Michael McNamara

802.1Q VLAN Tagging on a Cisco Catalyst 3750-E

Michael McNamara — Sat, 29 Jan 2011 18:29:16 +0000

In the two previous posts I covered how to create multiple VLANs, trunk those VLANs between multiple stackable Avaya Ethernet Routing Switches utilizing Multi-Link Trunking and how to create Layer 3 IP interfaces to be used for routing IP packets between those VLANs.

In this post I thought I would expand the network topology of my previous two posts to include a Cisco Catalyst 3750-E. I’ll specifically cover how to trunk (bridge) multiple VLANs between a stackable Avaya Ethernet Routing Switch and the Cisco Catalyst 3750-E and how to configure multiple interfaces in a Link Aggregation Group (LAG) utilizing LACP similar to Avaya’s proprietary MLT feature.

Avaya Ethernet Routing Switch 4548

enable
config t

Let’s start by making ports 45 and 46 trunk ports which will utilize 802.1Q tagging;

vlan ports 45,46 tagging tagAll

Let’s add the VLANs we wish to bridge across the trunk ports;

vlan members add 1 45,46
vlan members add 100 45,46
vlan members add 200 45,46

Now we’ll enable LACP on ports 45 and 46 using the same LACP key which will automatically create the LAG;

interface fastEthernet 45
lacp key 10
lacp mode active
lacp timeout-time short
lacp aggregation enable
exit

interface fastEthernet 46
lacp key 10
lacp mode active
lacp timeout-time short
lacp aggregation enable
exit

Avaya Ethernet Routing Switch 4548 – Show Commands

4548GT-PWR#show lacp port 45,46
Admin Oper         Trunk Partner
Port Priority Lacp    A/I Timeout Key   Key   AggrId Id    Port    Status
---- -------- ------- --- ------- ----- ----- ------ ----- ------- ------
45   32768    Active  A   Short   10    12298 8224   32    302     Active
46   32768    Active  A   Short   10    12298 8224   32    303     Active

4548GT-PWR#show mac-address-table
Mac Address Table Aging Time: 300
Number of addresses: 26

   MAC Address    Vid  Source         MAC Address    Vid  Source
----------------- ---- -------     ----------------- ---- -------
00-02-B3-CB-77-A2    1 Port:19     00-04-61-9E-46-7E    1 Port:21
00-0C-29-64-33-F9    1 Port:19     00-0C-29-A5-CB-54    1 Port:19
00-0F-20-95-38-D5    1 Port:11     00-18-01-EA-F4-45    1 Port: 1
00-1C-11-6B-DC-6B    1 Port: 1     00-1C-11-6D-15-27    1 Port: 1
00-1C-11-6D-15-DC    1 Port: 1     00-1E-7E-7C-2C-00    1
00-1E-7E-7C-2C-40    1             00-1F-0A-CE-BC-01    1 Trunk:1
00-1F-0A-CE-BC-40    1 Trunk:1     00-1F-D0-D0-BE-2D    1 Port:17
00-23-EE-96-AA-21    1 Port: 1     00-24-B5-F6-94-02    1 Trunk:1
00-64-40-CF-4D-AD    1 Trunk:32    00-64-40-CF-4D-AE    1 Trunk:32
00-64-40-CF-4D-C0    1 Trunk:32    00-0A-E4-76-9C-C8    2 Port:44
00-24-DC-DF-0D-08    2 Port:43     00-A0-F8-5E-CE-BC    2 Port:39
00-1F-0A-CE-BC-41  100 Trunk:1     00-24-7F-99-84-70  100 Port:25
00-64-40-CF-4D-AD  100 Trunk:32    00-1E-CA-F3-1D-B4  200 Port:26
00-1F-0A-CE-BC-43  200 Trunk:1     00-64-40-CF-4D-AD  200 Trunk:32

4548GT-PWR#show mlt
Id Name             Members                Bpdu   Mode           Status  Type
-- ---------------- ---------------------- ------ -------------- ------- ------
1  MLT_to_ERS5520   47-48                  All    Basic          Enabled Trunk
2  Trunk #2         NONE                   All    Basic          Disabled
3  Trunk #3         NONE                   All    Basic          Disabled
4  Trunk #4         NONE                   All    Basic          Disabled
5  Trunk #5         NONE                   All    Basic          Disabled
6  Trunk #6         NONE                   All    Basic          Disabled
7  Trunk #7         NONE                   All    Basic          Disabled
8  Trunk #8         NONE                   All    Basic          Disabled
9  Trunk #9         NONE                   All    Basic          Disabled
10 Trunk #10        NONE                   All    Basic          Disabled
11 Trunk #11        NONE                   All    Basic          Disabled
12 Trunk #12        NONE                   All    Basic          Disabled
13 Trunk #13        NONE                   All    Basic          Disabled
14 Trunk #14        NONE                   All    Basic          Disabled
15 Trunk #15        NONE                   All    Basic          Disabled
16 Trunk #16        NONE                   All    Basic          Disabled
17 Trunk #17        NONE                   All    Basic          Disabled
18 Trunk #18        NONE                   All    Basic          Disabled
19 Trunk #19        NONE                   All    Basic          Disabled
20 Trunk #20        NONE                   All    Basic          Disabled
21 Trunk #21        NONE                   All    Basic          Disabled
22 Trunk #22        NONE                   All    Basic          Disabled
23 Trunk #23        NONE                   All    Basic          Disabled
24 Trunk #24        NONE                   All    Basic          Disabled
25 Trunk #25        NONE                   All    Basic          Disabled
26 Trunk #26        NONE                   All    Basic          Disabled
27 Trunk #27        NONE                   All    Basic          Disabled
28 Trunk #28        NONE                   All    Basic          Disabled
29 Trunk #29        NONE                   All    Basic          Disabled
30 Trunk #30        NONE                   All    Basic          Disabled
31 Trunk #31        NONE                   All    Basic          Disabled
32 Trunk #32        45-46                  Single DynLag/Basic   Enabled Trunk

You might be looking at the output above and asking yourself what’s “Trunk 32”? Let me provide some quick background. You can have a total of 32 MLT/LAG trunks on a stackable Avaya Ethernet Routing Switch. When you create LACP trunks the switch automatically creates a LAG in the MLT table dynamically from the bottom up. While in the previous post I created “Trunk 1” by trunking ports 47 and 48 together (see above), in this post I’ve created an LACP trunk on ports 45 and 46 which will be reported it the switch as “Trunk 32”. You can also see it in the MAC/FDB table above.

Cisco Catalyst 3750-E

enable
config t

Let’s give the switch an IP address in VLAN 1 for management;

vlan 1
ip address 192.168.1.25 255.255.255.0
no shut
exit

Let’s create VLAN 100 and VLAN 200 on the switch;

vlan 100
name "192-168-100-0/24"
exit
vlan 200
name "192-168-200-0/24"
exit

Let’s add the appropriate edge ports to each VLAN;

interface range gigabitEthernet 1/0/1-12
switchport access vlan 1
exit
interface range gigabitEthernet 1/0/13-24
switchport access vlan 100
exit
interface range gigabitEthernet 1/0/25-36
switchport access vlan 200
exit

Let’s configure ports 45 and 46 as trunk ports and bond them together in channel-group utilizing LACP;

interface gigabitEthernet 1/0/45
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

interface gigabitEthernet 1/0/46
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

Cisco Catalyst 3750-E – Show Commands

SW-3750-E#show lacp neighbor
Flags:  S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode       P - Device is in Passive mode

Channel group 1 neighbors

Partner's information:

LACP port                        Admin  Oper   Port    Port
Port      Flags   Priority  Dev ID          Age    key    Key    Number  State
Gi1/0/45  FA      32768     001e.7e7c.2c00  16s    0x0    0x300A 0x2D    0x3F
Gi1/0/46  FA      32768     001e.7e7c.2c00  27s    0x0    0x300A 0x2E    0x3F

Switch#show mac address-table
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 All    0100.0ccc.cccc    STATIC      CPU
 All    0100.0ccc.cccd    STATIC      CPU
 All    0180.c200.0000    STATIC      CPU
 All    0180.c200.0001    STATIC      CPU
 All    0180.c200.0002    STATIC      CPU
 All    0180.c200.0003    STATIC      CPU
 All    0180.c200.0004    STATIC      CPU
 All    0180.c200.0005    STATIC      CPU
 All    0180.c200.0006    STATIC      CPU
 All    0180.c200.0007    STATIC      CPU
 All    0180.c200.0008    STATIC      CPU
 All    0180.c200.0009    STATIC      CPU
 All    0180.c200.000a    STATIC      CPU
 All    0180.c200.000b    STATIC      CPU
 All    0180.c200.000c    STATIC      CPU
 All    0180.c200.000d    STATIC      CPU
 All    0180.c200.000e    STATIC      CPU
 All    0180.c200.000f    STATIC      CPU
 All    0180.c200.0010    STATIC      CPU
 All    ffff.ffff.ffff    STATIC      CPU
   1    0004.619e.467e    DYNAMIC     Po1
   1    000c.2964.33f9    DYNAMIC     Po1
   1    000c.29a5.cb54    DYNAMIC     Po1
   1    000f.2095.38d5    DYNAMIC     Po1
   1    0018.01ea.f445    DYNAMIC     Po1
   1    001c.116b.dc6b    DYNAMIC     Po1
   1    001c.116d.1527    DYNAMIC     Po1
   1    001c.116d.15dc    DYNAMIC     Po1
   1    001e.7e7c.2c01    DYNAMIC     Po1
   1    001e.7e7c.2c2d    DYNAMIC     Po1
   1    001e.7e7c.2c2e    DYNAMIC     Po1
   1    001f.d0d0.be2d    DYNAMIC     Po1
   1    0023.ee96.aa21    DYNAMIC     Po1
   1    00a0.f85e.cebd    DYNAMIC     Po1
 100    0024.7f99.84e9    DYNAMIC     Po1
 200    0008.02e4.890a    DYNAMIC     Gi1/0/25
 200    001e.caf3.1db4    DYNAMIC     Po1
Total Mac Addresses for this criterion: 37

You might be asking why didn’t I assign the VLANs to the trunk ports on the Cisco Catalyst 3750-E… well with Cisco switches a trunk port is by default a member of all the VLANs that exist on the switch. So you don’t need to specifically add a VLAN to a trunk port, however, you can override the default behavior by telling the switch to only carry specific VLANs on a specific trunk port – this is called VLAN pruning.

Please feel free to point out any inconsistencies or errors I might have made.

Cheers!

802.1Q VLAN Tagging on an Ethernet Routing Switch

Michael McNamara — Fri, 28 Jan 2011 01:41:05 +0000

In my previous post I laid out the basics of how to configure multiple VLANs and enable IP routing on a stackable Avaya Ethernet Routing Switch. In this post I’m going to expand that topic to include trunking (802.1q) those VLANs to a second Ethernet Routing Switch. In this example I’ll add an Ethernet Routing Switch 4548 to the Ethernet Routing Switch 5520 that I had previously configured and deployed. We’ll create a Multi-Link Trunk between the two switches to bridge multiple VLANs across the 802.1q compliant link. Here’s a diagram of what the network should look like when we’re done;

In order to test I’ll move two of the IP phones to the Ethernet Routing Switch 4548 and I’ll use an old laptop to help verify the bridging.

Ethernet Routing Switch 4548

Let’s start with the Ethernet Routing Switch 4548GT-PWR and add the necessary configuration there first;

enable
config t

We start by creating VLAN 100 and VLAN 200 on the Ethernet Routing Switch 4548;

vlan create 100 name "192-168-100-0/24" type port
vlan members remove 1 25,27,29,31,33,35
vlan members add 100 25,27,29,31,33,35
vlan port 25,27,29,31,33,35 pvid 100

vlan create 200 name "192-168-200-0/24" type port
vlan members remove 1 26,28,30,32,34,36
vlan members add 200 26,28,30,32,34,36
vlan port 26,28,30,32,34,36 pvid 200

I’m not going to create a Layer 3 IP interfaces on these VLANs since the Ethernet Routing Switch 5520 is already routing for us. We just want to bridge the frames between the two switches not route them (not in this post anyway). Now let’s configure the ports that will make up the Mulit-Link Trunk;

vlan port 47,48 tagging TagAll
vlan members add 1 47,48
vlan members add 100 47,48
vlan members add 200 47,48
vlan port 47,48 pvid 1

mlt 1 disable
mlt 1 name "MLT_to_ERS5520"
mlt 1 learning disable
mlt 1 member 47,48
mlt 1 enable

That’s pretty much it. We enabled tagging on the uplink/downlink ports, added the necessary VLANs to the ports and then created and enabled a MLT.

Ethernet Routing Switch 4548 – Show Configuration

That should be the configuration for the Ethernet Routing Switch 4548… let’s just have a quick look at the VLANs;

4548GT-PWR(config)#show vlan
Id  Name                 Type     Protocol         User PID Active IVL/SVL Mgmt
--- -------------------- -------- ---------------- -------- ------ ------- ----
1   VLAN #1              Port     None             0x0000   Yes    IVL     Yes
        Port Members: 1-24,47-48
2   VLAN #2              Port     None             0x0000   Yes    IVL     No
        Port Members: 37-46
100 192-168-100-0/24     Port     None             0x0000   Yes    IVL     No
        Port Members: 25,27,29,31,33,35,47-48
200 192-168-200-0/24     Port     None             0x0000   Yes    IVL     No
        Port Members: 26,28,30,32,34,36,47-48
Total VLANs: 4

Let’s just check the Multi-Link Trunk configuration… if that’s wrong we could end up with a loop in the network;

4548GT-PWR(config)#show mlt 1
Id Name                 Members                Bpdu   Mode           Status
-- -------------------- ---------------------- ------ -------------- -------
1  MLT_to_ERS5520       47-48                  All    Basic          Enabled

You can see from the commands above that the ports are configured with the appropriate VLANs and the MLT is enabled.

Ethernet Routing Switch 5520

Let’s add the necessary configuration to the Ethernet Routing Switch 5520-PWR. I’m not going to repeat all the commands I performed in the yesterday’s post, instead I’ll just build upon the previous configuration adding what we need for the 802.1q trunking and the Multi-Link Trunking;

enable
config t

vlan port 47,48 tagging TagAll
vlan members add 1 47,48
vlan members add 100 47,48
vlan members add 200 47,48
vlan port 47,48 pvid 1

mlt 1 disable
mlt 1 name "MLT_to_ERS4548"
mlt 1 learning disable
mlt 1 member 47,48
mlt 1 enable

Ethernet Routing Switch 5520 – Show Configuration

That should be the configuration for the Ethernet Routing Switch 5520… let’s just have a quick look at the VLANs;

5520-48T-PWR#show vlan
Id  Name                 Type     Protocol         PID      Active IVL/SVL Mgmt
--- -------------------- -------- ---------------- -------- ------ ------- ----
1   test                 Port     None             0x0000   Yes    IVL     Yes
        Port Members: 1-12,37-48
100 192-168-100-0/24     Port     None             0x0000   Yes    IVL     No
        Port Members: 13-24,47-48
101 10-101-20-0/24       Port     None             0x0000   Yes    IVL     No
        Port Members: 25-36
200 192-168-200-0/24     Port     None             0x0000   Yes    IVL     No
        Port Members: 47-48
Total VLANs: 4

Let’s just check the Multi-Link Trunk configuration… if that’s wrong we could end up with a loop in the network;

5520-48T-PWR#show mlt 1
Id Name             Members                Bpdu   Mode           Status  Type
-- ---------------- ---------------------- ------ -------------- ------- ------
1  MLT_to_ERS4548   47-48                  All    Basic          Enabled Trunk

Since all stackable Avaya Ethernet Routing Switches support Auto-MDIX I can just use two regular CAT5e patch cables to connect the switches together. If the switches didn’t support Auto-MDIX I would need to use two crossover cables between them.

Ethernet Routing Switch 4548 – Operational Status

With link up on ports 47 and 48 I can check the following information. The topology table will show me the physical connections between the two switches. The MAC/FDB table will show me that there are multiple MAC/FDB entries in VLANs 100 and 200 being learned across “Trunk 1”. The LLDP table will show me the Avaya IP phones that I’ve connected to ports 25 and 26.

4548GT-PWR#show autotopology nmm-table
LSlot                                                                     RSlot
LPort IP Addr          Seg ID  MAC Addr     Chassis Type     BT LS   CS   RPort
----- --------------- -------- ------------ ---------------- -- --- ----  -----
0/ 0 192.168.1.25    0x000000 001E7E7C2C01 4548GT-PWR       12 Yes HTBT    NA
1/47 192.168.1.50    0x000130 001F0ACEBC01 5520-48T-PWR     12 Yes HTBT   1/48
1/48 192.168.1.50    0x00012f 001F0ACEBC01 5520-48T-PWR     12 Yes HTBT   1/47

4548GT-PWR#show mac-address-table
Mac Address Table Aging Time: 300
Number of addresses: 20

   MAC Address    Vid  Source         MAC Address    Vid  Source
----------------- ---- -------     ----------------- ---- -------
00-02-B3-CB-77-A2    1 Port:19     00-04-61-9E-46-7E    1 Port:21
00-0C-29-64-33-F9    1 Port:19     00-0C-29-A5-CB-54    1 Port:19
00-18-01-EA-F4-45    1 Port: 1     00-1C-11-6B-DC-6B    1 Port: 1
00-1C-11-6D-15-27    1 Port: 1     00-1C-11-6D-15-DC    1 Port: 1
00-1E-7E-7C-2C-00    1             00-1E-7E-7C-2C-40    1
00-1F-0A-CE-BC-40    1 Trunk:1     00-1F-D0-D0-BE-2D    1 Port:17
00-23-EE-96-AA-21    1 Port: 1     00-24-B5-F6-94-02    1 Trunk:1
00-0A-E4-76-9C-C8    2 Port:45     00-1F-0A-CE-BC-01    2 Trunk:1
00-24-DC-DF-0D-08    2 Port:43     00-A0-F8-5E-CE-BC    2 Port:39
00-1F-0A-CE-BC-41  100 Trunk:1     00-24-7F-99-84-70  100 Port:25
00-24-7F-99-84-E9  100 Trunk:1     00-1E-CA-F3-1D-B4  200 Port:26

4548GT-PWR#show lldp neighbor
-------------------------------------------------------------------------------
                            lldp neighbor
-------------------------------------------------------------------------------
Port: 26    Index: 4                  Time: 13 days, 22:42:31
        ChassisId: Network address    IPv4  192.168.200.5
        PortId:    MAC address        00:1e:ca:f3:1d:b4
        SysCap:    TB / TB            (Supported/Enabled)
        PortDesc:  Avaya IP Phone
        SysDescr:  Avaya IP Telephone 1120E, Firmware:SIP1120e04.00.04.00

-------------------------------------------------------------------------------
Port: 25    Index: 6                  Time: 13 days, 22:43:48
        ChassisId: Network address    IPv4  192.168.100.98
        PortId:    MAC address        00:24:7f:99:84:70
        SysCap:    TB / TB            (Supported/Enabled)
        PortDesc:  Avaya IP Phone
        SysDescr:  Avaya IP Telephone 1220, Firmware:SIP12x004.00.04.00

-------------------------------------------------------------------------------
Sys capability: O-Other; R-Repeater; B-Bridge; W-WLAN accesspoint; r-Router;
T-Telephone; D-DOCSIS cable device; S-Station only.
Total neighbors: 2

Ethernet Routing Switch 5520 – Operational Status

I can check all the same information on the ERS5520.. The topology table will show me the physical connections between the two switches. The MAC/FDB table will show me that there are multiple MAC/FDB entries in VLANs 100 and 200 being learned across “Trunk 1”. The LLDP table will show me the Avaya IP phones that I’ve connected to ports 13 and 25.

5520-48T-PWR#show autotopology nmm-table
LSlot                                                                     RSlot
LPort IP Addr          Seg ID  MAC Addr     Chassis Type     BT LS   CS   RPort
----- --------------- -------- ------------ ---------------- -- --- ----  -----
 0/ 0 192.168.1.50    0x000000 001F0ACEBC01 5520-48T-PWR     12 Yes TPCH    NA
 1/47 192.168.1.25    0x00012f 001E7E7C2C01 4548GT-PWR       12 Yes TPCH   1/47
 1/48 192.168.1.25    0x000130 001E7E7C2C01 4548GT-PWR       12 Yes TPCH   1/48

5520-48T-PWR#show mac-address-table
Mac Address Table Aging Time: 300
Number of addresses: 16

   MAC Address    Vid  Source         MAC Address    Vid  Source
----------------- ---- -------     ----------------- ---- -------
00-02-B3-CB-77-A2    1 Trunk:1     00-04-61-9E-46-7E    1 Trunk:1
00-0C-29-64-33-F9    1 Trunk:1     00-0C-29-A5-CB-54    1 Trunk:1
00-18-01-EA-F4-45    1 Trunk:1     00-1C-11-6B-DC-6B    1 Trunk:1
00-1C-11-6D-15-27    1 Trunk:1     00-1C-11-6D-15-DC    1 Trunk:1
00-1E-7E-7C-2C-01    1 Trunk:1     00-1E-7E-7C-2C-40    1 Trunk:1
00-1F-0A-CE-BC-00    1             00-1F-0A-CE-BC-40    1
00-1F-D0-D0-BE-2D    1 Trunk:1     00-23-EE-96-AA-21    1 Trunk:1
00-24-B5-F6-94-02    1 Port: 9     00-1F-0A-CE-BC-41  100
00-24-7F-99-84-70  100 Trunk:1     00-24-7F-99-84-E9  100 Port:15
00-1E-CA-F3-1D-B4  200 Trunk:1

5520-48T-PWR#show lldp neighbor
-------------------------------------------------------------------------------
                            lldp neighbor
-------------------------------------------------------------------------------
Port: 13     Index: 5                  Time: 0 days, 00:02:00
        ChassisId: Network address    IPv4  192.168.100.4
        PortId:    MAC address        00:24:b5:f6:94:02
        SysCap:    TB / TB            (Supported/Enabled)
        PortDesc:  Avaya IP Phone
        SysDescr:  Avaya IP Telephone 1165E, Firmware:SIP1165e04.00.04.00

-------------------------------------------------------------------------------
Port: 25    Index: 6                  Time: 0 days, 00:02:19
        ChassisId: Network address    IPv4  192.168.200.99
        PortId:    MAC address        00:24:7f:99:84:e9
        SysCap:    TB / TB            (Supported/Enabled)
        PortDesc:  Avaya IP Phone
        SysDescr:  Avaya IP Telephone 1220, Firmware:SIP12x004.00.04.00

-------------------------------------------------------------------------------
Sys capability: O-Other; R-Repeater; B-Bridge; W-WLAN accesspoint; r-Router;
T-Telephone; D-DOCSIS cable device; S-Station only.
Total neighbors: 2

Would you be interested in seeing a screencast of this whole process?

Let me know if you have any questions or would like to point out corrections!

Cheers!

Nortel Internet Telephones – Network Loops

Michael McNamara — Tue, 06 May 2008 14:00:00 +0000

A Tek-Tips forum member recently reported that one of his technicians improperly cabled a Nortel i2002/i2004 Internet Telephone (plugging both the ports on the back of the Internet Telephone into the network switch) causing a loop which took down their entire network. The member was curious about how to configure Spanning Tree to help prevent this problem. I went digging and found the following information in the current phone firmware release notes;

Network Loop (Applies to IP Phone 2002, 2004, 2007, 1120E, 1140E)
These firmware releases include a fix to help prevent network loop scenarios from being introduced into the network, and the resultant network outages that can occur. The network loop avoidance fix was first introduced in 0604D9H, 0621C2B, 0624C1E and 0625C1E. One important note when upgrading to 0604DBN, 0621C4T, 0624C4L or 0625C4L from any load previous to 0604D9H, 0621C2B, 0624C1E or 0625C1E respectively, is that IP Phones that were inadvertently mis-wired during initial installation will not be allowed to work until the cabling problem is corrected. This fix is only an issue if the installer, when installing the Nortel IP Phone 2002, 2004, 2007, 1120E or 1140E, inadvertently connected the network Ethernet cable to the PC Ethernet port on the back of the phone, instead of connecting it to the network Ethernet port on the back of the phone. Phase II IP Phones (2002 and 2004) running firmware previous to 0604D9H, IP Phones 2007 running firmware previous to 0621C2B and IP Phone 1120E and 1140E running firmware previous to 0624C1C and 0625C1C respectively will work when incorrectly connected, but this does introduce the potential for network degradation. These new firmware loads will try and safe guard the network by trying to prevent phones that are mis-cabled to function. This means that the IP Phones that are working on a previous release of firmware may stop working if they are not correctly wired.

But realize that a mis-cabled phone may still work, even with the new firmware, if the network infrastructure supports Auto MDIX. If the network infrastructure supports Auto MDIX, network loop can still occur if the network is not running the Spanning Tree Protocol (STP) or a similar loop avoidance protocol.

As a preventative measure to reduce the potential for network degradation, and to prevent mis-cabled phones from ceasing to work when their firmware is upgraded, please consider taking the necessary steps to ensure your Nortel IP phones network cables are plugged into the correct ports on the back of the phone – network cable into the network Ethernet port, and the PC Ethernet cable (if connecting a PC) to the PC Ethernet port (little computer icon) on the back of the phone.

I’ve highlight a very important caveat above in RED. While this was and is a great feature of the new phone firmware the important piece to realize here is that if the network switch supports Auto MDIX, which the Nortel Ethernet Routing Switch 5520 and Ethernet Switch 470 PWR do you can’t rely on this feature alone to protect your network.

Ever since the release of the Nortel Ethernet Switch 470 we now configure Spanning Tree on every port with the exception of the core MLT/SMLT uplinks. Prior to the availability of the “Auto MDIX” feature a technician would need a crossover cable to physically put a loop between two switch ports. We made sure there were never any crossover cables left lying around. With the arrival of the “Auto MDIX” feature technicians could now put a loop in the switch with a standard straight-thru cable, which happened on a number of occasions. In order to prevent this problem we reconfigured every closet to run Spanning Tree locally on that switch. We would not run it on the uplinks but we would run it on all other ports in the switch/stack.

Here are some of the commands to enable Spanning Tree with Fast Learning on ports 1-46 of an ERS 5520 switch;

5520-48T-PWR> enable
5520-48T-PWR# configure terminal
5520-48T-PWR (config)# interface fastEthernet 1-46
5520-48T-PWR (config-if)# spanning-tree learning fast
5520-48T-PWR (config-if)# exit
5520-48T-PWR (config)#

Cheers!

Multicast Routing Protocol (Part 1)

Michael McNamara — Tue, 25 Mar 2008 02:00:00 +0000

I was originally just going to write about DVMRP, but I’ve also decided to post some basic examples for setting up PIM-SM. I’ll break this post into two parts; first part will look at utilizing DVMRP to setup a simple Multicast domain on a single switch while the second part will look at utilizing PIM-SM across multiple switches.

We have a few Nortel Contact Center (formerly Symposium) installations deployed throughout the organization. The Nortel Agent Desktop Display (ADD) utilizes multicast to distribute the information between the server and the individual clients. Unless the clients are in the same VLAN as the server (Application/Web server and Database server) you’re going to need a Multicast Routing Protocol to facilitate the multicast communications between VLANs. I should point out that at this point I’m only talking about making multicast traffic available between VLANs on a single Nortel Ethernet Routing Switch 8600.

Note: Nortel Contact Center 6.0 appears to use the following two Multicast addresses by default; 230.0.0.1, 230.0.0.2

Unfortunately I didn’t have a spare Contact Center server to test with so I needed to figure out how I could test multicast traffic ahead of time and then just schedule any changes that needed to be made to facilitate inter-VLAN multicast communications. I recalled that VideoLAN – VLC media player could stream audio/video via multicast.

In order to test I setup two laptops running Windows XP Service Pack 2, laptop A (10.1.55.50/24) on VLAN 55 (10.1.55.0/24) and laptop B (10.1.56.50/24) on VLAN 56 (10.1.56.0/24).

Laptop A will be the broadcast server and stream the video while laptop B will be the client.

Let’s setup the ERS 8600 switch;

ERS-8610:6# config vlan 55 create byport 1
ERS-8610:6# config vlan 55 ip address 10.1.55.5/24
ERS-8610:6# config vlan 55 ip ospf enable
ERS-8610:6# config vlan 55 ip vrrp 1 10.1.55.1
ERS-8610:6# config vlan 55 ip dvmrp enable
ERS-8610:6# config vlan 56 create byport 1
ERS-8610:6# config vlan 56 ip address 10.1.56.5/24
ERS-8610:6# config vlan 56 ip ospf enable
ERS-8610:6# config vlan 56 ip vrrp 1 10.1.56.1
ERS-8610:6# config vlan 56 ip dvmrp enable

And then some global settings;

ERS-8610:6# config ip dvmrp enable
ERS-8610:6# config ip ospf enable

Now we need to look at how to make VLC do what we need;

Once you install VLC and start the program you will be greeted by this lightweight frontend.

Click File -> Open File to bring up the Open dialog box.

Click on the Browse button to bring up a standard Windows file selection box. Select the file you want to play. Then click Open.

Your selection should appear in the text box next to the Browse button. Click the check box for Stream Output and then click the button Settings.

If you wish to view the video on the source laptop then check the box next to Play Locally under Output Methods. When streaming to another system you don’t have to play the file on the server, but you can use this option to visually confirm that our video is playing properly before trying to access the stream from another computer.

Check the box marked UDP and type in the Muticast address you want to stream the file to. You should use a local-scope multicast address between 239.0.0.0 – 239.255.255.255. You should also make sure that the Time-To-Live (TTL) is set to 2. Then click OK. The file is ready to play so click OK in the Open dialog box too.

The video or audio file should begin playing on the computer. The last thing to do before switching to the second laptop is to turn on VLC’s web interface by clicking Settings -> Add Interface -> Web Interface. This will help provide remote control over VLC if we should need it from the second laptop.

Open VLC on the second laptop.

Click on File -> Open Network Stream. Select UDP/RTP Multicast and use the same Multicast address you use on the server. Click the OK button and VLC will start playing your stream.

Now that the stream is successfully playing on your computer you can open up a web browser to control VLC remotely. Type http://10.1.55.10:8080/ into the address bar. The web browser will present you with all of the controls you need to manage playlists and playback remotely.

If you’ve setup the ERS8600 properly your video should start playing on the client laptop.

If you want to make sure that VLC is configured and working properly move both laptops to the same VLAN. If the video stream works then you know that VLC is working properly and you need to focus the network configuration.

Note: Windows XP defaults to IGMP v3 which is fine for this test.

You can use the following commands to troubleshoot the network pieces. In the examples below I had the laptops connected to an ERS 5520 switch which was uplink on port 1/1. That is why the port is reported as 1/1 throughout the different commands.

DVMRP

ERS-8610:6# show ip dvmrp info
==================================================================                        Dvmrp General Group
==================================================================

AdminStat               : enabled
Genid                   : 0x47c42ef1
Version                 : 3
NumRoutes               : 2
NumReachableRoutes      : 2

UpdateInterval          : 60
TriggeredUpdateInterval : 5
LeafTimeOut             : 125
NbrTimeOut              : 35
NbrProbeInterval        : 10
FwdCacheTimeout         : 300
RouteExpireTimeout      : 140
RouteDiscardTimeout     : 260
RouteSwitchTimeout      : 140
ShowNextHopTable        : disable
generate-trap            : disable
generate-log             : disable
PruneResend             : disable

ERS-8610:6# show ip dvmrp interface

================================================================================                        Dvmrp Interface
================================================================================                                         DEFAULT DEFAULT DEFAULT ADVERTISEIF        ADDR            METRIC OPERSTAT LISTEN  SUPPLY  METRIC  SELF
-------------------------------------------------------------------------------
Vlan55    10.1.55.1       1      up       enable  disable 1       enable
Vlan56    10.1.56.1       1      up       enable  disable 1       enable

2 out of 2 entries displayed

--------------------------------------------------------------------------------
IF        ADDR            IN-POLICY       OUT-POLICY      INTF TYPE
--------------------------------------------------------------------------------
Vlan55    10.1.55.1                                      ActiveVlan56    10.1.56.1                                      Active

2 out of 2 entries displayed

ERS-8610:6# show ip dvmrp route

================================================================================
                       Dvmrp Route
================================================================================
SOURCE          MASK            UPSTREAM_NBR    INTERFACE  METRIC EXPIRE
--------------------------------------------------------------------------------
10.107.55.0     255.255.255.0   0.0.0.0         Vlan55     1      155
10.107.56.0     255.255.255.0   0.0.0.0         Vlan56     1      155

2 out of 2 entries displayed

IGMP

ERS-8610:6# show ip igmp cache
================================================================================
                        Igmp Cache
================================================================================
GRPADDR         INTERFACE  LASTREPORTER    EXPIRATION V1HOSTTIMER  TYPE       STATICPORTS
--------------------------------------------------------------------------------
239.255.1.1     Vlan56     10.1.56.50    213        0            DYNAMIC NULL
239.255.255.250 Vlan55     10.1.55.50    214        0            DYNAMIC NULL
239.255.255.250 Vlan56     10.1.56.50    219        0            DYNAMIC NULL

3 out of 3 entries displayed

ERS-8610:6# show ip igmp group

================================================================================
                        Igmp Group
================================================================================
GRPADDR         INPORT          MEMBER          EXPIRATION TYPE
-------------------------------------------------------------------------------
239.255.1.1     V56-1/1         10.1.56.50      209        Dynamic
239.255.255.250 V55-1/1         10.1.55.50      210        Dynamic
239.255.255.250 V56-1/1         10.1.56.50      215        Dynamic

Total number of groups 3Total number of unique groups 2

ERS-8610:6# show ip igmp sender

================================================================================
                        Igmp Sender
===============================================================================
GRPADDR         IFINDEX    MEMBER          PORT       STATE
--------------------------------------------------------------------------------
239.255.1.1     Vlan 55    10.1.55.50      1/1        NOTFILTERED

1 out of 1 entries displayed

Hopefully I haven’t gone over the top on this one.

Please post any comments, corrections or suggestions.

Cheers!

Nortel ERS 5520 PwR Switch (Part 2)

Michael McNamara — Wed, 24 Oct 2007 01:19:00 +0000

[ad name=”ad-articlebodysq”]In my previous post I outlined all the commands that you would need to configure a Nortel Ethernet Routing Switch 5520 to support deploying Nortel’s i2002/i2004 Internet Telephones using LLDP-MED in conjunction with ADAC (Automatic Detection and Automatic Configuration). If you followed the steps your probably well on your way to getting things work. Unfortunately things can sometimes go wrong even with the best documentation and understanding of the product.

In this post I’m going to outline some of the basic commands you can use to troubleshoot any issues you might have between the ERS5520 and the i2002/i2004 phones.

Q. How can I check the log file?
A. show logging

ERS-5520# show logging
Type Time                    Idx  Src Message
---- ----------------------- ---- --- -------
S    00:00:00:00             1    NVR SNTP: Could not sync to NTP servers.
S    2007-04-05 17:18:08 GMT 2    NVR SNTP: Could not sync to NTP servers.
S    2007-04-05 17:22:07 GMT 3    NVR Audit data initialized - incorrect magic number: 0xffffffff
I    2007-04-19 01:21:03 GMT 4        Web server starts service on port 80.
I    2007-04-19 01:21:19 GMT 5        IGMP: Unknown Multicast Filter disabled
I    2007-04-19 01:21:19 GMT 6        PoE Port Detection Status:  Port 1 Status: Delivering Power
I    2007-04-19 01:21:22 GMT 7        PoE Port Detection Status:  Port 35 Status: Delivering Power
I    2007-04-19 01:21:49 GMT 8        Port 0/47 reenabled by VLACP
I    2007-04-19 01:21:49 GMT 9        Port 0/48 reenabled by VLACP
I    2007-04-19 01:23:05 GMT 10       SNTP: First synchronization successful.
I    2007-04-19 01:23:18 GMT 11       Warm Start Trap
I    2007-04-19 01:23:19 GMT 12       Link Up Trap Port: 1
I    2007-04-19 01:23:20 GMT 13       Trap:  pethPsePortOnOffNotification
I    2007-04-19 01:23:20 GMT 14       Trap:  bsAdacPortConfigNotification for Port: 47, Config: Applied

Q. How can I check the state of a port?
A. show interfaces

ERS-5520# show interfaces 47,48
Status                     Auto                      Flow
Port Trunk Admin   Oper Link LinkTrap Negotiation Speed    Duplex Control
---- ----- ------- ---- ---- -------- ----------- -------- ------ -------
47   1     Enable  Up   Up   Enabled  Enabled     1000Mbps Full   Asymm
48   1     Enable  Up   Up   Enabled  Enabled     1000Mbps Full   Asymm

Q. How can I check the VLACP state of a port?
A. show vlacp interface

ERS-5520# show vlacp interface 47,48
===============================================================================
VLACP Information
===============================================================================
PORT ADMIN   OPER    HAVE    FAST  SLOW  TIMEOUT TIMEOUT ETH  MAC
ENABLED ENABLED PARTNER TIME  TIME  TYPE    SCALE   TYPE ADDRESS
-------------------------------------------------------------------------------
0/47  true    true    yes    500   30000 short   3       8103 01:80:c2:00:11:00
0/48  true    true    yes    500   30000 short   3       8103 01:80:c2:00:11:00

Q. How can I check what FDB entries have been learned on a specific port?
A. show mac-address-table port

ERS-5520# show mac-address-table port 47
Mac Address Table Aging Time: 300
Number of addresses: 9

MAC Address      Source          MAC Address      Source
-----------------  --------      -----------------  --------
00-00-5E-00-01-01  Trunk: 1      00-15-40-45-68-00  Trunk: 1
00-17-D1-57-30-00  Trunk: 1      00-17-D1-57-30-10  Trunk: 1
00-17-D1-57-32-03  Trunk: 1      00-18-B0-CC-F0-00  Trunk: 1
00-18-B0-CC-F0-10  Trunk: 1      00-18-B0-CC-F2-01  Trunk: 1
00-1B-25-4C-74-00  Trunk: 1

Q. How can I check the FDB table for a specific MAC address?
A. show mac-address-table address

ERS-5520# show mac-address-table address 00:18:b0:cc:f0:10
Mac Address Table Aging Time: 300
Number of addresses: 1

MAC Address      Source          MAC Address      Source
-----------------  --------      -----------------  --------
00-18-B0-CC-F0-10  Trunk: 1

Q. How can I check to see if ADAC has been configured/enabled?
A. show adac

ERS-5520# show adac
ADAC Global Configuration
---------------------------------------
ADAC:  Enabled
Operating Mode:  Tagged Frames
Traps Control Status:  Enabled
Voice-VLAN ID:  12
Call Server Port:  None
Uplink Port:  48

Q. How can I check to see if ADAC has been applied to a specific port?
A. show adac interface

ERS-5520# show adac interface 20
Port  Auto-Detection  Auto-Configuration
----  --------------  ------------------
20       Enabled            Applied

Q. How can I check to see the LLDP information with a specific port?
A. show lldp port neighbor detail

ERS-5520# show lldp port 20 neighbor detail
-------------------------------------------------------------------------------
 lldp neighbor
-------------------------------------------------------------------------------
 Port: 20    Index: 5                  Time: 8 days, 13:47:49
 ChassisId: Network address    ipV4  192.168.100.101
 PortId:    MAC address        00:17:65:ff:e0:fc
 SysCap:    TB / TB            (Supported/Enabled)
 PortDesc:  Nortel IP Phone
 SysDescr:  Nortel IP Telephone 2002, Firmware:0604DAS

 PVID: 0                              PPVID Supported: not supported(0)
 VLAN Name List: none                 PPVID Enabled: none

 Dot3-MAC/PHY Auto-neg: supported/enabled       OperMAUtype:  100BaseTXFD
 PSE MDI power:         not supported/disabled  Port class:   PD
 PSE power pair:        signal/not controllable Power class:  2
 LinkAggr: not aggregatable/not aggregated      AggrPortID:   0
 MaxFrameSize: 1522
 PMD auto-neg:          10Base(T, TFD), 100Base(TX, TXFD)

 MED-Capabilities: CNLDI / CNDI       (Supported/Current)
 MED-Device type:  Endpoint Class 3
 MED-Application Type: Voice                    VLAN ID: 12
 L2 Priority: 6         DSCP Value: 46          Tagged Vlan, Policy defined
 Med-Power Type: PD Device            Power Source: Unknown
 Power Priority: High                 Power Value:    5.4 Watt
 HWRev:                               FWRev: 0604DAS
 SWRev:                               SerialNumber:
 ManufName: Nortel-01                 ModelName: IP Phone 2002
 AssetID:
-------------------------------------------------------------------------------
Port: 20    Index: 6                  Time: 8 days, 13:48:20
 ChassisId: Network address    ipV4  10.119.241.50
 PortId:    MAC address        00:17:65:ff:e0:fc
 SysCap:    TB / TB            (Supported/Enabled)
 PortDesc:  Nortel IP Phone
 SysDescr:  Nortel IP Telephone 2002, Firmware:0604DAS

 PVID: 0                              PPVID Supported: not supported(0)
 VLAN Name List: 12                   PPVID Enabled: none

 Dot3-MAC/PHY Auto-neg: supported/enabled       OperMAUtype:  100BaseTXFD
 PSE MDI power:         not supported/disabled  Port class:   PD
 PSE power pair:        signal/not controllable Power class:  2
 LinkAggr: not aggregatable/not aggregated      AggrPortID:   0
 MaxFrameSize: 1522
 PMD auto-neg:          10Base(T, TFD), 100Base(TX, TXFD)

 MED-Capabilities: CNLDI / CNDI       (Supported/Current)
 MED-Device type:  Endpoint Class 3
 MED-Application Type: Voice                    VLAN ID: 12
 L2 Priority: 6         DSCP Value: 46          Tagged Vlan, Policy defined
 Med-Power Type: PD Device            Power Source: Unknown
 Power Priority: High                 Power Value:    5.4 Watt
 HWRev:                               FWRev: 0604DAS
 SWRev:                               SerialNumber:
 ManufName: Nortel-01                 ModelName: IP Phone 2002
 AssetID:
-------------------------------------------------------------------------------
Sys capability: O-Other; R-Repeater; B-Bridge; W-WLAN accesspoint; r-Router;
T-Telephone; D-DOCSIS cable device; S-Station only.
Med Capabilities-C: N-Network Policy; L-Location Identification; I-Inventory;
S-Extended Power via MDI - PSE; D-Extended Power via MDI - PD.

Those are some of the commands that you might have to execute if you needed to perform troubleshooting between an ERS5520 and a i2002/i2004 phone.

Your DHCP server logs will be your friend during your troubleshooting. If you don’t see the phone making a DHCP request (or a request in the proper VLAN) then you should check that ADAC was applied to the switch port. ADAC is the component that will automatically add the switch port (the switch port the phone is connected to) into the Voice VLAN. If ADAC is not applied (or enabled) on the port then you’ll be able to see that the switch port in question is only a member of the Data VLAN. You need to remember that ADAC works on MAC address ranges. You need to check that the MAC address of your phone is in the ADAC MAC address table.

5520-48T-PWR# show adac mac-range-table
Lowest MAC Address          Highest MAC Address
------------------------    -------------------------
00-0A-E4-01-10-20            00-0A-E4-01-23-A7
00-0A-E4-01-70-EC            00-0A-E4-01-84-73
00-0A-E4-01-A1-C8            00-0A-E4-01-AD-7F
00-0A-E4-01-DA-4E            00-0A-E4-01-ED-D5
00-0A-E4-02-1E-D4            00-0A-E4-02-32-5B
00-0A-E4-02-5D-22            00-0A-E4-02-70-A9
00-0A-E4-02-D8-AE            00-0A-E4-02-FF-BD
00-0A-E4-03-87-E4            00-0A-E4-03-89-0F
00-0A-E4-03-90-E0            00-0A-E4-03-B7-EF
00-0A-E4-04-1A-56            00-0A-E4-04-41-65
00-0A-E4-04-80-E8            00-0A-E4-04-A7-F7
00-0A-E4-04-D2-FC            00-0A-E4-05-48-2B
00-0A-E4-05-B7-DF            00-0A-E4-06-05-FE
00-0A-E4-06-55-EC            00-0A-E4-07-19-3B
00-0A-E4-08-0A-02            00-0A-E4-08-7F-31
00-0A-E4-08-B2-89            00-0A-E4-09-75-D8
00-0A-E4-09-BB-9D            00-0A-E4-09-CF-24
00-0A-E4-09-FC-2B            00-0A-E4-0A-71-5A
00-0A-E4-0A-9D-DA            00-0A-E4-0B-61-29
00-0A-E4-0B-BB-FC            00-0A-E4-0B-BC-0F
00-0A-E4-0B-D9-BE            00-0A-E4-0C-9D-0D

Total Ranges: 21

If the MAC address of your i2002/i2004 phone does not match any of the MAC address ranges in the switch you’ll need to add a range to include those MAC addresses. If the MAC address of your i2002 phone was 00:18:b0:11:22:33 you could use the following commands;

5520-48T-PWR> enable
5520-48T-PWR# config terminal
5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff

You might think you could configure a port mirror and run a quick packet capture to understand what’s going on… unfortunately you cannot configure any port with port mirroring that has ADAC enabled.

Thats all for now.

The last step is the DHCP server so stay tuned.

Nortel ERS 5520 PwR Switch

Michael McNamara — Tue, 23 Oct 2007 23:49:00 +0000

[ad name=”ad-articlebodysq”]Update: July 30, 2009
I’ve added a command to disable the User Interface Button (UI Button) “no ui-button enable”.

Update: February 7, 2009
It was time to update this article with some additional information and settings that I’m now using in all my switch deployments. The big change is the updated ADAC MAC address table. Please also note the VLACP time-out scale change and I’ve updated the year field for the Daylight Saving Time change.

Update: August 13, 2008
This was one of the first articles I wrote back in October 2007 and it is by far the most popular article out of all 110 articles that I currently have published. With that said I decided to come back and spruce up this post with some additional “tweaks” that I’ve added over the past 10 months. I’m also going to attack a link to a text file so folks can just download the file of commands, tweak the specific individual settings such as IP address and VLAN information, and then cut and paste into the CLI interface of the Nortel Ethernet Routing Switch 5520. It will hopefully save folks from having to cut and paste each section.

Note: just a quick warning about cutting and pasting into the CLI interface, I’ve often found that the buffer will overflow if I try to paste an entire configuration at once. I usually need to break it into at least two or three sections and cut and paste those section one at a time.

In this post I’ll try to outline how you can configure the Nortel Ethernet Routing Switch 5520 in a VoIP environment using Nortel i2002/i2004 Internet Telephones (this procedure will also work the same with the i2007/1120E/1140E phones).

You’ll obviously need a ERS 5520 switch and you’ll need SW 5.0.6.22 or later and FW 5.0.0.3 or later (there are known issues with earlier software versions that create inconsistent results using LLDP with the i2002/i2004 phones). I would strongly advise that you start with a default configuration. From the CLI issue the following commands to reset the switch to factory defaults;

5520-48T-PWR> enable
5520-48T-PWR# boot default

The switch should reboot with a default configuration. Let’s proceed with the configuration;

5520-48T-PWR> enable
5520-48T-PWR# configure terminal

Let’s set the local read-only and read-write passwords;

5520-48T-PWR (config)#cli password read-only readpass
5520-48T-PWR (config)#cli password read-write writepass
5520-48T-PWR (config)#cli password serial local
5520-48T-PWR (config)#cli password telnet local

Let’s disable the user interface button (UI button);

5520-48T-PWR (config)# no ui-button enable

Enable AUTOPVID;

5520-48T-PWR (config)# vlan configcontrol autopvid

We’ll be up linking this switch using a MultiLink trunk on ports 47 and 48 so we’ll enable tagging on the fiber uplinks;

5520-48T-PWR (config)# vlan ports 47,48 tagging enable

Let’s create the data VLAN (VID 100) and management VLAN (VID 200) on the switch;

5520-48T-PWR (config)# vlan members remove 1 ALL
5520-48T-PWR (config)# vlan create 200 name "10-1-200-0/24" type port
5520-48T-PWR (config)# vlan members add 200 47,48
5520-48T-PWR (config)# vlan create 100 name "10-1-100-0/24" type port
5520-48T-PWR (config)# vlan members add 100 1-48
5520-48T-PWR (config)# vlan port 1-46 pvid 100
5520-48T-PWR (config)# vlan port 47,48 pvid 200

Let’s make VLAN 200 the management VLAN and assign the IP address;

5520-48T-PWR (config)# vlan mgmt 200
5520-48T-PWR (config)# ip address switch 10.1.200.10 netmask 255.255.255.0 default-gateway 10.1.200.1

Let’s setup Simple Network Management Protocol (SNMP);

5520-48T-PWR (config)# snmp-server authentication-trap disable
5520-48T-PWR (config)# snmp-server community  ro
5520-48T-PWR (config)# snmp-server community  rw
5520-48T-PWR (config)# snmp-server host

Let’s configure the logging so it will overwrite the oldest events;

5520-48T-PWR (config)# logging volatile overwrite
5520-48T-PWR (config)# logging enable

Let’s setup Simple Network Time Protocol (SNTP);

5520-48T-PWR (config)# sntp server primary address
5520-48T-PWR (config)# sntp server secondary address
5520-48T-PWR (config)# sntp enable

Depending on the version of switch software your running you may be able to configure Daylight Saving Time;

5520-48T-PWR (config)#clock time-zone EST -5
5520-48T-PWR (config)#clock summer-time EDT date 9 Mar 2009 2:00 2 Nov 2009 2:00 +60

Let’s setup the MultiLink trunk that will connect the switch back to the backbone;

5520-48T-PWR (config)# mlt 1 disable
5520-48T-PWR (config)# mlt 1 name "MLT-8600"
5520-48T-PWR (config)# mlt 1 learning disable
5520-48T-PWR (config)# mlt 1 member 47,48
5520-48T-PWR (config)# mlt 1 enable

Let’s setup ADAC (Automatic Detection and Automatic Configuration) for our i2002/i2004 phones. We’ll using VLAN 50 as our voice VLAN and we’ll use port 48 as our uplink (the switch will add 47 automatically because of the MLT configuration). There is a new command to clear the ADAC MAC address table that may be missing from earlier versions, “no adac mac-range-table”. I’ve also updated the list of entries that I use.

5520-48T-PWR (config)# adac voice-vlan 50
5520-48T-PWR (config)# adac op-mode tagged-frames
5520-48T-PWR (config)# adac uplink-port 48
5520-48T-PWR (config)# no adac mac-range-table
5520-48T-PWR (config)# adac mac-range-table low-end 00:0a:e4:75:00:00 high-end 00:0a:e4:75:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:13:65:00:00:00 high-end 00:13:65:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:14:c2:00:00:00 high-end 00:14:c2:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:16:ca:00:00:00 high-end 00:16:ca:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:17:65:00:00:00 high-end 00:17:65:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:69:00:00:00 high-end 00:19:69:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:e1:00:00:00 high-end 00:19:e1:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:1b:ba:00:00:00 high-end 00:1b:ba:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:1e:ca:00:00:00 high-end 00:1e:ca:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:22:67:00:00:00 high-end 00:22:67:ff:ff:ff
5520-48T-PWR (config)# adac enable

We need to strip the 802.1q tag from any packets in the PVID VLAN from going to the phone. In this design we’re expecting to connect IP phones to ports 1 – 46.

5520-48T-PWR (config)# vlan port 1-46 tagging untagpvidOnly

Let’s configure LLDP for the ports we expect to connect IP phones (1 – 46);

5520-48T-PWR (config)# interface fastEthernet 1-46
5520-48T-PWR (config-if)# vlan ports 1-46 filter-unregistered-frames disable
5520-48T-PWR (config-if)# lldp tx-tlv port-desc sys-cap sys-desc sys-name
5520-48T-PWR (config-if)# lldp status txAndRx config-notification
5520-48T-PWR (config-if)# lldp tx-tlv med extendedPSE med-capabilities network-policy
5520-48T-PWR (config-if)# poe poe-priority high
5520-48T-PWR (config-if)# spanning-tree learning fast
5520-48T-PWR (config-if)# adac enable
5520-48T-PWR (config-if)# exit

The option in RED above was added after an issue was discovered when trying to upgrade the firmware on the IP phones. The filter-unregistered-frames is enabled by default and should be disabled to avoid and issues with upgrading the firmware on the IP phones. We are attempting to investigate further with Nortel and our voice vendor Shared Technologies.

Let’s disable the two remaining ports that share the GBIC interfaces incase we need those in the future;

5520-48T-PWR (config)# interface fastEthernet 45-46
5520-48T-PWR (config-if)# shutdown
5520-48T-PWR (config-if)# exit

Let’s setup a QoS interface group to trust all traffic that will ingress on the fiber uplinks. By default the ERS 5520 switch will strip all QoS tags on all ports. Thankfully ADAC will take care of the QoS settings for all VoIP traffic.

5520-48T-PWR (config)# qos if-group name allUpLinks class trusted
5520-48T-PWR (config)# interface fastEthernet 47,48
5520-48T-PWR (config)# qos if-assign port 47,48 name allUpLinks
5520-48T-PWR (config)# exit

Let’s set the SNMP information;

5520-48T-PWR (config)# snmp-server name "sw-icr1-1east.sub.domain.org"
5520-48T-PWR (config)# snmp-server location "Acme Internet Phone Company (ICR1)"
5520-48T-PWR (config)# snmp-server contact "Network Infrastructure Team"

Let’s enable rate limiting for all broadcast and multicast traffic to 10% of the link;

5520-48T-PWR (config)# interface fastEthernet ALL
5520-48T-PWR (config-if)# rate-limit both 5
5520-48T-PWR (config-if)# exit

Let’s setup VLACP (Virtual Link Aggregation Protocol) on the uplinks to the core;

5520-48T-PWR (config)# interface fastEthernet 47,48
5520-48T-PWR (config-if)# vlacp port 47,48 timeout short
5520-48T-PWR (config-if)# vlacp port 47,48 timeout-scale 5
5520-48T-PWR (config-if)# vlacp port 47,48 enable
5520-48T-PWR (config-if)# exit
5520-48T-PWR (config)# vlacp enable

That’s it your done! Well hopefully your done.

In my next post I’ll tell you what DHCP options you’ll need to configure on your DHCP server in order for the phones to boot properly and connect to the Nortel Call Server.

Cheers!