Michael McNamara

technology, networking, virtualization and IP telephony

Avaya Ethernet Routing Switch 4800 Series – Configuration Template

by

Avaya4824GTS-PWRThis is a follow-up post to my wildly popular article entitled, Nortel ERS 5520 PwR Switch which I posted back in October 2007 providing a working configuration for an Avaya Ethernet Routing Switch 5520 for IP telephony deployments.

Here’s the configuration template that I’m currently using today for the Avaya Ethernet Routing Switch 5500, 4800 and 4500 series switches. This is essentially a best practices configuration for a typical closet/edge switch (Layer 2) with ADAC/LLDP-MED for completely automated, zero-touch IP telephony deployments.

With the firmware that currently ships with the Avaya 1100 and 1200 series IP phones you only need to unbox the phone and connect it to the network. You’ll also need to make sure that you have your provisioning files setup properly but you can easily attain a zero-touch configuration for greenfield deployments.

Please note there are a some options in this post which are only available in the later software releases for each switch model. These commands were tested on an Avaya Ethernet Routing Switch 4850GT-PWR+ running 5.6.2 software.

We need to be in privileged mode before we can enter configuration mode;

enable
configure terminal

Let’s start by setting the read-only and read-write passwords (the default usernames are RO=read-only and RW=read-write)

cli password read-only ropassword
cli password read-write rwpassword
cli password serial local
cli password telnet local

If you don’t care to see the banner when connecting via telnet then disable it;

banner disable

If you are working with an Avaya Ethernet Routing Switch 5000 series switch let’s disable the UI button on the outside of the switch. This feature is only available on the ERS 5000 series switches so this command won’t work with the ERS 4000 series switches.

no ui-button enable

Let’s set VLAN control to autopvid, this will instruct the switch to change the PVID to the VLAN assigned to the port for access (UntagAll) ports.

vlan configcontrol autopvid

If we have 2 or more switches in a stack configuration we’ll utilizing ports on both switches for our uplinks, 1/48 and 2/48. If we only had a single switch and not a stack of switches we would use 47 and 48. We need to enable 802.1Q trunking (TagAll) and filter (drop) and untagged frames that might accidentally be sent across the port.

vlan ports 1/48,2/48 tagging enable
vlan ports 1/48,2/48 filter-untagged-frame enable

As a best practice you should never use VLAN 1, too many reasons to list here. By default ever port is a member of VLAN 1 so let’s remove VLAN 1 from all ports;

vlan members remove 1 ALL

Let’s create a management VLAN and add that VLAN to our 802.1Q uplinks;

vlan create 200 name "10-107-255-0/24" type port
vlan members add 200 1/48,2/48

Let’s create a (default) closet VLAN and add that VLAN to all the ports in the stack;

vlan create 10 name "ICR1_1stFloor" type port 
vlan members add 10 1/ALL,2/ALL

Let’s create a voice VLAN which we’ll using in our ADAC and LLDP-MED configurations and we’ll add that VLAN to our uplinks;

vlan create 11 name "Voice" type port voice-vlan
vlan members add 11 1/48,2/48

[Read more…]

untagAll vs tagAll on Avaya Ethernet Routing Switches

by

This is probably the most often referred to topic both on the forums and here on my blog. After finding it in the top 10 keyword searches to my blog this morning I decided to try and write up a new post that would conclusively answer the question with respect to Avaya (formerly Nortel) Ethernet Routing Switches.

Definitions

Now before I get started lets define some basic terms;

  • Access port is defined as a port belonging to a single VLAN
  • Trunk port as defined in Wikipedia is a port designed to carry multiple VLANs through a single network link through the use of a “trunking protocol”. To allow for multiple VLANs on one link, frames from individual VLANs must be identified. The most common and preferred method, IEEE 802.1Q adds a tag to the Ethernet frame header, labeling it as belonging to a certain VLAN. Since 802.1Q is an open standard, it is the only option in an environment with multiple-vendor equipment.

So by it’s definition an access port can only belong to one VLAN while a trunk port can belong to multiple VLANs.

It’s important to distinguish that we’re talking about single ports. A trunk group or trunk port group is made up of multiple ports which are combined into a single virtual port. Protocols such as MultiLink Trunking (Avaya), EtherChannel (Cisco) and LACP provide the ability to combine multiple trunk ports into a single virtual interface providing redundancy and additional bandwidth.

Basic Examples

In general the majority of edge switch ports will be configured as access ports. Any port used to connect a personal computer, laptop, server, printer, etc will be configured as an access port. Any port that connects to another switch will be configured as a trunk port.

Complex Examples

With the advent of virtualization VMware servers are often configured and connected to trunk ports. Where as servers would have traditionally been connected to access ports they can also be connected to trunk ports depending on their configurations. The advent of Voice Over IP (VoIP) to the desktop has also had an impact on how edge switches are configured when the desktop or laptop is connected to the IP phone which is in turn connected to the edge switch. I’ll cover that topic in more detail later on.

Avaya Ethernet Routing Switches

Ethernet Routing Switch 2500, 4000, 5000 Series

The Avaya Ethernet Routing Switch 2500, 4000 and 5000 series switches currently offer the following options.

  • tagAll – sets the port as a trunk port tagging all frames with an 802.1Q header as they egress the port.
  • untagAll – sets the port as an access port stripping all 802.1Q headers as they egress the port.
  • tagPvidOnly – sets the port as a trunk port but only adds 802.1Q headers for the PVID VLAN as they egress the port.
  • untagPvidOnly – sets the port as a trunk port but only adds 802.1Q headers for every VLAN other than the PVID VLAN as they egress the port.

What is the PVID? The PVID is the Default VLAN ID configured for that specific port. In a typical configuration where the port is an access (untagAll) port the PVID will be set to that VLAN automatically by the switch. In a trunk port configuration the PVID will be used to determine which VLAN to bridge any received untagged frames to if DiscardUntaggedFrames is not enabled. It’s recommended to enable DiscardUntaggedFrames on any port configured as a trunk (tagAll) port to avoid any potential configuration issues which might lead to a loop and a network outage. It’s also a best practice to configure the PVID on all trunk (tagAll) ports with the VLAN ID of your management VLAN.

Ethernet Routing Switch 1600, 8600, 8800 Series

You’ll notice on the Ethernet Routing Switch 1600, 8600 and 8800 series that the options are slightly different but achieve the same outcome.

  • PerformTagging (Checked) – sets the port as a trunk port tagging all frames with an 802.1Q header as they egress the port.
  • PerformTagging (Unchecked) – sets the port as an access port stripping all 802.1Q headers as they egress the port.

Additional options include DiscardTaggedFrames, DiscardUntaggedFrames and UntagDefaultVlan. These options can be used to achieve the same results as with the Avaya Ethernet Routing Switch 2500, 4000 and 5000 series switches with the exception of tagPvidOnly.

Is the PVID equivalent to the native vlan command in Cisco switches? It is if untagPvidOnly/UntagDefaultVlan is enabled. The PVID (DefaultVlanId) by itself only acts on untagged received frames. The untagPvidOnly/UntagDefaultVlan option acts on transmitted frames and so the combination of the two equates to the “switchport trunk native vlan #” on a Cisco switch.

It’s also important to point out that Avaya only supports 802.1Q tagging. So while Cisco supports ISL and 802.1Q there is no Avaya command similar to “switchport trunk encapsulation dot1q” since this is the default behavior with Avaya switches.

IP Telephony

There are some special considerations when desktops and laptops are physically connected to the PC port on back of an IP phone and then the IP phone is cabled to the edge switch.  In this scenario the common approach is to tag the voice VLAN while leaving the data VLAN untagged. Why? It’s important that we separate the voice traffic from the data traffic so we utilize two different VLANs, one VLAN will carry the voice traffic while one VLAN will carry the data traffic destined to the desktop or laptop. The desktop or laptop probably won’t be configured for 802.1Q tagging so it won’t understand an 802.1Q tagged frame. We need to guarantee that any frames being delivered to the PC port on the back of the IP phone are untagged, if they aren’t the laptop or desktop will just discard the frame. The IP phone will tag the voice frames with an 802.1Q header so the switch will properly bridge those frames to the voice VLAN. In this scenario we need to utilize the untagPvidOnly option in combination with configuring the PVID (DefaultVlanId) as the data VLAN. This way the voice VLAN will be tagged with an 802.1Q header so the phone understands it and the data VLAN will be untagged so the desktop or laptop understands it. The IP phone will be configured with the Voice VLAN ID so it knows which ID to use when communicating with the Call Server and Media Gateways.

Cheers!

Ethernet Routing Switch 4000 Software Release v5.6

by

Avaya has released software 5.6 for the Ethernet Routing Switch 4000 series switch. In combination with this software release Avaya is releasing six new switch models;

  • Avaya Ethernet Routing Switch 4550T-PWR+
  • Avaya Ethernet Routing Switch 4526T-PWR+
  • Avaya Ethernet Routing Switch 4850GTS
  • Avaya Ethernet Routing Switch 4850GTS-PWR+
  • Avaya Ethernet Routing Switch 4826GTS
  • Avaya Ethernet Routing Switch 4826GTS-PWR+

Release 5.6 also introduces one new removable power supply for the Avaya Ethernet Routing Switch 4000 Series — the ERS4x00 PoE+ PSU, a stackable 1000W AC Power over Ethernet plus power supply unit. The PoE+ models include a 1000w power supply that enables full support for 48 ports when all ports are operating at class 3 802.3af PoE. On the six new hardware variants, the switch CPU speed is 533 MHz, and the FLASH is larger to allow for large images, backup images, and configurations. The standard ADS console port (DTE) on all new products is an RJ-45 Female Connector: (8 pin RJ45).

There have been a number of added features including the following;

  • Cisco CLI Phase 1
  • Disable MAC Learning
  • Equal Cost MultiPath (ECMP)
  • Internet Group Management Protocol (IGMP) Querier
  • Internet Group Management Protocol (IGMP) version 3 Snooping and Proxy
  • IP Phone automatic PoE changes
  • Layer 3 Brouter Port
  • Many to Many Port Mirroring
  • MLT/DMLT/LAG Dynamic VLAN changes
  • Network Time Protocol (NTP)
  • Ping Source Address
  • Secure File Transfer Protocol (SFTP)
  • SFP Plus
  • Show Flash command
  • SSH Client
  • SSH RSA Authentication
  • Stack Health Monitoring and Recovery
  • Static FDB MAC Entry
  • Terminal Mode Permanent Setting
  • VLAN Scaling
  • Voice VLAN Integration

The resolved issues section of the release notes is mysteriously empty including this note, “This section will be updated on or before December 22, 2011.”

As always I suggest you review the release notes for yourself.

Cheers!

Avaya Ethernet Routing Switches and non-ADAC VLANs

by

I recently stumbled across this little tidbit and thought I would share it with everyone here.

Up until recently if you wanted to change the default VLAN (the data VLAN for the IP phones) on a port that had ADAC enabled you had to first disable ADAC, change the VLAN assignment of the port and then re-enable ADAC. This was problematic for two major reasons; 1) disabling ADAC would remove the port from the voice VLAN and would interrupt the connectivity to the IP phone causing an outage, 2) if your network administrator forgot to disable ADAC before making the VLAN change the switch would eventually restore the port to it’s originally configured VLAN (usually on reboot of the switch) which would ultimately leave the end device in the wrong VLAN and unable to communicate.

I blogged about the problem back in 2008 here and here and there were many of you that found out the hard way that neither Java Device Manager nor the CLI would warn you before making any VLAN changes on a port which had ADAC enabled. It’s now 2011 and while I definitely have more grey hair (I guess I should be happy I still have hair) it seems that Avaya has finally gotten around to resolving this issue. It seems Avaya also took the opportunity to eliminate two birds with one stone with the ability to now define multiple uplinks/downlinks in ADAC. In the past you could only define a single uplink which would be problematic if you intended to use the switch as a distribution switch to feed other switches downstream. There was no way to provision the voice VLAN on the downlinks because ADAC would remove any manually added ports from the voice VLAN.

The Autodetection and Autoconfiguration ( ADAC) Enhancements provide increased flexibility in deployments that use ADAC as follows:

  • expanded support for up to 8 ADAC uplinks and 8 call-server links – individual ports or any combination of MLT, DMLT or LAG – per switch or stack
  • the ability to change the non-ADAC VLANs on a port without disabling ADAC

Here’s what the ADAC settings look like within Enterprise Device Manager.

Ethernet Routing Switch 4500 – ADAC via EDM

Here are the platforms that support the new feature and the minimum software releases you need to be at.

I must admit upfront that I have not yet tested this new feature… although both changes highlighted above are very very welcome to me as a user. I can’t tell you how many issues we had with network administrators or engineers forgetting to check the status of ADAC and having all sorts of issues after a reboot (or more often an extended power failure – which led to a… yes reboot).

Has anyone else had the opportunity to test this out?

Cheers!

Ethernet Routing Switch 4500 Software Release v5.5

by

Ethernet Routing Swtich 4500Avaya has released software 5.5 for the Ethernet Routing Switch 4500 series switch.

  • 802.1AB customization
  • 802.1AB integration
  • 802.1X non-EAP Accounting
  • 802.1X non-EAP re-authentication
  • 802.1AB new default parameters
  • AUR enhancement
  • DHCP Snooping External Save
  • EAP Fail Open with multi-VLAN
  • Layer 3 Virtual Router Redundancy Protocol
  • RADIUS EAP or non-EAP requests from different servers
  • SLPP Guard
  • SNMP Trap enhancements
  • STP BPDU filtering ignore-self
  • Unified Authentication
  • VLACP enhancements
  • Enterprise Device Manager enhancements
  • Web server client browser requests

The known issues and resolved issues are mysteriously blank although there is a note there that indicates those sections will be updated on May 20, 2011.

Please refer to the release notes for all the specific details and tidbits.

It appears that Avaya is trying to address the performance issues with EDM that many of us have documented;

Enterprise Device Manager enhancements

In Release 5.5 Enterprise Device Manager (EDM) is enhanced with improved data retrieval and request handling for significantly faster GUI response. In the navigation tree the IP Routing folder is renamed IP and the paths in related procedures have been updated. The Switch Summary tab contents have been enhanced to include basic switch information and stack information. A toolbar has been added above the EDM navigation tree. The 5 buttons in the toolbar add the following functions:

  • Switch Summary — you can use the Switch Summary toolbar button to open or reopen the switch summary tab.
  • Refresh Status — in addition to the existing refresh methods you can use the Refresh Status toolbar button to refresh the device status.
  • Edit Selected — in addition to the existing edit methods, and depending on which object you select on the Device Physical View, you can use this toolbar button to open Edit > Chassis, Edit > Unit, or Edit > Ports tabs. If you do not select an object from the Device Physical View and you click the Edit Select toolbar button, the Edit > Chassis tab opens.
  • Graph Selected — depending on which object you select on the Device Physical View, you can use this toolbar button to open Graph > Chassis or Graph > Port tabs. If you do not make a selection on the Device Physical View, or if you select Unit, the Graph > Chassis tab opens.
  • Help Setup Guide — this button connects you to the help setup guide for embedded EDM and it replaces the link that appeared on the top right of work panes.

Cheers!

 

Recent Posts

Categories

SUBSCRIBE BY EMAIL