Nortel has released software 6.1.2 for the Nortel Ethernet Routing Switch 5000 series switches. This includes the Ethernet Routing Switch 5510/5520/5530/5698/5650/5632. While there are a number of fixes in this software release there are some very interesting new features primarily concerned with VLAN assigned through 802.1x authentication (both EAP and non-EAP clients) in conjunction with RADIUS. Here is a list of the new features;
- Dynamic VLAN assignment from RADIUS server for EAP and non-EAP authenticated devices
- 802.1X Authentication, NEAP / MAC-based Authentication, and Guest VLAN functionality on the same port
- 802.1X Authentication and NEAP functionality with Radius, but with Radius response using VLAN names instead of VLAN ids
- 802.1X Authentication and NEAP with Fail-Open functionality
- Support for DDI SFPs
As always I would strongly suggest you review the release notes for yourself.
Cheers!
svl0r says
Kinda not worth upgrading until they release 6.1.3. At least for me it would nice to have the IST problem fixed. This way I can upgrade my DMZ core and switches.
Dan says
I upgraded to 6.1.2.029 and now I get all of my switches trying to use the user name “nortel” to login using window IAS. I had radius set up on these switches but I’ve had to remove it because of this upgrade. It’s flooding our logs with bad logins. Any ideas why?
Michael McNamara says
Hi Dan,
I’ve noticed that as well but haven’t had time to dig into the problem. I’m wondering if the port based EAPoL process is trying to authenticate to the IAS/RADIUS server in preparation for authenticating EAPoL connections?
Thankfully I only have a few lab switches setup testing RADIUS.
If you can a support case to Avaya/Nortel might help. If I discover anything I’ll post back here.
Good Luck!
Dan says
Michael,
Great site. I used it to setup my SNMPV3 settings. I went on Nortel’s ERS forum and got this answer from a guy there:
http://community.nortel.com/go/thread/5309?tstart=0
Hi Dan,
this “feature” cant currently disabled. In version 6.2.x it will be changed from Radius-Request to ICMP-Ping, but this will be also not be disabled.
This feature must/will be available for EAPoL-FailOpen.
The workaround is to configure the radius-server to accept that request.
good luck
matthias.neumann
Michael McNamara says
Thanks for the feedback Dan!
I always get excited when folks come back and help add to the discussion and/or topic if they learn something new.
Cheers!
Todd says
Is it possible to set up an IST on a 5xxx (namely, 5632) with the base license? Or is the Advanced License required for IST?
Alex w says
Hi
I know this is very old but does anyone know where i can download the lastest firmware for these switches?
thanks
Michael McNamara says
Hi Alex,
With a support/maintenance contract you can download the software directly from Avaya’s website.
https://support.avaya.com/products/P0611/ethernet-routing-switch-5000-series/
Good Luck!
Alex w says
Hi
yeah, i found that however i don’t have a support contract as i am not the first owner of the switch. Would there be any chance of someone sending me the firmware?
thanks!
alex