure myself so I’ll need to dig around and check. I believe I might have read that you can set the LLDP-MED parameters manually but you’d still need to configure the VLAN ports and QoS settings manually. You can change the ADAC detection method to LLDP (originally only support MAC address detection which required the MAC address ranges of all IP phones that might connect to the switch).
Let me dig around and I’ll see… are there any reasons to NOT deploy ADAC?
Cheers!
Hi Mike,
I’m really glad you took care of me so quickly.
Indeed. It may be exist one reason to NOT deploy ADAC. A limitation induced by ADAC in one “exotic” case particulary. It is too late tonight and unfortunately I do not have time, but I promise that I’ll explain you my scenario tomorrow.
Thank you.
Cheers!
Hey Mike,
Without ADAC. It perfectly works (v5.4.009 on ERS 45xxT-PWR) !!!
And so that I resolved my problem. In fact I have multiple Voice VLAN in my LAN architecture and ADAC was limited to a single Voice VLAN.
;)
Thanks a lot.
Have fun !
Hi Damien,
If you don’t mind sharing inforormation.
I have similar situation with my ERS 5520 and I was wondering how did you configure your switch to use LLDP-MED without ADAC so all the phones and QoS are working all together.
Best regards
WK
Hi Mike,
I have 8010 nortel. i was made 46,47,48 Management port.
I have very high trafic, so i want all three port marge togethere, works as one port.
so we can make by CLI ….?
Hi Nadeem,
Your question isn’t really relevant to the topic at hand.
I would suggest you post your question on the discussion forums.
Cheers!
Hi Mike,
I’m trying to configure lldp on Nortel 5520. And I should configure vendor-specific TLV’s. How can i configure them?
I have read everyones comments on this forum and have a question of my own. I am configuring LLDP on our Nortel 5520 with ver. 6.0 and I have the LLDP detection enabled. I am connecting Cisco 9971 phones to these switches. It seems to place the Vlan on the port when I attach a phone device, but will not place the phone on that operation vlan. Does anyone have experience in getting the LLDP detection to work with Cisco phones?
thanks,
Hi Nathan,
There are plenty of threads over on the discussion forums around utilizing Cisco IP phones with Avaya switches.
https://www.google.com/search?q=site%3Aforums.networkinfrastructure.info+cisco+phones&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cheers1
Thanks Micheal for the info. We have a very specific setup in some of smaller offices and I would like to use ADAC and LLDP to configure our phones. Some of the issue is I am not sure what the ADAC uplink port does? I know the other port look to that port for vlan information, but how do I know what port to use. Our small office setup is below.
We have a stack of 5520’s that handle everything in the office. They are the floor and Core switches. We have DHCP helper setup to pass DHPC to the different VLans. We also have 2 MPLS networks setup. One for Data and one for Video and Voice. They also failover for eachother, so if one goes down the other takes the load. My question is what would I choose as the uplink port in this setup? In our larger offices I am just setting the uplink as the MLT port on the floor switches that go back to our core.
Thanks for any info you can provide
Hi Nathan,
If you had a core switch that connected multiple closets then you would need to define the uplink port on the closet switches. If you are just using a single 5520 (or single stack) you don’t need to worry about the ADAC uplink port and you can omit it from your configuration. Your MPLS network is most likely an IP routed connection so there’s really nothing to-do there. The IP traffic would simply flow over the remaining routes (MPLS path) in the network.
Cheers!
Thanks again. Not sure why I didn’t think of not providing an uplink port. For some reason I was sure you had to specify one. That was making me think I was only a large office setup. I tried that and it worked. Thanks and good info you are providing to everyone. It really helps and I know many really appreciate it.
thanks, Michael for the link. I was able to get the phones to work using ADAC and LLDP on the Nortel switches. I am now running into another issue. I will check the link for answers, but will post the question in case anyone knows.
While configuring ADAC on the Nortel switches you have to specify an uplink port. My issue is in our smaller offices we are using the Nortel switch as our floor/core switch. We also have 2MPLS networks for redundancy. I can only specify one of those ports as the uplink port. How does avaya/nortel handles ADAC fault tolerance for small setups?
Hello All, Could anyone offer some advice.
I had a stack of switches ( 6 ) they were all at the same FW level, 6.1.2, the config was extracted just in case, then the base was updated to 5xxx_624010, after a few mins the stack was backup and running, however on switch 6 the the status light was flashing, and the stack up / down lights were off, but it was still working. The status light seems to indicate that there was or is a non-fatel system error, The stack was broken and the switch powered off, it was then added back to the stack, but the same problem was there. The unit was removed and another unit installed and added to the stack, the switch came up no problem and all is well.
The unit that seems to have the issue was checked out. I ran the upgrade of the firmware and diags again, the firmware seems to work but I get the following error with the diags
Len= 0xFFC20= 1047584. (@1A00000) ## Can’t Find 56xx Agent Magic #?
Also When looking at the event log, it has some information about not using the primary config and using the backup,
could this be part of the problem ?
Regards
Sorry this is the error “Error loading primary configuration block 1”
I would probably suggest you factory reset the switch and that will probably resolve the issue.
http://blog.michaelfmcnamara.com/2007/11/factory-reset-nortel-ethernet-switch/
Good Luck!
This is the information after a factory reset and you press “e”
Error Log:
Bad Port Mask = 00000000=LS; MS=00000000
Loop Test Error Description:
(none)
and this is the log file from the CLI:
System Log
Display Messages From: [ Volatile + Non Volatile ]
Display configuration complete?: [ No ]
Clear Messages From: [ None ]
Idx Time Stamp Type Src Message
— ————— —- — ——-
1. 0D: 0H: 0M:20S I Web server starts service on port 80.
2. 0D: 0H: 0M:21S S Error loading primary configuration block 1
3. 0D: 0H: 0M:21S I Primary Configuration files are corrupted. Restor
ed to default
4. 0D: 0H: 0M:24S I #0 Session opened from serial connection, access
mode: no security
5. 0D: 0H: 1M: 9S I QuickInstall:console configuration success.
I’m thinking you may have an NVRAM failure…
http://blog.michaelfmcnamara.com/2010/03/ethernet-routing-switch-5500-nvram-flash-memory-wear/
Good Luck!
Thanks for the information, I followed the instruction in the PDF, but no errors were returned, I dont’t want to put into a live environment just in case, But if you or any other readers have any suggestions
regards
This is the error from the diag menu
Bad Port Mask = 00000000=LS; MS=00000000
The unit still works, I’m just unsure why this started to happen, I think this unit if for test-bed only
Question, I have a simple flat network consisting of Baystack 5510s. I have three 48 port Baystacks stacked in the “core backbone”. On the other floors I have 48 and 24 port Baystacks that have separate Gb uplinks to the stacked “backbone” in the server room. Each has their own uplink. Occasionally, I will get flooding whre all switch lights are blinking very fast at the same time. Some person has plugged two ends of a cat6 cable into a little Linksys 8 port or something. Anyway, I have Spanning Tree enabled on all switches and are all set to STP Compatable mode. When some one messes up and plugs the two ends in it still brings down the network. What settings in the Spanning Tree am I missing? I did see that you suggest rate limiting as well. If, for example I have 7 Baystacks on the other floors with each uplink drop going to the base unit in the “core” on let’s say ports 41-47, how to I stop the flooding? I leave as STP Compatible on all ports except uplinks to the core stack? I enable rate limiting on all ports?
Thanks.
Greg