Let’s set the PVID for each port to the proper VLAN;
vlan port 1/1-47,2/1-47 pvid 10 vlan port 1/48,2/48 pvid 200
Let’s associate the management interface to a specific VLAN;
vlan mgmt 200
Let’s configure SNMP with the appropriate SNMP strings and trap host;
snmp-server authentication-trap disable snmp-server community rostring ro snmp-server community rwstring rw snmp-server host 10.11.11.11 rostring
Let’s configure local logging to overwrite older events and setup a SYSLOG destination;
logging volatile overwrite logging enable logging remote address 10.103.24.50 logging remote level informational logging remote enable
Let’s configure the timezone and SNTP with the appropriate Daylight Saving Time information;
clock source sntp clock summer-time recurring 2 Sunday March 02:00 1 Sunday November 02:00 60 clock time-zone EST -5 0 sntp server primary address 10.11.11.10 sntp server secondary address 10.11.11.11 sntp enable
Let’s setup the MultiLink Trunk (MLT) which will bond the 802.1Q trunk ports together. Since we are using an SMLT topology we need to disable Spanning Tree from running between the core and edge switches.
mlt 1 disable mlt 1 name "SMLT-8600" mlt 1 learning disable mlt 1 member 1/48,2/48 mlt 1 enable
Let’s give the stack an IP address through which we can manage it; (this IP needs to be in VLAN previous defined by vlan mgmt)
ip address stack 10.11.11.75 netmask 255.255.255.0 default-gateway 10.11.11.1
Let’s enable forced-stack mode and configure the stack monitor feature. In past software releases you had to configure a different IP address depending if the switch was in a stack or a standalone switch. If one switch failed the stack would become a standalone switch and the IP address configured as the “stack IP” would stop responding and the “switch IP” would start responding. The “stack forced-mode” forces the “stack IP” address to always respond whether there is a single switch or multiple switches in a stack.
stack forced-mode stack-monitor stack-size 2 stack-monitor trap-interval 300 stack-monitor enable
Let’s configure ADAC so we can deploy our IP phones. We’ll clear the MAC address table because we’ll be using LLDP to detect the presence of an IP phone but you could use the MAC feature to detect non-LLDP or even non-Avaya IP phones.
adac voice-vlan 11 adac op-mode tagged-frames adac uplink-port 1/48 no adac mac-range-table adac enable
Let’s configure the port type for the end-user ports and enable ADAC, LLDP, BPDU filtering, Spanning Tree and FastStart;
vlan port 1/1-47,2/1-47 tagging untagpvidOnly interface fastEthernet 1/1-47,2/1-47 vlan ports 1/1-47,2/1-47 filter-unregistered-frames disable lldp tx-tlv local-mgmt-addr port-desc sys-cap sys-desc sys-name lldp status txAndRx config-notification lldp tx-tlv med extendedPSE med-capabilities network-policy poe poe-priority medium spanning-tree learning fast spanning-tree bpdu-filtering timeout 12000 spanning-tree bpdu-filtering enable adac detection lldp no adac detection mac adac enable exit
We shutdown the remaining unused SFP ports as a standard in case we might need them in the future;
interface fastEthernet 1/47,2/47 shutdown exit
Will done Man .
Really many thanks
Thanks for the comment Mohammed!
Shouldn’t the autopvid command take care of setting the pvid (first command on the 2nd page), as the ports are still in untagged at this stage?
If the ports are set for UnTagAll (access ports) and AutoPVID is enabled then yes. However, as a good practice I make sure to set the PVID regardless so there’s no potential issue.
Cheers!
In this command:
adac uplink-port 2/24
Shouldn’t the ports be 1/48,2/48?
Hi Raul,
You only need to provide one of the ports in an MLT and the additional ports will automatically be added.
Cheers!
Understood. I was making reference to the port 2/24. You had been using uplink ports 1/48,2/48 and in the adac config, used port 2/24 and I am confused why. Thanks!
Thanks… I’ve corrected the original.
HI Michael:
We have two avaya switch 4548GT, Actually we connect a any port via serial and with Ctrl+Y have access, we want configure password for access it.
How is the correct way to do it.
Thanks
Hi Roberto,
The answer will depend on the software release you are running. In the older software releases you needed the following commands;
cli password read-only ropassword
cli password read-write rwpassword
cli password serial local
The read-write username in RW, the read-only username is RO.
Cheers!
Hi Michael, I’m having a strange issue with these 4526GTX switches. When I try to change the management VLAN away from the default 1, I get the following error:
4526GTX-PWR(config)#vlan mgmt 199
% Can’t set the vlan 199 as management vlan, the vlan is member of inactive gro
up
I can’t find any references to VLAN “groups”, much less how to make the VLAN active. It is assigned to several ports as the PVID. Do you have any ideas?
Hi Dan,
Have you created the VLAN yet?
Cheers!
Hi Michael, yes I did create the VLAN, in fact I created all of my VLANs. This VLAN is untagged on ports 1-8, and tagged/pvid on my LACP ports 17-24. I didn’t give the VLAN an IP address as I believe it would get the IP from the mgmt VLAN setting, correct?
I think I found part of the problem. I started with a new configuration and followed this example, creating one VLAN (199) and making it the management VLAN. However, I then went on to try to set up MSTP for LACP, and that’s when I ran into problems:
4526GTX-PWR(config)#spanning-tree mstp msti 1 add-vlan 199
Can’t add the management vlan 199 to an inactive STP Group
So then I tried enabling the group:
4526GTX-PWR(config)#spanning-tree mstp msti 1 enable
% Cannot modify settings
% No vlans assigned, cannot enable STP Group.
So the question is, how do I properly trunk the management VLAN over LACP? Or do I need to do something different entirely?
Hi Michael,
first of all thank you for your awesome work :)
i´m having issues activating SSH and SSL. Both are not getting displayed in the config t menu. do i have to configure something first? in older versions i never had to. Im running version 5.9.0.004 with the new switch.
Best regards
Markus
Hi Markus,
You need to load the secure image on the switch before you’ll have the option to enable SSH or SSL.
Cheers!
Hello,
Where to find Avaya CA root certificates to install on browser to be able to use EDM without having to “add security exception”?
Thank you
Hmmm.. no idea, that would be a good question for Extreme support though.
Cheers!
Hi Michael,
that would explain a lot :D
thanks alot!!!
Markus
and oh yea, im having a hell of a time adding hostnames to the 5698tfd-pwr switches i mentioned in the last comment. “snmp-server name” does not work.
Base Unit Selection: Non-base unit using rear-panel switch
sysDescr: Ethernet Routing Switch 5698TFD-PWR
HW:06 FW:6.0.0.18 SW:v6.3.2.011
Mfg Date:07162012 HW Dev:none
Hello Michael….
Please can tou help me, in a sw5520 with V6.1.4.011, is possible to have two user (WR and another)?
what´s is the process?
Regards
You would need to use a RADIUS server to have multiple users.
Cheers!
Good day,
Please help me, I need to update to load a secure image but keet the configuration…
whts the process pls…
Best regards
Sorry Hector, I don’t have any of the Extreme/Avaya software, nor would I offer it if I did.
Do you mean you need the secure image but need to keep your configuration from the standard, non-secure image?
I have performed this without issue.
1> Go to the Avaya download site and get the secure image if you are entitled to download this
2> Make an ASCII and binary backup of your switch, just to be safe
3> Upload the new diagnostic image
4> Upload the new software image
5> After and check that everything is still there
6> Reconfigure anything that needs it, like enabling SSH access and disabling telnet