Up until recently if you wanted to change the default VLAN (the data VLAN for the IP phones) on a port that had ADAC enabled you had to first disable ADAC, change the VLAN assignment of the port and then re-enable ADAC. This was problematic for two major reasons; 1) disabling ADAC would remove the port from the voice VLAN and would interrupt the connectivity to the IP phone causing an outage, 2) if your network administrator forgot to disable ADAC before making the VLAN change the switch would eventually restore the port to it’s originally configured VLAN (usually on reboot of the switch) which would ultimately leave the end device in the wrong VLAN and unable to communicate.

I blogged about the problem back in 2008 here and here and there were many of you that found out the hard way that neither Java Device Manager nor the CLI would warn you before making any VLAN changes on a port which had ADAC enabled. It’s now 2011 and while I definitely have more grey hair (I guess I should be happy I still have hair) it seems that Avaya has finally gotten around to resolving this issue. It seems Avaya also took the opportunity to eliminate two birds with one stone with the ability to now define multiple uplinks/downlinks in ADAC. In the past you could only define a single uplink which would be problematic if you intended to use the switch as a distribution switch to feed other switches downstream. There was no way to provision the voice VLAN on the downlinks because ADAC would remove any manually added ports from the voice VLAN.

The Autodetection and Autoconfiguration ( ADAC) Enhancements provide increased flexibility in deployments that use ADAC as follows:

• expanded support for up to 8 ADAC uplinks and 8 call-server links – individual ports or any combination of MLT, DMLT or LAG – per switch or stack
• the ability to change the non-ADAC VLANs on a port without disabling ADAC

Here’s what the ADAC settings look like within Enterprise Device Manager.

Here are the platforms that support the new feature and the minimum software releases you need to be at.

• Ethernet Routing Switch 5000 v6.2
• Ethernet Routing Switch 4500 v5.4
• Ethernet Routing Switch 2500 v4.4

I must admit upfront that I have not yet tested this new feature… although both changes highlighted above are very very welcome to me as a user. I can’t tell you how many issues we had with network administrators or engineers forgetting to check the status of ADAC and having all sorts of issues after a reboot (or more often an extended power failure – which led to a… yes reboot).

Has anyone else had the opportunity to test this out?

Cheers!

[ad name=”ad-articlebodysq”]When Nortel originally released the ADAC (Automatic Detection And Configuration) feature in the Nortel Ethernet Routing Switch it required the switch to be pre-programmed with all the possible MAC addresses that an IP phone might connect with. The switch applied a dynamic configuration to any switch port where ADAC was enabled and the MAC address of the device was within the ADAC MAC address table range. In the article entitled, Nortel ERS 5520 PwR Switch, I documented a list of MAC address ranges to add to the ADAC configuration. In a subsquent article entitled, ERS 5520 Switch v5.1 Software, I surmised that it was no longer necessary to maintain the ADAC MAC address table.

It would now appear that my assumption was totally wrong.

The remote site that had the problem never had the ADAC MAC address table updated beyond what is in the default configuration. When the phone booted into BOOTC mode to perform the upgrade it wasn’t sending the necessary LLDP information to the switch so the switch wasn’t adding the voice VLAN to the port. The only problem was that the phone was using the voice VLAN tag and original IP address so while it’s requests made it to the server the phone never recieved an answer because the voice VLAN was not a member of the port that the phone was connected to. Once we added all the MAC addresses to the ADAC table everything starting working properly. Now when the IP phone booted into BOOTC mode ADAC immediately recognized the MAC address and applied the voice VLAN to the switch port allowing the IP phone to communicate with the SRG50 and the Succession 1000M Signaling Server.

no adac mac-range-table
adac mac-range-table low-end 00:0a:e4:75:00:00 high-end 00:0a:e4:75:ff:ff
adac mac-range-table low-end 00:13:65:00:00:00 high-end 00:13:65:ff:ff:ff
adac mac-range-table low-end 00:14:c2:00:00:00 high-end 00:14:c2:ff:ff:ff
adac mac-range-table low-end 00:16:ca:00:00:00 high-end 00:16:ca:ff:ff:ff
adac mac-range-table low-end 00:17:65:00:00:00 high-end 00:17:65:ff:ff:ff
adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff
adac mac-range-table low-end 00:19:69:00:00:00 high-end 00:19:69:ff:ff:ff
adac mac-range-table low-end 00:19:e1:00:00:00 high-end 00:19:e1:ff:ff:ff
adac mac-range-table low-end 00:1b:ba:00:00:00 high-end 00:1b:ba:ff:ff:ff
adac mac-range-table low-end 00:1e:ca:00:00:00 high-end 00:1e:ca:ff:ff:ff
adac mac-range-table low-end 00:22:67:00:00:00 high-end 00:22:67:ff:ff:ff

The short story here is that you need to maintain the ADAC MAC address table if you want to avoid any IP phone firmware upgrade issues.

As a side note you also need to make sure that you disable filter-unregistered-frames on all switch ports.

I’ve inquired with Nortel about this problem but I’m still waiting for a response. It’s quite possible that this issue has already been “discovered” and will be resolved in a future release (or even resolved in this release).

Cheers!

We performed some exhaustive testing with ADAC over the past few weeks and can confirm, as Roberto alluded too, that ADAC will dynamically reconfigure any switch port that has ADAC enabled to the VLAN membership and PVID setting that was set when ADAC was first enabled on the switch port. In our tests we configured an edge port as a member of VLAN 10 and then enabled ADAC on that port. We then added the edge port to VLAN 11, removing it from VLAN 10. When the port went into an oper-down state ADAC added the edge port back to VLAN 10 and removed it from VLAN 11. We confirmed the same behavior with respect to the PVID changing.

In short if you need to make a VLAN membership or PVID change to an ADAC enabled port you MUST disable ADAC on the port before making the change and then re-enable ADAC when you have completed your change. As a side note any Nortel IP phone that is connected to the port will most likely timeout and reboot itself when you disable ADAC.

While I don’t necessarily disagree with the behavior it would be nice for either the CLI of Device Manager to alert someone if they tried to change the VLAN membership of a port that had ADAC enabled. (hint hint Nortel)

Cheers!

Well we also ran into a problem after upgrading a number of those switches to v5.1.1.17. A network administrator had made VLAN changes to various ports on the switch prior to the upgrade but after ADAC had been enabled on the ports. After the upgrade the switch ports defaulted back to the original VLAN they were configured for when ADAC was first enabled. We performed some additional testing and found that this problem would occur if the switch was just reset (rebooted) so it doesn’t appear to be tied to the upgrade but rather the action of restarting the switch. Looking at how ADAC works I can understand the problem but I’m disappointed that Device Manager or the CLI interface doesn’t throw a warning when you try to change the VLAN configuration of a port with ADAC enabled.

The lesson here is that you should disable ADAC on any port where you intend to change the VLAN membership.

Anyone else seen this?

Cheers!

There are some enhancements that affect how ADAC/LLDP function on the ERS 5520 switch. From the release notes;

IEEE 802.1ab and ADAC linkage
Nortel introduced the 802.1ab and Auto Detection Auto Configuration(ADAC) features to Release 5.0 to address converged applications. In Release 5.1, the functionality of 802.1ab and ADAC is combined: ADAC uses 802.1ab/LLDP as the detection mechanism to determine the identity of the attached device (that is, a Nortel IP phone that supports 802.1ab Media Endpoint Devices type, length, and value descriptions [MED TLV]). The Auto Configuration functionality of ADAC applies the configuration to the port.
Configurable using NNCLI, ACG, and Device Manager.

It looks like it will no longer be necessary to maintain the list of MAC prefixes for all Nortel Internet Telephones. If you recall from some of my previous posts I needed to manually update the list of MAC prefixes used by my ERS 5520 switches in order to get many of my i2002/i2004 Internet Telephones to be detected properly. The default list of MAC prefixes usually didn’t cover all the i2002/i2004/i2007/1140e Internet Telephones I had installed throughout my organization. In previous articles we enabled ADAC like so;

5520-48T-PWR (config)# adac voice-vlan 50
5520-48T-PWR (config)# adac op-mode tagged-frames
5520-48T-PWR (config)# adac uplink-port 48
5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:16:ca:00:00:00 high-end 00:16:ca:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:17:65:00:00:00 high-end 00:17:65:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:0a:e4:75:00:00 high-end 00:0a:e4:75:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:14:c2:00:00:00 high-end 00:14:c2:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:69:00:00:00 high-end 00:19:69:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:e1:00:00:00 high-end 00:19:e1:ff:ff:ff
520-48T-PWR (config)# adac enable

I haven’t actually tested this myself yet but supposedly if LLDP detects an Internet Telephone it will pass that information to ADAC without the need of evaluating the device’s MAC address.

The 5.1 release also now supports the 1000Base-BX SFP;

BX SFP support
Many customers have high density gigabit requirements, but lack the fiber density to deploy. BX SFPs helps alleviate this issue by allowing a single strand of fiber to facilitate communication.
Nortel introduces support for 1000BaseBX10 module with release 5.1. The modules are single fiber, bidirectional SFP transceivers. Two types of modules are available:
• 1310nm (BX10-U) transceiver
• 1490nm (BX10-D) transceiver
The 1000BaseBX10-D device is always connected to a 1000BaseBX10-U device with a single strand of standard single-mode fiber. The operating transmission range is up to 10 km. The fiber uses a GBIC LC connector on each end.
If the 1000BaseBX10-U is not connected to the 1000BaseBX10-D device, the signals are not received properly and the Link LED does not illuminate. You can configure BX SFP Support through the NNCLI, ACG, or Device Manager.

The 1000BASE-BX bidirectional SFPs provide Gigabit Ethernet connectivity over a single fiber.

As shown in the figure, the transmit (Tx) and receive (Rx) paths share the same fiber by using two different wavelengths. One model transmits at 1310 nm and receives at 1490 nm, while the mating model transmits at 1490 nm and receives at 1310 nm. You can only connect a mating pair.

You can use 1000BASE-BX SFPs to double the number of your fiber links. For example, if you have 20 installed fiber pairs with 20 conventional ports connected, you can use 1000BASE-BX SFPs to expand to 40 ports, using the same fiber.

The long wavelength optical transceivers used in these models provide variable distance ranges using single mode fiber optic cabling.

Cheers!

In this post I’m going to outline some of the basic commands you can use to troubleshoot any issues you might have between the ERS5520 and the i2002/i2004 phones.

Q. How can I check the log file?
A. show logging

ERS-5520# show logging
Type Time                    Idx  Src Message
---- ----------------------- ---- --- -------
S    00:00:00:00             1    NVR SNTP: Could not sync to NTP servers.
S    2007-04-05 17:18:08 GMT 2    NVR SNTP: Could not sync to NTP servers.
S    2007-04-05 17:22:07 GMT 3    NVR Audit data initialized - incorrect magic number: 0xffffffff
I    2007-04-19 01:21:03 GMT 4        Web server starts service on port 80.
I    2007-04-19 01:21:19 GMT 5        IGMP: Unknown Multicast Filter disabled
I    2007-04-19 01:21:19 GMT 6        PoE Port Detection Status:  Port 1 Status: Delivering Power
I    2007-04-19 01:21:22 GMT 7        PoE Port Detection Status:  Port 35 Status: Delivering Power
I    2007-04-19 01:21:49 GMT 8        Port 0/47 reenabled by VLACP
I    2007-04-19 01:21:49 GMT 9        Port 0/48 reenabled by VLACP
I    2007-04-19 01:23:05 GMT 10       SNTP: First synchronization successful.
I    2007-04-19 01:23:18 GMT 11       Warm Start Trap
I    2007-04-19 01:23:19 GMT 12       Link Up Trap Port: 1
I    2007-04-19 01:23:20 GMT 13       Trap:  pethPsePortOnOffNotification
I    2007-04-19 01:23:20 GMT 14       Trap:  bsAdacPortConfigNotification for Port: 47, Config: Applied

Q. How can I check the state of a port?
A. show interfaces

ERS-5520# show interfaces 47,48
Status                     Auto                      Flow
Port Trunk Admin   Oper Link LinkTrap Negotiation Speed    Duplex Control
---- ----- ------- ---- ---- -------- ----------- -------- ------ -------
47   1     Enable  Up   Up   Enabled  Enabled     1000Mbps Full   Asymm
48   1     Enable  Up   Up   Enabled  Enabled     1000Mbps Full   Asymm

Q. How can I check the VLACP state of a port?
A. show vlacp interface

ERS-5520# show vlacp interface 47,48
===============================================================================
VLACP Information
===============================================================================
PORT ADMIN   OPER    HAVE    FAST  SLOW  TIMEOUT TIMEOUT ETH  MAC
ENABLED ENABLED PARTNER TIME  TIME  TYPE    SCALE   TYPE ADDRESS
-------------------------------------------------------------------------------
0/47  true    true    yes    500   30000 short   3       8103 01:80:c2:00:11:00
0/48  true    true    yes    500   30000 short   3       8103 01:80:c2:00:11:00

Q. How can I check what FDB entries have been learned on a specific port?
A. show mac-address-table port

ERS-5520# show mac-address-table port 47
Mac Address Table Aging Time: 300
Number of addresses: 9

MAC Address      Source          MAC Address      Source
-----------------  --------      -----------------  --------
00-00-5E-00-01-01  Trunk: 1      00-15-40-45-68-00  Trunk: 1
00-17-D1-57-30-00  Trunk: 1      00-17-D1-57-30-10  Trunk: 1
00-17-D1-57-32-03  Trunk: 1      00-18-B0-CC-F0-00  Trunk: 1
00-18-B0-CC-F0-10  Trunk: 1      00-18-B0-CC-F2-01  Trunk: 1
00-1B-25-4C-74-00  Trunk: 1

Q. How can I check the FDB table for a specific MAC address?
A. show mac-address-table address

ERS-5520# show mac-address-table address 00:18:b0:cc:f0:10
Mac Address Table Aging Time: 300
Number of addresses: 1

MAC Address      Source          MAC Address      Source
-----------------  --------      -----------------  --------
00-18-B0-CC-F0-10  Trunk: 1

Q. How can I check to see if ADAC has been configured/enabled?
A. show adac

ERS-5520# show adac
ADAC Global Configuration
---------------------------------------
ADAC:  Enabled
Operating Mode:  Tagged Frames
Traps Control Status:  Enabled
Voice-VLAN ID:  12
Call Server Port:  None
Uplink Port:  48

Q. How can I check to see if ADAC has been applied to a specific port?
A. show adac interface

ERS-5520# show adac interface 20
Port  Auto-Detection  Auto-Configuration
----  --------------  ------------------
20       Enabled            Applied

Q. How can I check to see the LLDP information with a specific port?
A. show lldp port neighbor detail

ERS-5520# show lldp port 20 neighbor detail
-------------------------------------------------------------------------------
 lldp neighbor
-------------------------------------------------------------------------------
 Port: 20    Index: 5                  Time: 8 days, 13:47:49
 ChassisId: Network address    ipV4  192.168.100.101
 PortId:    MAC address        00:17:65:ff:e0:fc
 SysCap:    TB / TB            (Supported/Enabled)
 PortDesc:  Nortel IP Phone
 SysDescr:  Nortel IP Telephone 2002, Firmware:0604DAS

 PVID: 0                              PPVID Supported: not supported(0)
 VLAN Name List: none                 PPVID Enabled: none

 Dot3-MAC/PHY Auto-neg: supported/enabled       OperMAUtype:  100BaseTXFD
 PSE MDI power:         not supported/disabled  Port class:   PD
 PSE power pair:        signal/not controllable Power class:  2
 LinkAggr: not aggregatable/not aggregated      AggrPortID:   0
 MaxFrameSize: 1522
 PMD auto-neg:          10Base(T, TFD), 100Base(TX, TXFD)

 MED-Capabilities: CNLDI / CNDI       (Supported/Current)
 MED-Device type:  Endpoint Class 3
 MED-Application Type: Voice                    VLAN ID: 12
 L2 Priority: 6         DSCP Value: 46          Tagged Vlan, Policy defined
 Med-Power Type: PD Device            Power Source: Unknown
 Power Priority: High                 Power Value:    5.4 Watt
 HWRev:                               FWRev: 0604DAS
 SWRev:                               SerialNumber:
 ManufName: Nortel-01                 ModelName: IP Phone 2002
 AssetID:
-------------------------------------------------------------------------------
Port: 20    Index: 6                  Time: 8 days, 13:48:20
 ChassisId: Network address    ipV4  10.119.241.50
 PortId:    MAC address        00:17:65:ff:e0:fc
 SysCap:    TB / TB            (Supported/Enabled)
 PortDesc:  Nortel IP Phone
 SysDescr:  Nortel IP Telephone 2002, Firmware:0604DAS

 PVID: 0                              PPVID Supported: not supported(0)
 VLAN Name List: 12                   PPVID Enabled: none

 Dot3-MAC/PHY Auto-neg: supported/enabled       OperMAUtype:  100BaseTXFD
 PSE MDI power:         not supported/disabled  Port class:   PD
 PSE power pair:        signal/not controllable Power class:  2
 LinkAggr: not aggregatable/not aggregated      AggrPortID:   0
 MaxFrameSize: 1522
 PMD auto-neg:          10Base(T, TFD), 100Base(TX, TXFD)

 MED-Capabilities: CNLDI / CNDI       (Supported/Current)
 MED-Device type:  Endpoint Class 3
 MED-Application Type: Voice                    VLAN ID: 12
 L2 Priority: 6         DSCP Value: 46          Tagged Vlan, Policy defined
 Med-Power Type: PD Device            Power Source: Unknown
 Power Priority: High                 Power Value:    5.4 Watt
 HWRev:                               FWRev: 0604DAS
 SWRev:                               SerialNumber:
 ManufName: Nortel-01                 ModelName: IP Phone 2002
 AssetID:
-------------------------------------------------------------------------------
Sys capability: O-Other; R-Repeater; B-Bridge; W-WLAN accesspoint; r-Router;
T-Telephone; D-DOCSIS cable device; S-Station only.
Med Capabilities-C: N-Network Policy; L-Location Identification; I-Inventory;
S-Extended Power via MDI - PSE; D-Extended Power via MDI - PD.

Those are some of the commands that you might have to execute if you needed to perform troubleshooting between an ERS5520 and a i2002/i2004 phone.

Your DHCP server logs will be your friend during your troubleshooting. If you don’t see the phone making a DHCP request (or a request in the proper VLAN) then you should check that ADAC was applied to the switch port. ADAC is the component that will automatically add the switch port (the switch port the phone is connected to) into the Voice VLAN. If ADAC is not applied (or enabled) on the port then you’ll be able to see that the switch port in question is only a member of the Data VLAN. You need to remember that ADAC works on MAC address ranges. You need to check that the MAC address of your phone is in the ADAC MAC address table.

5520-48T-PWR# show adac mac-range-table
Lowest MAC Address          Highest MAC Address
------------------------    -------------------------
00-0A-E4-01-10-20            00-0A-E4-01-23-A7
00-0A-E4-01-70-EC            00-0A-E4-01-84-73
00-0A-E4-01-A1-C8            00-0A-E4-01-AD-7F
00-0A-E4-01-DA-4E            00-0A-E4-01-ED-D5
00-0A-E4-02-1E-D4            00-0A-E4-02-32-5B
00-0A-E4-02-5D-22            00-0A-E4-02-70-A9
00-0A-E4-02-D8-AE            00-0A-E4-02-FF-BD
00-0A-E4-03-87-E4            00-0A-E4-03-89-0F
00-0A-E4-03-90-E0            00-0A-E4-03-B7-EF
00-0A-E4-04-1A-56            00-0A-E4-04-41-65
00-0A-E4-04-80-E8            00-0A-E4-04-A7-F7
00-0A-E4-04-D2-FC            00-0A-E4-05-48-2B
00-0A-E4-05-B7-DF            00-0A-E4-06-05-FE
00-0A-E4-06-55-EC            00-0A-E4-07-19-3B
00-0A-E4-08-0A-02            00-0A-E4-08-7F-31
00-0A-E4-08-B2-89            00-0A-E4-09-75-D8
00-0A-E4-09-BB-9D            00-0A-E4-09-CF-24
00-0A-E4-09-FC-2B            00-0A-E4-0A-71-5A
00-0A-E4-0A-9D-DA            00-0A-E4-0B-61-29
00-0A-E4-0B-BB-FC            00-0A-E4-0B-BC-0F
00-0A-E4-0B-D9-BE            00-0A-E4-0C-9D-0D

Total Ranges: 21

If the MAC address of your i2002/i2004 phone does not match any of the MAC address ranges in the switch you’ll need to add a range to include those MAC addresses. If the MAC address of your i2002 phone was 00:18:b0:11:22:33 you could use the following commands;

5520-48T-PWR> enable
5520-48T-PWR# config terminal
5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff

You might think you could configure a port mirror and run a quick packet capture to understand what’s going on… unfortunately you cannot configure any port with port mirroring that has ADAC enabled.

Thats all for now.

The last step is the DHCP server so stay tuned.

Update: February 7, 2009
It was time to update this article with some additional information and settings that I’m now using in all my switch deployments. The big change is the updated ADAC MAC address table. Please also note the VLACP time-out scale change and I’ve updated the year field for the Daylight Saving Time change.

Update: August 13, 2008
This was one of the first articles I wrote back in October 2007 and it is by far the most popular article out of all 110 articles that I currently have published. With that said I decided to come back and spruce up this post with some additional “tweaks” that I’ve added over the past 10 months. I’m also going to attack a link to a text file so folks can just download the file of commands, tweak the specific individual settings such as IP address and VLAN information, and then cut and paste into the CLI interface of the Nortel Ethernet Routing Switch 5520. It will hopefully save folks from having to cut and paste each section.

Note: just a quick warning about cutting and pasting into the CLI interface, I’ve often found that the buffer will overflow if I try to paste an entire configuration at once. I usually need to break it into at least two or three sections and cut and paste those section one at a time.

In this post I’ll try to outline how you can configure the Nortel Ethernet Routing Switch 5520 in a VoIP environment using Nortel i2002/i2004 Internet Telephones (this procedure will also work the same with the i2007/1120E/1140E phones).

You’ll obviously need a ERS 5520 switch and you’ll need SW 5.0.6.22 or later and FW 5.0.0.3 or later (there are known issues with earlier software versions that create inconsistent results using LLDP with the i2002/i2004 phones). I would strongly advise that you start with a default configuration. From the CLI issue the following commands to reset the switch to factory defaults;

5520-48T-PWR> enable
5520-48T-PWR# boot default

The switch should reboot with a default configuration. Let’s proceed with the configuration;

5520-48T-PWR> enable
5520-48T-PWR# configure terminal

Let’s set the local read-only and read-write passwords;

5520-48T-PWR (config)#cli password read-only readpass
5520-48T-PWR (config)#cli password read-write writepass
5520-48T-PWR (config)#cli password serial local
5520-48T-PWR (config)#cli password telnet local

Let’s disable the user interface button (UI button);

5520-48T-PWR (config)# no ui-button enable

Enable AUTOPVID;

5520-48T-PWR (config)# vlan configcontrol autopvid

We’ll be up linking this switch using a MultiLink trunk on ports 47 and 48 so we’ll enable tagging on the fiber uplinks;

5520-48T-PWR (config)# vlan ports 47,48 tagging enable

Let’s create the data VLAN (VID 100) and management VLAN (VID 200) on the switch;

5520-48T-PWR (config)# vlan members remove 1 ALL
5520-48T-PWR (config)# vlan create 200 name "10-1-200-0/24" type port
5520-48T-PWR (config)# vlan members add 200 47,48
5520-48T-PWR (config)# vlan create 100 name "10-1-100-0/24" type port
5520-48T-PWR (config)# vlan members add 100 1-48
5520-48T-PWR (config)# vlan port 1-46 pvid 100
5520-48T-PWR (config)# vlan port 47,48 pvid 200

Let’s make VLAN 200 the management VLAN and assign the IP address;

5520-48T-PWR (config)# vlan mgmt 200
5520-48T-PWR (config)# ip address switch 10.1.200.10 netmask 255.255.255.0 default-gateway 10.1.200.1

Let’s setup Simple Network Management Protocol (SNMP);

5520-48T-PWR (config)# snmp-server authentication-trap disable
5520-48T-PWR (config)# snmp-server community  ro
5520-48T-PWR (config)# snmp-server community  rw
5520-48T-PWR (config)# snmp-server host

Let’s configure the logging so it will overwrite the oldest events;

5520-48T-PWR (config)# logging volatile overwrite
5520-48T-PWR (config)# logging enable

Let’s setup Simple Network Time Protocol (SNTP);

5520-48T-PWR (config)# sntp server primary address
5520-48T-PWR (config)# sntp server secondary address
5520-48T-PWR (config)# sntp enable

Depending on the version of switch software your running you may be able to configure Daylight Saving Time;

5520-48T-PWR (config)#clock time-zone EST -5
5520-48T-PWR (config)#clock summer-time EDT date 9 Mar 2009 2:00 2 Nov 2009 2:00 +60

Let’s setup the MultiLink trunk that will connect the switch back to the backbone;

5520-48T-PWR (config)# mlt 1 disable
5520-48T-PWR (config)# mlt 1 name "MLT-8600"
5520-48T-PWR (config)# mlt 1 learning disable
5520-48T-PWR (config)# mlt 1 member 47,48
5520-48T-PWR (config)# mlt 1 enable

Let’s setup ADAC (Automatic Detection and Automatic Configuration) for our i2002/i2004 phones. We’ll using VLAN 50 as our voice VLAN and we’ll use port 48 as our uplink (the switch will add 47 automatically because of the MLT configuration). There is a new command to clear the ADAC MAC address table that may be missing from earlier versions, “no adac mac-range-table”. I’ve also updated the list of entries that I use.

5520-48T-PWR (config)# adac voice-vlan 50
5520-48T-PWR (config)# adac op-mode tagged-frames
5520-48T-PWR (config)# adac uplink-port 48
5520-48T-PWR (config)# no adac mac-range-table
5520-48T-PWR (config)# adac mac-range-table low-end 00:0a:e4:75:00:00 high-end 00:0a:e4:75:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:13:65:00:00:00 high-end 00:13:65:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:14:c2:00:00:00 high-end 00:14:c2:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:16:ca:00:00:00 high-end 00:16:ca:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:17:65:00:00:00 high-end 00:17:65:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:69:00:00:00 high-end 00:19:69:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:e1:00:00:00 high-end 00:19:e1:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:1b:ba:00:00:00 high-end 00:1b:ba:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:1e:ca:00:00:00 high-end 00:1e:ca:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:22:67:00:00:00 high-end 00:22:67:ff:ff:ff
5520-48T-PWR (config)# adac enable

We need to strip the 802.1q tag from any packets in the PVID VLAN from going to the phone. In this design we’re expecting to connect IP phones to ports 1 – 46.

5520-48T-PWR (config)# vlan port 1-46 tagging untagpvidOnly

Let’s configure LLDP for the ports we expect to connect IP phones (1 – 46);

5520-48T-PWR (config)# interface fastEthernet 1-46
5520-48T-PWR (config-if)# vlan ports 1-46 filter-unregistered-frames disable
5520-48T-PWR (config-if)# lldp tx-tlv port-desc sys-cap sys-desc sys-name
5520-48T-PWR (config-if)# lldp status txAndRx config-notification
5520-48T-PWR (config-if)# lldp tx-tlv med extendedPSE med-capabilities network-policy
5520-48T-PWR (config-if)# poe poe-priority high
5520-48T-PWR (config-if)# spanning-tree learning fast
5520-48T-PWR (config-if)# adac enable
5520-48T-PWR (config-if)# exit

The option in RED above was added after an issue was discovered when trying to upgrade the firmware on the IP phones. The filter-unregistered-frames is enabled by default and should be disabled to avoid and issues with upgrading the firmware on the IP phones. We are attempting to investigate further with Nortel and our voice vendor Shared Technologies.

Let’s disable the two remaining ports that share the GBIC interfaces incase we need those in the future;

5520-48T-PWR (config)# interface fastEthernet 45-46
5520-48T-PWR (config-if)# shutdown
5520-48T-PWR (config-if)# exit

Let’s setup a QoS interface group to trust all traffic that will ingress on the fiber uplinks. By default the ERS 5520 switch will strip all QoS tags on all ports. Thankfully ADAC will take care of the QoS settings for all VoIP traffic.

5520-48T-PWR (config)# qos if-group name allUpLinks class trusted
5520-48T-PWR (config)# interface fastEthernet 47,48
5520-48T-PWR (config)# qos if-assign port 47,48 name allUpLinks
5520-48T-PWR (config)# exit

Let’s set the SNMP information;

5520-48T-PWR (config)# snmp-server name "sw-icr1-1east.sub.domain.org"
5520-48T-PWR (config)# snmp-server location "Acme Internet Phone Company (ICR1)"
5520-48T-PWR (config)# snmp-server contact "Network Infrastructure Team"

Let’s enable rate limiting for all broadcast and multicast traffic to 10% of the link;

5520-48T-PWR (config)# interface fastEthernet ALL
5520-48T-PWR (config-if)# rate-limit both 5
5520-48T-PWR (config-if)# exit

Let’s setup VLACP (Virtual Link Aggregation Protocol) on the uplinks to the core;

5520-48T-PWR (config)# interface fastEthernet 47,48
5520-48T-PWR (config-if)# vlacp port 47,48 timeout short
5520-48T-PWR (config-if)# vlacp port 47,48 timeout-scale 5
5520-48T-PWR (config-if)# vlacp port 47,48 enable
5520-48T-PWR (config-if)# exit
5520-48T-PWR (config)# vlacp enable

That’s it your done! Well hopefully your done.

In my next post I’ll tell you what DHCP options you’ll need to configure on your DHCP server in order for the phones to boot properly and connect to the Nortel Call Server.

Cheers!