Michael McNamara

Discussion with Roger Lapuh from Avaya

Michael McNamara — Mon, 23 May 2016 14:18:51 +0000

Over the weekend Dominik and myself had a great conversation with Roger Lapuh, Product Line Manager and Architect at Avaya. We recorded the conversation and posted it up to the Network Broadcast Storm podcast.

If your interested in some of the back story behind SMLT you might find the conversation interesting.

Cheers!

What is a MLT, DMLT, SMLT, SLT or IST?

Michael McNamara — Sun, 02 Sep 2012 14:58:28 +0000

I get asked quite frequently to explain what is a MLT, DMLT, SMLT, SLT or IST are and how they work.

Let me start with some definitions and then we’ll move on from there;

MLT (MultiLink Trunk) a proprietary bonding protocol to bond two or more physical links into a single virtual link between two switches.
DMLT (Distributed MultiLink Trunk) a proprietary bonding protocol to bond two or more physical links into a single virtual link across multiple cards or switches (in a stack configuration) between two switches.
SMLT (Split MultiLink Trunk) a proprietary bonding protocol to bond two or more physical links into a single virtual link between two core cluster switches and a single edge/distribution switch.
SLT (Single Port Split MultiLink Trunk – formerly S-SMLT for Single Split MultiLink Trunk) a proprietary bonding protocol to bond two physical links into a single virtual link between two core switches and a single edge/distribution switch. This is just an SMLT with only two ports maximum – one from each core/distribution switch.
IST (InterSwitch Trunk) a proprietary bonding protocol between two core cluster switches that allows them to deploy SMLT or SLT topologies to edge/distribution switches. This is just an MLT which is used to bridge the VLANs between the two cluster switches. The IST also provides a transport for the two cluster switches to exchange ARP and FDB/MAC table information.

You can use MLT or DMLT between two switches in what I would refer to as a traditional trunking application. A Distributed MultiLink Trunk provides additional redundancy by spreading the links out across multiple line cards or switches in a stack depending on the switch model/configuration. An MLT/DMLT is Avaya’s proprietary equivalent to Cisco’s EtherChannel or PortChannel feature. An Avaya MLT or DMLT configuration can interoperate with Cisco’s EtherChannel or PortChannel configuration.

It’s important to point out that Avaya switches will (by default) only send out BPDU frames on the lowest number if index of a MLT or DMLT trunk. This can be overridden in newer software releases with the command “mlt 1 bpdu all-ports“. Cisco switches will send out BPDU frames on all ports in an EtherChannel or PortChannel configuration.

You can use SMLT or SLT between two cluster switches and a single edge/distribution switch or stack essentially creating a triangle topology without the need for Spanning Tree. Both links between the core and edge/distribution are actively forwarding traffic. An SMLT/SLT is Avaya’s proprietary equivalent to Cisco’s Virtual PortChannel feature. When do you use one over the other, SMLT or SLT? The later software releases only allowed between 32 and 64 MLTs per switch. If you had more than 31 edge switches you would run out of available MLTs, so Avaya came up with SLT – you can have as many SLTs as you have ports in the switch. SMLT will allow you to bond between 2 and 8 ports into a single virtual trunk on each cluster switch while SLT is designed to allow two ports max (one per cluster switch).

It’s important to note that you can utilize LACP with MLT, DMLT or SMLT ports just a you can with PortChannel groups.

The majority of closets I deploy utilizing SLT in the cluster core although there are a few closets that require more than 2 x 1Gbps uplinks so for those we utilize a SMLT configuration allowing up to 16 x 1Gbps links between the core cluster switches and edge/distribution switches.

Spanning Tree Protocol and IST/SMLT

Avaya has not extended the functionality of the Spanning Tree Protocol to run over an IST/SMLT topology. You can’t run STP between your core cluster switches and your edge switch/stack. That doesn’t mean that we can abandon STP altogether. It’s critical that Spanning Tree be utilized on all the edge ports in FastStart (PortFast) mode to eliminate the possibility of anyone accidentally creating a loop between any two ports in the edge switch. I also recommend that BPDU filtering be enabled on all edge ports along with Broadcast and Multicast rate-limiting.

Virtual Link Aggregation Control Protocol (VLACP)

In an Avaya network there is a special secret sauce that helps to bring everything together providing timely failure detection and recovery in an MLT, DMLT, IST, SMLT and SLT topology. VLACP is a lightweight heartbeat protocol utilized between two Avaya switches to detect Layer 2 connectivity issues between two endpoints. The trick these days isn’t detecting a failure but knowing when to restore a failed path taking into account the time it takes to rebuild routing and forward tables. VLACP is an Avaya proprietary protocol so it will only work between two Avaya switches.

If you’d like to know more about VLACP or how to configure it you can read my article entitled, Is VLACP right for me?

Cheers!

References: Switch Clustering using Split Multi-Link Trunking (SMLT) with VSP 9000, ERS 8600/8800, 8300, and 5000 Technical Configuration Guide

Avaya Split MultiLink Trunking (SMLT) Layer 2 Trunking

Michael McNamara — Mon, 05 Dec 2011 18:35:49 +0000

It was recently pointed out to me that I had never written a post documenting how to configure SMLT to a edge/closet switch. While there are plenty of examples in the Avaya/Nortel technical guides I’ll humor the folks that are interested. In this example I’ll configure a pair of ERS 8600 switches utilizing SMLT over SLT (Single Link Trunks).

Let’s assume that these switches are already setup in an IST pair (future post?) and that we want to add a new edge/closet switch to the network. We’ll utilize port 1/7 on both ERS 8600 switches to connect to ports 1/47 and 1/48 on the edge switch. The edge switch should be setup as an MLT. You can refer to this post for additional details regarding how to configure the edge switch.

Here’s a diagram of our example topology…

Step 1.

Let’s start configuring the ERS8600-A switch;

config ethernet 1/7 perform-tagging enable
config ethernet 1/7 untagged-frames-discard enable
config ethernet 1/7 default-vlan-id 200
config ethernet 1/7 cp-limit enable multicast-limit 7500 broadcast-limit 5000
config ethernet 1/7 enable-diffserv true
config ethernet 1/7 slpp packet-rx enable
config ethernet 1/7 slpp packet-rx-threshold 5
config ethernet 1/7 mstp cist forceportstate disable
config ethernet 1/7 mstp msti 1 forceportstate disable
config ethernet 1/7 smlt 107 create
config ethernet 1/7 vlacp  enable
config ethernet 1/7 vlacp  fast-periodic-time 500
config ethernet 1/7 vlacp  timeout short
config ethernet 1/7 vlacp  timeout-scale 5

Let’s break down those commands and review each;

config ethernet 1/7 perform-tagging enable

This command will enable tagging to make the port an 802.1q trunk port. This will enable us to trunk multiple VLANs over the single interface, it will also preserve an Layer 2 QoS/CoS information.

config ethernet 1/7 untagged-frames-discard enable

This command will discard any non 802.1q tagged frames that are received on the port. This can be a valuable defense measure in protecting your network. What would happen if the edge switch was accidentally factory reset with both uplinks still connected? A loop would result, however, with this feature all frames from the edge switch will be discarded until the switch is reconfigured.

config ethernet 1/7 default-vlan-id 200

This command will set the PVID to our management VLAN. This value will only be considered if the port receives a frame which doesn’t have an 802.1q header and hence is missing the VLAN ID. The command “untagged-frames-discard enable” essentially negates this command but we set it anyway so we’re consistent in our configurations.

config ethernet 1/7 cp-limit enable multicast-limit 7500 broadcast-limit 5000

This command will enable CP-Limit to protect the core network from too many Multicast or broadcast packets flooding the link. CP-Limit will shutdown the link to try and protect the core network. This is just one of many defense mechanisms available to help protect your network.

config ethernet 1/7 enable-diffserv true

This command will enable DiffServ (Layer 3 QoS) on the switch port and set it for Trusted, so the switch will honor all DiffServ marked packets and give those packets the appropriate priority and queuing.

config ethernet 1/7 slpp packet-rx enable
config ethernet 1/7 slpp packet-rx-threshold 5

These commands will enable Simple Loop Protection Protocol (SLPP) to help detect any misconfiguration of the MultiLink trunks on the edge/closet switch.

config ethernet 1/7 mstp cist forceportstate disable
config ethernet 1/7 mstp msti 1 forceportstate disable

These commands will disable Multiple Spanning Tree Protocol (MSTP) no the switch ports. Spanning Tree is not compatible with Avaya’s Split Trunking Protocol since we are quite literally creating a loop in the physical topology. If this switch was running STP the command would like so, ethernet 1/7 stg 1 stp disable.

config ethernet 1/7 smlt 107 create

Here’s the command that you’ve been waiting for … this command essentially creates a S-SMLT or Single Link Trunk (SLT). The ID used in the connection needs to match the peer ERS 8600 switch.

Design note – in my networks I use numbers to denote the different IDFs or ICRs. I usually add 100 to those numbers for the SMLT ID and VLAN IDs. Since this is IDF #7 (or ICR #7) the SMLT ID is 100 + 7 = 107 and the VLAN for this closet will eventually be 107. If I was still using VRRP the VRRP ID would also be 107. You can use whatever number you’d like but they must match on the two ERS 8600s!

config ethernet 1/7 vlacp enable
config ethernet 1/7 vlacp fast-periodic-time 500
config ethernet 1/7 vlacp timeout short
config ethernet 1/7 vlacp timeout-scale 5

These commands enable VLACP on the port and utilize the recommended values from Avaya.

You should repeat the commands above in Step 1 on both Avaya Ethernet Routing Switch 8600s, substitute the appropriate port numbers and SMLT ID.

Design note – in my networks the edge/closet switches are still Layer 2 only so I perform all the routing in the core switches. I will usually have a “default” VLAN per edge/closet switch although I do have multiple VLANs that span multiple edge/closet switches.

Step 2.

With the port configured now we’ll build the VLAN that we’ll associate with most ports on the edge switch.

config vlan 107 create byport-mstprstp 1 name "10-1-112-0/23"
config vlan 107 add-mlt 1
config vlan 107 ports add 1/7 member portmember
config vlan 107 fdb-entry aging-time 21601
config vlan 107 ip create 10.1.112.1.1/255.255.254.0 mac_offset 0
config vlan 107 ip igmp proxy-snoop enable
config vlan 107 ip igmp snoop enable
config vlan 107 ip dhcp-relay enable
config vlan 107 ip ospf interface-type passive
config vlan 107 ip ospf enable
config vlan 107 ip rsmlt enable
config vlan 107 ip rsmlt holdup-timer 9999

Let’s break down those commands and review each;

config vlan 107 create byport-mstprstp 1 name “10-1-112-0/23”

This command will create VLAN 107 and make it a port based VLAN with the name “10-1-112-0/23”. You might be asking what the mstprstp is… this specific switch I’m working with has been deployed with MSTP enabled. If you have a switch still using STP (default) then the command would look like so config vlan 107 create byport 1 name “10-1-112-0/23”

config vlan 107 add-mlt 1

This command will add VLAN 107 to our IST which in this case happens to be MLT ID 1.

config vlan 107 ports add 1/7 member portmember

This command will add VLAN 107 to port 1/7 which we are using to connect our edge/closet switch.

config vlan 107 fdb-entry aging-time 21601

This command will set the default FDB aging time for all MAC information learned in this VLAN to 6 hours and 1 second. This is a best practice recommendation by Avaya to help reduce the ARP broadcast storms that can result when the FDB table expires a large number of entries which then in turn causes them to be removed from the ARP table causing the switch to re-ARP for them.

config vlan 107 ip create 10.1.112.1.1/255.255.254.0 mac_offset 0

This command will configure a Layer 3 interface on VLAN 107 with the IP address of 10.1.112.1/23. Your mac_offset will differ depending on how many IP interfaces you already have deployed on your switch.

config vlan 107 ip igmp proxy-snoop enable
config vlan 107 ip igmp snoop enable

This command will enable IGMP snooping and proxy on the VLAN.

config vlan 107 ip dhcp-relay enable
config vlan 107 ip dhcp-relay create-fwd-path server 10.1.1.100
config vlan 107 ip dhcp-relay enable-fwd-path server 10.1.1.100

These commands will enable DHCP relay on the VLAN, and forward all DHCP requests to 10.1.1.100.

config vlan 107 ip ospf interface-type passive
config vlan 107 ip ospf enable

This command will enable OSPF on the VLAN and will set it to passive (best practice for edge/closet VLANs).

config vlan 107 ip rsmlt enable
config vlan 107 ip rsmlt holdup-timer 9999

This command will enable RSMLT which replaces the VRRP functionality. We set the holdup-timer to infinity, we don’t want the ERS 8600 to stop accepting packets for it’s peer at anytime.

You should repeat the commands above in Step 2 on both Avaya Ethernet Routing Switch 8600s, substitute the appropriate IP address and ports.

Step 3.

There are a few items that we still need to take care of to round out the configuration.

We need to enable SLPP for VLAN 107;

config slpp operation enable
config slpp add 107

These commands will enable SLPP globally and will also enable SLPP in VLAN 107.

Step 4.

Here are some commands you can use to verify the configuration and operation.

You can check the SMLT table and verify that the trunk is configured as SMLT and operating as SMLT;

ERS-8610-A:5# show smlt info
================================================================================
Mlt SMLT Info
================================================================================
MLT   SMLT     ADMIN    CURRENT
ID    ID       TYPE     TYPE
--------------------------------------------------------------------------------
4     4        smlt     smlt
10    10       smlt     norm
15    15       smlt     norm

================================================================================
Port SMLT Info
================================================================================
PORT  SMLT     ADMIN    CURRENT
NUM   ID       TYPE     TYPE
--------------------------------------------------------------------------------
1/7   3        smlt     smlt
4/4   6        smlt     smlt

You can check the MLT table and verify that VLAN 107 is a member of MLT 1 (IST);

ERS-8610-A:5# show mlt info
================================================================================
Mlt Info
================================================================================
PORT    SVLAN  MLT   MLT        PORT         VLAN
MLTID IFINDEX NAME      TYPE    TYPE  ADMIN CURRENT    MEMBERS      IDS
--------------------------------------------------------------------------------
1   6144  MLT-IST      trunk   normal ist    ist      1/1,4/1,8/1       1 2 3 4 5 9 10 20 21 25 99 100 101 102 103 107 198 199 200

You can verify that the IST is up and operational between the two ERS 8600 switches;

ERS-8610-A:5# show mlt ist info
================================================================================
Mlt IST Info
================================================================================
MLT   IP                   VLAN     ENABLE   IST
ID    ADDRESS              ID       IST      STATUS
--------------------------------------------------------------------------------
1     10.1.100.2         100      true     up

You can check the state of VLACP on port 1/7 to confirm that VLACP is enable and up.

ERS-86010-A:5# show port info vlacp port 1/7
================================================================================
VLACP Information
================================================================================
INDEX ADMIN   OPER    PORT   FAST    SLOW    TIMEOUT TIMEOUT ETHER      MAC
ENABLED ENABLED STATE  TIME    TIME    TIME    SCALE   TYPE       ADDR
--------------------------------------------------------------------------------
1/7   true    true    UP    500     30000   short     5      0x8103    01:80:c2:00:11:00

You can check the SONMP topology tables to make sure you have the correct port(s).

ERS-8610-A:5# show sys topology
================================================================================
Topology Table
================================================================================
Local                                                                     Rem
Port  IpAddress       SegmentId MacAddress   ChassisType      BT LS  CS   Port
--------------------------------------------------------------------------------
0/0  10.1.1.1      0x000000  0004387xxxxx ERS8610          12 Yes HtBt  0/0
1/1  10.1.1.2      0x000101  000fcdfxxxxx ERS8610          12 Yes HtBt  1/1
1/7  10.1.255.20   0x00012f  0014c73xxxxx mBayStack5520-48T-PWR 12 Yes HtBt  1/47

Cheers!

Avaya’s MultiLink Trunk and Spanning Tree Protocol

Michael McNamara — Tue, 21 Jun 2011 21:02:14 +0000

There was a question recently on the discussion forums regarding the ability to run Spanning Tree Protocol (STP/RSTP/MSTP) over a MultiLink Trunk (MLT). You can most certainly run STP/RSTP/MSTP over a MLT interface. You can NOT run STP/RSTP/MSTP over a SMLT interface.

I thought I would run through a few quick commands to demonstrate how to enable Spanning Tree over an MLT interface. In the spirit of making things interesting I’ll utilize Multiple Spanning Tree Protocol (MSTP) over the default legacy Spanning Tree Protocol (STP) or the optional Rapid Spanning Tree Protocols (RSTP). I won’t try to explain Spanning Tree as there are plenty of resources available on the Internet.

For this example I have an Avaya Ethernet Routing Switch 5520 and an Avaya Ethernet Switch 460 (formerly Nortel BayStack 460). I’ll setup 2 MLT links between the two switches utilizing 4 ports in total. I’ll utilize VLANS 1, 100, 200 and Multiple Spanning Tree Instances (MSTI) 1 and 2 with CIST 0.

Ethernet Routing Switch 5520

By default only legacy STP is enabled so we need to enable MSTP and reload the switch;

config t
spanning-tree mode mst
copy config nvram
boot -y

Once the switch has restarted we can continue the configuration. Let’s make all 4 ports 802.1q tagged ports;

config t
vlan ports 11,12,17,18 tagging tagAll

Now we’ll create the MultiLink Trunk interfaces and add the port members. You might notice in the code below the command “mlt # bpdu all-ports”. By default Avaya/Nortel switches only send BPDU frames on the single port in a MLT. This is completely opposite of the behavior from Cisco and other network manufacturers so as a best practice I enable this option. If we were connecting Avaya switches and didn’t enable this feature we would need to ensure that the lowest number ifIndex on one switch connected to the lowest number ifIndex on the other switch. This is important because Nortel/Avaya switches only send BPDU frames on the lower ifIndex port in an MLT. For example if we had say ports 3 and 7 on switch A and ports 10 and 14 on switch B we would need to connect 3(A) to 10(B) and 7(A) to 14(B) to ensure that the BPDU frames would be exchanged on matching ports between the switches.

mlt 1 name "Primary Group"
mlt 1 member 11,12
mlt 1 learning enable
mlt 1 bpdu all-ports
mlt 1 enable
mlt 2 name "Secondary Group"
mlt 2 member 11,12
mlt 2 learning enable
mlt 2 bpdu all-ports
mlt 2 enable

Now we’ll create the MSTI instances 1,2 along with VLANS 100,200 respectively;

spanning-tree mstp msti 1
spanning-tree mstp msti 1 enable
spanning-tree mstp msti 2
spanning-tree mstp msti 2 enable
spanning-tree mstp region region-name acme region-version 1
spanning-tree mstp priority 8000 (this is 32768 in decimal)
spanning-tree mstp msti 1 priority 8000 (this is 32768 in decimal)
spanning-tree mstp msti 2 priority 8000 (this is 32768 in decimal)
vlan create 100 type port msti 1
vlan create 200 type port msti 2
vlan members add 100 11,12
vlan members add 200 17,18

As a best practice we’ll enable edge-port (FastStart) and BPDU filtering on the remaining ports;

inter fa 1-10,13-16,19-48
spanning-tree mstp edge-port true
spanning-tree bpdu-filtering enable

Ethernet Switch 460

By default only legacy STP is enabled so we need to enable MSTP and reload the switch;

config t
spanning-tree op-mode mstp
copy config nvram
boot -y

Once the switch has restarted we can continue the configuration. Let’s make all 4 ports 802.1q tagged ports;

config t
vlan ports 11,12,17,18 tagging tagAll

Now we’ll create the MultiLink Trunk interfaces and add the port members. Just as we did with the ERS 5520 we’ll enable “mlt # bpdu all-ports”.

mlt 1 name "Primary Trunk Group"
mlt 1 member 11,12
mlt 1 learning enable
mlt 1 bpdu all-ports
mlt 1 enable
mlt 2 name "Secondary Trunk Group"
mlt 2 member 11,12
mlt 2 learning enable
mlt 2 bpdu all-ports
mlt 2 enable

Now we’ll create the MSTI instances 1,2 along with VLANS 100,200 respectively;

spanning-tree mstp msti 1
spanning-tree mstp msti 1 enable
spanning-tree mstp msti 2
spanning-tree mstp msti 2 enable
spanning-tree mstp region region-name acme region-version 1
spanning-tree mstp priority f000 (this is 61440 in decimal)
spanning-tree mstp msti 1 priority f000 (this is 61440 in decimal)
spanning-tree mstp msti 2 priority f000 (this is 61440 in decimal)
vlan create 100 type port msti 1
vlan create 200 type port msti 2
vlan members add 100 11,12
vlan members add 200 17,18

As a best practice we’ll enable edge-port (FastStart) and BPDU filtering on the remaining ports;

inter fa 1-10,13-16,19-24
spanning-tree mstp edge-port true
spanning-tree bpdu-filtering enable

Results

Let’s have a look at some of the show commands to see how things are running;

5520-48T-PWR#show autotopology nmm-table
LSlot                                                                     RSlot
LPort IP Addr          Seg ID  MAC Addr     Chassis Type     BT LS   CS   RPort
----- --------------- -------- ------------ ---------------- -- --- ----  -----
0/ 0 192.168.1.24    0x000000 001F0ACEBC01 5520-48T-PWR     12 Yes HTBT    NA
1/11 192.168.1.23    0x00010b 000FCDF59601 460-24T-PWR      12 Yes HTBT   1/11
1/12 192.168.1.23    0x00010c 000FCDF59601 460-24T-PWR      12 Yes HTBT   1/12

460-24T-PWR#show autotopology nmm-table
LSlot                                                                     RSlot
LPort IP Addr          Seg ID  MAC Addr     Chassis Type     BT LS   CS   RPort
----- --------------- -------- ------------ ---------------- -- --- ----  -----
0/ 0 192.168.1.23    0x000000 000FCDF59601 460-24T-PWR      12 Yes HTBT    NA
1/11 192.168.1.24    0x00010b 001F0ACEBC01 5520-48T-PWR     12 Yes HTBT   1/11
1/12 192.168.1.24    0x00010c 001F0ACEBC01 5520-48T-PWR     12 Yes HTBT   1/12

We can see that the SONMP table is exchanging packets across MLT 1 (11,12). That would lead me to guess that ports 17,18 are in discarding (blocking) mode. Let’s see if that’s the case;

5520-48T-PWR#show spanning-tree mstp port role 11,12,17,18
Port     Role       State     STP Status  Oper Status
----  ----------  ----------  ----------  -----------
11    Designated  Forwarding  Enabled     Enabled
12    Designated  Forwarding  Enabled     Enabled
17    Designated  Forwarding  Enabled     Enabled
18    Designated  Forwarding  Enabled     Enabled

460-24T-PWR#show spanning-tree mstp port role 11,12,17,18
Port     Role       State     STP Status  Oper Status
----  ----------  ----------  ----------  -----------
11    Root        Forwarding  Enabled     Enabled
12    Root        Forwarding  Enabled     Enabled
17    Alternate   Discarding  Enabled     Enabled
18    Alternate   Discarding  Enabled     Enabled

From the output above we can determine that the Ethernet Routing Switch 5520 is the root bridge and that MLT 2 (17,18) is an alternate path that’s currently discarding traffic on the Ethernet Switch 460. Lets confirm who’s the root bridge;

5520-48T-PWR#show spanning-tree mstp status
Bridge Address:          00:1F:0A:CE:BC:00
Cist Root:               80:00:00:1F:0A:CE:BC:00
Cist Regional Root:      80:00:00:1F:0A:CE:BC:00
Cist Root Port:          0
Cist Root Cost:          0
Cist Regional Root Cost: 0
Cist Max Age:            20 seconds
Cist Forward Delay:      15 seconds

460-24T-PWR#show spanning-tree mstp status
Bridge Address:          00:0F:CD:F5:96:00
Cist Root:               80:00:00:1F:0A:CE:BC:00
Cist Regional Root:      80:00:00:1F:0A:CE:BC:00
Cist Root Port:          MLT 1
Cist Root Cost:          0
Cist Regional Root Cost: 100000
Cist Max Age:            20 seconds
Cist Forward Delay:      15 seconds

The root bridge is definitely the ERS 5520 as it should be since we set the bridge priority in our configuration above.

Hopefully you’ll agree that was pretty easy. You could of course set path costs/priorities so that you can administratively choose which path is the designated and alternate and for which MST instance. In a future post I will demonstrate how you can connect a Cisco Catalyst 3750-E to an Avaya switch while supporting MSTP.

Cheers!
References;

Avaya Ethernet Routing Switch RSTP/MSTP Technical Configuration Guide

802.1Q VLAN Tagging on a Cisco Catalyst 3750-E

Michael McNamara — Sat, 29 Jan 2011 18:29:16 +0000

In the two previous posts I covered how to create multiple VLANs, trunk those VLANs between multiple stackable Avaya Ethernet Routing Switches utilizing Multi-Link Trunking and how to create Layer 3 IP interfaces to be used for routing IP packets between those VLANs.

In this post I thought I would expand the network topology of my previous two posts to include a Cisco Catalyst 3750-E. I’ll specifically cover how to trunk (bridge) multiple VLANs between a stackable Avaya Ethernet Routing Switch and the Cisco Catalyst 3750-E and how to configure multiple interfaces in a Link Aggregation Group (LAG) utilizing LACP similar to Avaya’s proprietary MLT feature.

Avaya Ethernet Routing Switch 4548

enable
config t

Let’s start by making ports 45 and 46 trunk ports which will utilize 802.1Q tagging;

vlan ports 45,46 tagging tagAll

Let’s add the VLANs we wish to bridge across the trunk ports;

vlan members add 1 45,46
vlan members add 100 45,46
vlan members add 200 45,46

Now we’ll enable LACP on ports 45 and 46 using the same LACP key which will automatically create the LAG;

interface fastEthernet 45
lacp key 10
lacp mode active
lacp timeout-time short
lacp aggregation enable
exit

interface fastEthernet 46
lacp key 10
lacp mode active
lacp timeout-time short
lacp aggregation enable
exit

Avaya Ethernet Routing Switch 4548 – Show Commands

4548GT-PWR#show lacp port 45,46
Admin Oper         Trunk Partner
Port Priority Lacp    A/I Timeout Key   Key   AggrId Id    Port    Status
---- -------- ------- --- ------- ----- ----- ------ ----- ------- ------
45   32768    Active  A   Short   10    12298 8224   32    302     Active
46   32768    Active  A   Short   10    12298 8224   32    303     Active

4548GT-PWR#show mac-address-table
Mac Address Table Aging Time: 300
Number of addresses: 26

   MAC Address    Vid  Source         MAC Address    Vid  Source
----------------- ---- -------     ----------------- ---- -------
00-02-B3-CB-77-A2    1 Port:19     00-04-61-9E-46-7E    1 Port:21
00-0C-29-64-33-F9    1 Port:19     00-0C-29-A5-CB-54    1 Port:19
00-0F-20-95-38-D5    1 Port:11     00-18-01-EA-F4-45    1 Port: 1
00-1C-11-6B-DC-6B    1 Port: 1     00-1C-11-6D-15-27    1 Port: 1
00-1C-11-6D-15-DC    1 Port: 1     00-1E-7E-7C-2C-00    1
00-1E-7E-7C-2C-40    1             00-1F-0A-CE-BC-01    1 Trunk:1
00-1F-0A-CE-BC-40    1 Trunk:1     00-1F-D0-D0-BE-2D    1 Port:17
00-23-EE-96-AA-21    1 Port: 1     00-24-B5-F6-94-02    1 Trunk:1
00-64-40-CF-4D-AD    1 Trunk:32    00-64-40-CF-4D-AE    1 Trunk:32
00-64-40-CF-4D-C0    1 Trunk:32    00-0A-E4-76-9C-C8    2 Port:44
00-24-DC-DF-0D-08    2 Port:43     00-A0-F8-5E-CE-BC    2 Port:39
00-1F-0A-CE-BC-41  100 Trunk:1     00-24-7F-99-84-70  100 Port:25
00-64-40-CF-4D-AD  100 Trunk:32    00-1E-CA-F3-1D-B4  200 Port:26
00-1F-0A-CE-BC-43  200 Trunk:1     00-64-40-CF-4D-AD  200 Trunk:32

4548GT-PWR#show mlt
Id Name             Members                Bpdu   Mode           Status  Type
-- ---------------- ---------------------- ------ -------------- ------- ------
1  MLT_to_ERS5520   47-48                  All    Basic          Enabled Trunk
2  Trunk #2         NONE                   All    Basic          Disabled
3  Trunk #3         NONE                   All    Basic          Disabled
4  Trunk #4         NONE                   All    Basic          Disabled
5  Trunk #5         NONE                   All    Basic          Disabled
6  Trunk #6         NONE                   All    Basic          Disabled
7  Trunk #7         NONE                   All    Basic          Disabled
8  Trunk #8         NONE                   All    Basic          Disabled
9  Trunk #9         NONE                   All    Basic          Disabled
10 Trunk #10        NONE                   All    Basic          Disabled
11 Trunk #11        NONE                   All    Basic          Disabled
12 Trunk #12        NONE                   All    Basic          Disabled
13 Trunk #13        NONE                   All    Basic          Disabled
14 Trunk #14        NONE                   All    Basic          Disabled
15 Trunk #15        NONE                   All    Basic          Disabled
16 Trunk #16        NONE                   All    Basic          Disabled
17 Trunk #17        NONE                   All    Basic          Disabled
18 Trunk #18        NONE                   All    Basic          Disabled
19 Trunk #19        NONE                   All    Basic          Disabled
20 Trunk #20        NONE                   All    Basic          Disabled
21 Trunk #21        NONE                   All    Basic          Disabled
22 Trunk #22        NONE                   All    Basic          Disabled
23 Trunk #23        NONE                   All    Basic          Disabled
24 Trunk #24        NONE                   All    Basic          Disabled
25 Trunk #25        NONE                   All    Basic          Disabled
26 Trunk #26        NONE                   All    Basic          Disabled
27 Trunk #27        NONE                   All    Basic          Disabled
28 Trunk #28        NONE                   All    Basic          Disabled
29 Trunk #29        NONE                   All    Basic          Disabled
30 Trunk #30        NONE                   All    Basic          Disabled
31 Trunk #31        NONE                   All    Basic          Disabled
32 Trunk #32        45-46                  Single DynLag/Basic   Enabled Trunk

You might be looking at the output above and asking yourself what’s “Trunk 32”? Let me provide some quick background. You can have a total of 32 MLT/LAG trunks on a stackable Avaya Ethernet Routing Switch. When you create LACP trunks the switch automatically creates a LAG in the MLT table dynamically from the bottom up. While in the previous post I created “Trunk 1” by trunking ports 47 and 48 together (see above), in this post I’ve created an LACP trunk on ports 45 and 46 which will be reported it the switch as “Trunk 32”. You can also see it in the MAC/FDB table above.

Cisco Catalyst 3750-E

enable
config t

Let’s give the switch an IP address in VLAN 1 for management;

vlan 1
ip address 192.168.1.25 255.255.255.0
no shut
exit

Let’s create VLAN 100 and VLAN 200 on the switch;

vlan 100
name "192-168-100-0/24"
exit
vlan 200
name "192-168-200-0/24"
exit

Let’s add the appropriate edge ports to each VLAN;

interface range gigabitEthernet 1/0/1-12
switchport access vlan 1
exit
interface range gigabitEthernet 1/0/13-24
switchport access vlan 100
exit
interface range gigabitEthernet 1/0/25-36
switchport access vlan 200
exit

Let’s configure ports 45 and 46 as trunk ports and bond them together in channel-group utilizing LACP;

interface gigabitEthernet 1/0/45
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

interface gigabitEthernet 1/0/46
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active

Cisco Catalyst 3750-E – Show Commands

SW-3750-E#show lacp neighbor
Flags:  S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode       P - Device is in Passive mode

Channel group 1 neighbors

Partner's information:

LACP port                        Admin  Oper   Port    Port
Port      Flags   Priority  Dev ID          Age    key    Key    Number  State
Gi1/0/45  FA      32768     001e.7e7c.2c00  16s    0x0    0x300A 0x2D    0x3F
Gi1/0/46  FA      32768     001e.7e7c.2c00  27s    0x0    0x300A 0x2E    0x3F

Switch#show mac address-table
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 All    0100.0ccc.cccc    STATIC      CPU
 All    0100.0ccc.cccd    STATIC      CPU
 All    0180.c200.0000    STATIC      CPU
 All    0180.c200.0001    STATIC      CPU
 All    0180.c200.0002    STATIC      CPU
 All    0180.c200.0003    STATIC      CPU
 All    0180.c200.0004    STATIC      CPU
 All    0180.c200.0005    STATIC      CPU
 All    0180.c200.0006    STATIC      CPU
 All    0180.c200.0007    STATIC      CPU
 All    0180.c200.0008    STATIC      CPU
 All    0180.c200.0009    STATIC      CPU
 All    0180.c200.000a    STATIC      CPU
 All    0180.c200.000b    STATIC      CPU
 All    0180.c200.000c    STATIC      CPU
 All    0180.c200.000d    STATIC      CPU
 All    0180.c200.000e    STATIC      CPU
 All    0180.c200.000f    STATIC      CPU
 All    0180.c200.0010    STATIC      CPU
 All    ffff.ffff.ffff    STATIC      CPU
   1    0004.619e.467e    DYNAMIC     Po1
   1    000c.2964.33f9    DYNAMIC     Po1
   1    000c.29a5.cb54    DYNAMIC     Po1
   1    000f.2095.38d5    DYNAMIC     Po1
   1    0018.01ea.f445    DYNAMIC     Po1
   1    001c.116b.dc6b    DYNAMIC     Po1
   1    001c.116d.1527    DYNAMIC     Po1
   1    001c.116d.15dc    DYNAMIC     Po1
   1    001e.7e7c.2c01    DYNAMIC     Po1
   1    001e.7e7c.2c2d    DYNAMIC     Po1
   1    001e.7e7c.2c2e    DYNAMIC     Po1
   1    001f.d0d0.be2d    DYNAMIC     Po1
   1    0023.ee96.aa21    DYNAMIC     Po1
   1    00a0.f85e.cebd    DYNAMIC     Po1
 100    0024.7f99.84e9    DYNAMIC     Po1
 200    0008.02e4.890a    DYNAMIC     Gi1/0/25
 200    001e.caf3.1db4    DYNAMIC     Po1
Total Mac Addresses for this criterion: 37

You might be asking why didn’t I assign the VLANs to the trunk ports on the Cisco Catalyst 3750-E… well with Cisco switches a trunk port is by default a member of all the VLANs that exist on the switch. So you don’t need to specifically add a VLAN to a trunk port, however, you can override the default behavior by telling the switch to only carry specific VLANs on a specific trunk port – this is called VLAN pruning.

Please feel free to point out any inconsistencies or errors I might have made.

Cheers!

802.1Q VLAN Tagging on an Ethernet Routing Switch

Michael McNamara — Fri, 28 Jan 2011 01:41:05 +0000

In my previous post I laid out the basics of how to configure multiple VLANs and enable IP routing on a stackable Avaya Ethernet Routing Switch. In this post I’m going to expand that topic to include trunking (802.1q) those VLANs to a second Ethernet Routing Switch. In this example I’ll add an Ethernet Routing Switch 4548 to the Ethernet Routing Switch 5520 that I had previously configured and deployed. We’ll create a Multi-Link Trunk between the two switches to bridge multiple VLANs across the 802.1q compliant link. Here’s a diagram of what the network should look like when we’re done;

In order to test I’ll move two of the IP phones to the Ethernet Routing Switch 4548 and I’ll use an old laptop to help verify the bridging.

Ethernet Routing Switch 4548

Let’s start with the Ethernet Routing Switch 4548GT-PWR and add the necessary configuration there first;

enable
config t

We start by creating VLAN 100 and VLAN 200 on the Ethernet Routing Switch 4548;

vlan create 100 name "192-168-100-0/24" type port
vlan members remove 1 25,27,29,31,33,35
vlan members add 100 25,27,29,31,33,35
vlan port 25,27,29,31,33,35 pvid 100

vlan create 200 name "192-168-200-0/24" type port
vlan members remove 1 26,28,30,32,34,36
vlan members add 200 26,28,30,32,34,36
vlan port 26,28,30,32,34,36 pvid 200

I’m not going to create a Layer 3 IP interfaces on these VLANs since the Ethernet Routing Switch 5520 is already routing for us. We just want to bridge the frames between the two switches not route them (not in this post anyway). Now let’s configure the ports that will make up the Mulit-Link Trunk;

vlan port 47,48 tagging TagAll
vlan members add 1 47,48
vlan members add 100 47,48
vlan members add 200 47,48
vlan port 47,48 pvid 1

mlt 1 disable
mlt 1 name "MLT_to_ERS5520"
mlt 1 learning disable
mlt 1 member 47,48
mlt 1 enable

That’s pretty much it. We enabled tagging on the uplink/downlink ports, added the necessary VLANs to the ports and then created and enabled a MLT.

Ethernet Routing Switch 4548 – Show Configuration

That should be the configuration for the Ethernet Routing Switch 4548… let’s just have a quick look at the VLANs;

4548GT-PWR(config)#show vlan
Id  Name                 Type     Protocol         User PID Active IVL/SVL Mgmt
--- -------------------- -------- ---------------- -------- ------ ------- ----
1   VLAN #1              Port     None             0x0000   Yes    IVL     Yes
        Port Members: 1-24,47-48
2   VLAN #2              Port     None             0x0000   Yes    IVL     No
        Port Members: 37-46
100 192-168-100-0/24     Port     None             0x0000   Yes    IVL     No
        Port Members: 25,27,29,31,33,35,47-48
200 192-168-200-0/24     Port     None             0x0000   Yes    IVL     No
        Port Members: 26,28,30,32,34,36,47-48
Total VLANs: 4

Let’s just check the Multi-Link Trunk configuration… if that’s wrong we could end up with a loop in the network;

4548GT-PWR(config)#show mlt 1
Id Name                 Members                Bpdu   Mode           Status
-- -------------------- ---------------------- ------ -------------- -------
1  MLT_to_ERS5520       47-48                  All    Basic          Enabled

You can see from the commands above that the ports are configured with the appropriate VLANs and the MLT is enabled.

Ethernet Routing Switch 5520

Let’s add the necessary configuration to the Ethernet Routing Switch 5520-PWR. I’m not going to repeat all the commands I performed in the yesterday’s post, instead I’ll just build upon the previous configuration adding what we need for the 802.1q trunking and the Multi-Link Trunking;

enable
config t

vlan port 47,48 tagging TagAll
vlan members add 1 47,48
vlan members add 100 47,48
vlan members add 200 47,48
vlan port 47,48 pvid 1

mlt 1 disable
mlt 1 name "MLT_to_ERS4548"
mlt 1 learning disable
mlt 1 member 47,48
mlt 1 enable

Ethernet Routing Switch 5520 – Show Configuration

That should be the configuration for the Ethernet Routing Switch 5520… let’s just have a quick look at the VLANs;

5520-48T-PWR#show vlan
Id  Name                 Type     Protocol         PID      Active IVL/SVL Mgmt
--- -------------------- -------- ---------------- -------- ------ ------- ----
1   test                 Port     None             0x0000   Yes    IVL     Yes
        Port Members: 1-12,37-48
100 192-168-100-0/24     Port     None             0x0000   Yes    IVL     No
        Port Members: 13-24,47-48
101 10-101-20-0/24       Port     None             0x0000   Yes    IVL     No
        Port Members: 25-36
200 192-168-200-0/24     Port     None             0x0000   Yes    IVL     No
        Port Members: 47-48
Total VLANs: 4

Let’s just check the Multi-Link Trunk configuration… if that’s wrong we could end up with a loop in the network;

5520-48T-PWR#show mlt 1
Id Name             Members                Bpdu   Mode           Status  Type
-- ---------------- ---------------------- ------ -------------- ------- ------
1  MLT_to_ERS4548   47-48                  All    Basic          Enabled Trunk

Since all stackable Avaya Ethernet Routing Switches support Auto-MDIX I can just use two regular CAT5e patch cables to connect the switches together. If the switches didn’t support Auto-MDIX I would need to use two crossover cables between them.

Ethernet Routing Switch 4548 – Operational Status

With link up on ports 47 and 48 I can check the following information. The topology table will show me the physical connections between the two switches. The MAC/FDB table will show me that there are multiple MAC/FDB entries in VLANs 100 and 200 being learned across “Trunk 1”. The LLDP table will show me the Avaya IP phones that I’ve connected to ports 25 and 26.

4548GT-PWR#show autotopology nmm-table
LSlot                                                                     RSlot
LPort IP Addr          Seg ID  MAC Addr     Chassis Type     BT LS   CS   RPort
----- --------------- -------- ------------ ---------------- -- --- ----  -----
0/ 0 192.168.1.25    0x000000 001E7E7C2C01 4548GT-PWR       12 Yes HTBT    NA
1/47 192.168.1.50    0x000130 001F0ACEBC01 5520-48T-PWR     12 Yes HTBT   1/48
1/48 192.168.1.50    0x00012f 001F0ACEBC01 5520-48T-PWR     12 Yes HTBT   1/47

4548GT-PWR#show mac-address-table
Mac Address Table Aging Time: 300
Number of addresses: 20

   MAC Address    Vid  Source         MAC Address    Vid  Source
----------------- ---- -------     ----------------- ---- -------
00-02-B3-CB-77-A2    1 Port:19     00-04-61-9E-46-7E    1 Port:21
00-0C-29-64-33-F9    1 Port:19     00-0C-29-A5-CB-54    1 Port:19
00-18-01-EA-F4-45    1 Port: 1     00-1C-11-6B-DC-6B    1 Port: 1
00-1C-11-6D-15-27    1 Port: 1     00-1C-11-6D-15-DC    1 Port: 1
00-1E-7E-7C-2C-00    1             00-1E-7E-7C-2C-40    1
00-1F-0A-CE-BC-40    1 Trunk:1     00-1F-D0-D0-BE-2D    1 Port:17
00-23-EE-96-AA-21    1 Port: 1     00-24-B5-F6-94-02    1 Trunk:1
00-0A-E4-76-9C-C8    2 Port:45     00-1F-0A-CE-BC-01    2 Trunk:1
00-24-DC-DF-0D-08    2 Port:43     00-A0-F8-5E-CE-BC    2 Port:39
00-1F-0A-CE-BC-41  100 Trunk:1     00-24-7F-99-84-70  100 Port:25
00-24-7F-99-84-E9  100 Trunk:1     00-1E-CA-F3-1D-B4  200 Port:26

4548GT-PWR#show lldp neighbor
-------------------------------------------------------------------------------
                            lldp neighbor
-------------------------------------------------------------------------------
Port: 26    Index: 4                  Time: 13 days, 22:42:31
        ChassisId: Network address    IPv4  192.168.200.5
        PortId:    MAC address        00:1e:ca:f3:1d:b4
        SysCap:    TB / TB            (Supported/Enabled)
        PortDesc:  Avaya IP Phone
        SysDescr:  Avaya IP Telephone 1120E, Firmware:SIP1120e04.00.04.00

-------------------------------------------------------------------------------
Port: 25    Index: 6                  Time: 13 days, 22:43:48
        ChassisId: Network address    IPv4  192.168.100.98
        PortId:    MAC address        00:24:7f:99:84:70
        SysCap:    TB / TB            (Supported/Enabled)
        PortDesc:  Avaya IP Phone
        SysDescr:  Avaya IP Telephone 1220, Firmware:SIP12x004.00.04.00

-------------------------------------------------------------------------------
Sys capability: O-Other; R-Repeater; B-Bridge; W-WLAN accesspoint; r-Router;
T-Telephone; D-DOCSIS cable device; S-Station only.
Total neighbors: 2

Ethernet Routing Switch 5520 – Operational Status

I can check all the same information on the ERS5520.. The topology table will show me the physical connections between the two switches. The MAC/FDB table will show me that there are multiple MAC/FDB entries in VLANs 100 and 200 being learned across “Trunk 1”. The LLDP table will show me the Avaya IP phones that I’ve connected to ports 13 and 25.

5520-48T-PWR#show autotopology nmm-table
LSlot                                                                     RSlot
LPort IP Addr          Seg ID  MAC Addr     Chassis Type     BT LS   CS   RPort
----- --------------- -------- ------------ ---------------- -- --- ----  -----
 0/ 0 192.168.1.50    0x000000 001F0ACEBC01 5520-48T-PWR     12 Yes TPCH    NA
 1/47 192.168.1.25    0x00012f 001E7E7C2C01 4548GT-PWR       12 Yes TPCH   1/47
 1/48 192.168.1.25    0x000130 001E7E7C2C01 4548GT-PWR       12 Yes TPCH   1/48

5520-48T-PWR#show mac-address-table
Mac Address Table Aging Time: 300
Number of addresses: 16

   MAC Address    Vid  Source         MAC Address    Vid  Source
----------------- ---- -------     ----------------- ---- -------
00-02-B3-CB-77-A2    1 Trunk:1     00-04-61-9E-46-7E    1 Trunk:1
00-0C-29-64-33-F9    1 Trunk:1     00-0C-29-A5-CB-54    1 Trunk:1
00-18-01-EA-F4-45    1 Trunk:1     00-1C-11-6B-DC-6B    1 Trunk:1
00-1C-11-6D-15-27    1 Trunk:1     00-1C-11-6D-15-DC    1 Trunk:1
00-1E-7E-7C-2C-01    1 Trunk:1     00-1E-7E-7C-2C-40    1 Trunk:1
00-1F-0A-CE-BC-00    1             00-1F-0A-CE-BC-40    1
00-1F-D0-D0-BE-2D    1 Trunk:1     00-23-EE-96-AA-21    1 Trunk:1
00-24-B5-F6-94-02    1 Port: 9     00-1F-0A-CE-BC-41  100
00-24-7F-99-84-70  100 Trunk:1     00-24-7F-99-84-E9  100 Port:15
00-1E-CA-F3-1D-B4  200 Trunk:1

5520-48T-PWR#show lldp neighbor
-------------------------------------------------------------------------------
                            lldp neighbor
-------------------------------------------------------------------------------
Port: 13     Index: 5                  Time: 0 days, 00:02:00
        ChassisId: Network address    IPv4  192.168.100.4
        PortId:    MAC address        00:24:b5:f6:94:02
        SysCap:    TB / TB            (Supported/Enabled)
        PortDesc:  Avaya IP Phone
        SysDescr:  Avaya IP Telephone 1165E, Firmware:SIP1165e04.00.04.00

-------------------------------------------------------------------------------
Port: 25    Index: 6                  Time: 0 days, 00:02:19
        ChassisId: Network address    IPv4  192.168.200.99
        PortId:    MAC address        00:24:7f:99:84:e9
        SysCap:    TB / TB            (Supported/Enabled)
        PortDesc:  Avaya IP Phone
        SysDescr:  Avaya IP Telephone 1220, Firmware:SIP12x004.00.04.00

-------------------------------------------------------------------------------
Sys capability: O-Other; R-Repeater; B-Bridge; W-WLAN accesspoint; r-Router;
T-Telephone; D-DOCSIS cable device; S-Station only.
Total neighbors: 2

Would you be interested in seeing a screencast of this whole process?

Let me know if you have any questions or would like to point out corrections!

Cheers!

Avaya and Cisco Interoperability Technical Configuration Guide

Michael McNamara — Mon, 21 Jun 2010 03:00:24 +0000

Avaya has release an updated technical configuration guide geared towards the interoperability between Cisco and Avaya equipment.The document covers a lot of information including EtherChannel to MLT interoperability, Spanning Tree interoperability, Nortel IP phones connecting to Cisco switches and Cisco IP phones connecting to Nortel switches.

It’s definitely well worth the time to review.

Cheers!

LACP Configuration Examples (Part 2)

Michael McNamara — Thu, 20 Aug 2009 01:00:56 +0000

[ad name=”ad-articlebodysq”]In part 1 of this post I provided a pretty simple example of an LACP LAG between two Nortel switches. In this post I’ll provide another example with a small twist thrown in; we’ll terminate the LAG on two ERS 8600 switches using Nortel’s proprietary SMLT (Split MultiLink Trunking) technology. In this example I’ll substitute the Nortel Ethernet Switch 470 for a Ethernet Routing Switch 5520. You’ll notice that the LACP configurations (commands) are identical between the 470 and 5520 switches.

Example 2 – Ethernet Routing Switch 8600 to Ethernet Switch 5520 using LACP trunk with SMLT

As I said before a picture is worth a thousand words and can be very helpful in designing any network topology.

As with the previous example we’ll start with the Ethernet Routing Switch 8600s and then progress to the Ethernet Routing Switch 5520s. In this example we’ll need to configure two ERS 8600 switches, I’ll assume that you already have an IST (InnerSwitch Trunk) built and running properly.

Let’s start by configuring a MLT group the same way we did so in the previous example. The ERS8600-A switch first;

ERS8600-A
config mlt 15 create
config mlt 15 name "SMLT_LACP"
config mlt 15 lacp key 15
config mlt 15 lacp enable

Now the ERS8600-B switch;

ERS8600-B
config mlt 15 create
config mlt 15 name "SMLT_LACP"
config mlt 15 lacp key 15
config mlt 15 lacp enable

In this example I’ve chosen to connect the uplinks to port 2/17 on each switch. I’ve chosen to use the same ports on both switches only to make the configuration easier to understand for myself. I would use whatever ports I wanted on either switch so long as they are all running at the same speed. In this case the ports are both 10/100Mbps ports and will auto-negotiate to 100Mbps with the MDI-X feature of the ERS 5520 switch.

I’ll enable tagging (802.1q) just like I did in my previous example and I’ll remove VLAN 1 and add VLAN 99. Outside of this example you would just add whatever VLANs you’ll be extended to the edge switch.

ERS8600-A
config ethernet 2/17 perform-tagging enable
config vlan 1 ports remove 2/17
config vlan 99 ports add 2/17

Now the ERS8600-B switch;

ERS8600-B
config ethernet 2/17 perform-tagging enable
config vlan 1 ports remove 2/17
config vlan 99 ports add 2/17

Next we’ll enable LACP on the specific ports and group them using the same admin key;

ERS8600-A
config ethernet 2/17 lacp key 15
config ethernet 2/17 lacp aggregation true
config ethernet 2/17 lacp timeout short
config ethernet 2/17 lacp enable

Now the ERS8600-B switch;

ERS8600-B
config ethernet 2/17 lacp key 15
config ethernet 2/17 lacp aggregation true
config ethernet 2/17 lacp timeout short
config ethernet 2/17 lacp enable

Now because we’re going to be running in an SMLT configuration we need to make a few global changes. We need to enable LACP globally, but we also need to make sure that both switches use the same LACP identifier when communicating with the edge switch. This is necessary so the edge switch won’t know that it’s actually connected to two different switches upstream. If the LACP identifiers didn’t match between the two ERS8600 switches the edge switch would become confused.

ERS8600-A
config lacp smlt-sys-id 00:01:81:28:84:00
config lacp enable

Now the ERS8600-B switch;

ERS8600-B
config lacp smlt-sys-id 00:01:81:28:84:00
config lacp enable

We need to configure the MLT to operate in an SMLT configuration. We also need to make sure that any VLANs we are extending to the edge switch are also bridged across the IST between the two ERS 8600 switches. In this example I’m extending VLAN 99 so I need to add VLAN 99 to the IST which happens to be MLT 1.

ERS8600-A
config mlt 15 smlt create smlt-id 15
config vlan 99 add-mlt 1

Now the ERS8600-B switch;

ERS8600-B
config mlt 15 smlt create smlt-id 15
config vlan 99 add-mlt 1

That’s all the commands required for the two ERS8600 switches.

With that said there are some best practices that should be applied to all downlinks when utilizing SMLT.

While I left this out of the previous example these settings are applicable to both examples.

Let’s make sure that we enable CP-LIMIT which will shutdown the port if the switch receives too many broadcast or multicast frames per second. While some users don’t like this feature it’s better to cut off an offending closet than loose an entire network due to a loop or misconfigured switch. A word of warning here! You do not want CP-LIMIT enabled on any ports used in your IST, you also don’t want it enabled on the uplinks of any ERS8600 switches that reside at the edge as they might cut themselves off from the network. Instead enable it in the core on the downlinks to the edge switches and closet switches.

ERS8600-A
config ethernet 2/17 cp-limit enable multicast-limit 2500 broadcast-limit 2500

Now the ERS8600-B switch;

ERS8600-B
config ethernet 2/17 cp-limit enable multicast-limit 2500 broadcast-limit 2500

Another feature that helps protect the network is SLPP (Simple Loop Protection Protocol). In my opinion this feature is a must for any serious network. I can’t tell you how many times this feature has saved the networks I manage today. This feature will detect a misconfigured MLT/LACP at the edge switch and shutdown one of the downlink ports to preventing a loop. With SLPP you need to pay attention to the threshold setting. You want different thresholds between the two ERS8600 switches so that only one uplink gets shutdown.

ERS8600-A
config slpp add 99
config slpp operation enable
config ethernet 2/17 slpp packet-rx-threshold 50
config ethernet 2/17 slpp packet-rx enable

Now the ERS8600-B switch with a threshold of 5;

ERS8600-B
config slpp add 99
config slpp operation enable
config ethernet 2/17 slpp packet-rx-threshold 5
config ethernet 2/17 slpp packet-rx enable

That’s it for the two ERS8600 switches.

I’m literally going to cut and past the configuration of the ERS5520 from the previous example as it should be identical.

vlan ports 33,34 tagging tagAll

Let’s add VLAN 99 to the ports, I’ve already created the VLAN ahead of time.

vlan members add 99 33,34

Now we just need to configure the LACP parameters for each port and then enable LACP.

interface fastEthernet 33-34
lacp key 13
lacp mode active
lacp timeout-time short
lacp aggregation enable
exit

Hopefully that’s been helpful!

Cheers!

Nortel ERS 5520 PwR Switch

Michael McNamara — Tue, 23 Oct 2007 23:49:00 +0000

[ad name=”ad-articlebodysq”]Update: July 30, 2009
I’ve added a command to disable the User Interface Button (UI Button) “no ui-button enable”.

Update: February 7, 2009
It was time to update this article with some additional information and settings that I’m now using in all my switch deployments. The big change is the updated ADAC MAC address table. Please also note the VLACP time-out scale change and I’ve updated the year field for the Daylight Saving Time change.

Update: August 13, 2008
This was one of the first articles I wrote back in October 2007 and it is by far the most popular article out of all 110 articles that I currently have published. With that said I decided to come back and spruce up this post with some additional “tweaks” that I’ve added over the past 10 months. I’m also going to attack a link to a text file so folks can just download the file of commands, tweak the specific individual settings such as IP address and VLAN information, and then cut and paste into the CLI interface of the Nortel Ethernet Routing Switch 5520. It will hopefully save folks from having to cut and paste each section.

Note: just a quick warning about cutting and pasting into the CLI interface, I’ve often found that the buffer will overflow if I try to paste an entire configuration at once. I usually need to break it into at least two or three sections and cut and paste those section one at a time.

In this post I’ll try to outline how you can configure the Nortel Ethernet Routing Switch 5520 in a VoIP environment using Nortel i2002/i2004 Internet Telephones (this procedure will also work the same with the i2007/1120E/1140E phones).

You’ll obviously need a ERS 5520 switch and you’ll need SW 5.0.6.22 or later and FW 5.0.0.3 or later (there are known issues with earlier software versions that create inconsistent results using LLDP with the i2002/i2004 phones). I would strongly advise that you start with a default configuration. From the CLI issue the following commands to reset the switch to factory defaults;

5520-48T-PWR> enable
5520-48T-PWR# boot default

The switch should reboot with a default configuration. Let’s proceed with the configuration;

5520-48T-PWR> enable
5520-48T-PWR# configure terminal

Let’s set the local read-only and read-write passwords;

5520-48T-PWR (config)#cli password read-only readpass
5520-48T-PWR (config)#cli password read-write writepass
5520-48T-PWR (config)#cli password serial local
5520-48T-PWR (config)#cli password telnet local

Let’s disable the user interface button (UI button);

5520-48T-PWR (config)# no ui-button enable

Enable AUTOPVID;

5520-48T-PWR (config)# vlan configcontrol autopvid

We’ll be up linking this switch using a MultiLink trunk on ports 47 and 48 so we’ll enable tagging on the fiber uplinks;

5520-48T-PWR (config)# vlan ports 47,48 tagging enable

Let’s create the data VLAN (VID 100) and management VLAN (VID 200) on the switch;

5520-48T-PWR (config)# vlan members remove 1 ALL
5520-48T-PWR (config)# vlan create 200 name "10-1-200-0/24" type port
5520-48T-PWR (config)# vlan members add 200 47,48
5520-48T-PWR (config)# vlan create 100 name "10-1-100-0/24" type port
5520-48T-PWR (config)# vlan members add 100 1-48
5520-48T-PWR (config)# vlan port 1-46 pvid 100
5520-48T-PWR (config)# vlan port 47,48 pvid 200

Let’s make VLAN 200 the management VLAN and assign the IP address;

5520-48T-PWR (config)# vlan mgmt 200
5520-48T-PWR (config)# ip address switch 10.1.200.10 netmask 255.255.255.0 default-gateway 10.1.200.1

Let’s setup Simple Network Management Protocol (SNMP);

5520-48T-PWR (config)# snmp-server authentication-trap disable
5520-48T-PWR (config)# snmp-server community  ro
5520-48T-PWR (config)# snmp-server community  rw
5520-48T-PWR (config)# snmp-server host

Let’s configure the logging so it will overwrite the oldest events;

5520-48T-PWR (config)# logging volatile overwrite
5520-48T-PWR (config)# logging enable

Let’s setup Simple Network Time Protocol (SNTP);

5520-48T-PWR (config)# sntp server primary address
5520-48T-PWR (config)# sntp server secondary address
5520-48T-PWR (config)# sntp enable

Depending on the version of switch software your running you may be able to configure Daylight Saving Time;

5520-48T-PWR (config)#clock time-zone EST -5
5520-48T-PWR (config)#clock summer-time EDT date 9 Mar 2009 2:00 2 Nov 2009 2:00 +60

Let’s setup the MultiLink trunk that will connect the switch back to the backbone;

5520-48T-PWR (config)# mlt 1 disable
5520-48T-PWR (config)# mlt 1 name "MLT-8600"
5520-48T-PWR (config)# mlt 1 learning disable
5520-48T-PWR (config)# mlt 1 member 47,48
5520-48T-PWR (config)# mlt 1 enable

Let’s setup ADAC (Automatic Detection and Automatic Configuration) for our i2002/i2004 phones. We’ll using VLAN 50 as our voice VLAN and we’ll use port 48 as our uplink (the switch will add 47 automatically because of the MLT configuration). There is a new command to clear the ADAC MAC address table that may be missing from earlier versions, “no adac mac-range-table”. I’ve also updated the list of entries that I use.

5520-48T-PWR (config)# adac voice-vlan 50
5520-48T-PWR (config)# adac op-mode tagged-frames
5520-48T-PWR (config)# adac uplink-port 48
5520-48T-PWR (config)# no adac mac-range-table
5520-48T-PWR (config)# adac mac-range-table low-end 00:0a:e4:75:00:00 high-end 00:0a:e4:75:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:13:65:00:00:00 high-end 00:13:65:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:14:c2:00:00:00 high-end 00:14:c2:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:16:ca:00:00:00 high-end 00:16:ca:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:17:65:00:00:00 high-end 00:17:65:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:69:00:00:00 high-end 00:19:69:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:e1:00:00:00 high-end 00:19:e1:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:1b:ba:00:00:00 high-end 00:1b:ba:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:1e:ca:00:00:00 high-end 00:1e:ca:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:22:67:00:00:00 high-end 00:22:67:ff:ff:ff
5520-48T-PWR (config)# adac enable

We need to strip the 802.1q tag from any packets in the PVID VLAN from going to the phone. In this design we’re expecting to connect IP phones to ports 1 – 46.

5520-48T-PWR (config)# vlan port 1-46 tagging untagpvidOnly

Let’s configure LLDP for the ports we expect to connect IP phones (1 – 46);

5520-48T-PWR (config)# interface fastEthernet 1-46
5520-48T-PWR (config-if)# vlan ports 1-46 filter-unregistered-frames disable
5520-48T-PWR (config-if)# lldp tx-tlv port-desc sys-cap sys-desc sys-name
5520-48T-PWR (config-if)# lldp status txAndRx config-notification
5520-48T-PWR (config-if)# lldp tx-tlv med extendedPSE med-capabilities network-policy
5520-48T-PWR (config-if)# poe poe-priority high
5520-48T-PWR (config-if)# spanning-tree learning fast
5520-48T-PWR (config-if)# adac enable
5520-48T-PWR (config-if)# exit

The option in RED above was added after an issue was discovered when trying to upgrade the firmware on the IP phones. The filter-unregistered-frames is enabled by default and should be disabled to avoid and issues with upgrading the firmware on the IP phones. We are attempting to investigate further with Nortel and our voice vendor Shared Technologies.

Let’s disable the two remaining ports that share the GBIC interfaces incase we need those in the future;

5520-48T-PWR (config)# interface fastEthernet 45-46
5520-48T-PWR (config-if)# shutdown
5520-48T-PWR (config-if)# exit

Let’s setup a QoS interface group to trust all traffic that will ingress on the fiber uplinks. By default the ERS 5520 switch will strip all QoS tags on all ports. Thankfully ADAC will take care of the QoS settings for all VoIP traffic.

5520-48T-PWR (config)# qos if-group name allUpLinks class trusted
5520-48T-PWR (config)# interface fastEthernet 47,48
5520-48T-PWR (config)# qos if-assign port 47,48 name allUpLinks
5520-48T-PWR (config)# exit

Let’s set the SNMP information;

5520-48T-PWR (config)# snmp-server name "sw-icr1-1east.sub.domain.org"
5520-48T-PWR (config)# snmp-server location "Acme Internet Phone Company (ICR1)"
5520-48T-PWR (config)# snmp-server contact "Network Infrastructure Team"

Let’s enable rate limiting for all broadcast and multicast traffic to 10% of the link;

5520-48T-PWR (config)# interface fastEthernet ALL
5520-48T-PWR (config-if)# rate-limit both 5
5520-48T-PWR (config-if)# exit

Let’s setup VLACP (Virtual Link Aggregation Protocol) on the uplinks to the core;

5520-48T-PWR (config)# interface fastEthernet 47,48
5520-48T-PWR (config-if)# vlacp port 47,48 timeout short
5520-48T-PWR (config-if)# vlacp port 47,48 timeout-scale 5
5520-48T-PWR (config-if)# vlacp port 47,48 enable
5520-48T-PWR (config-if)# exit
5520-48T-PWR (config)# vlacp enable

That’s it your done! Well hopefully your done.

In my next post I’ll tell you what DHCP options you’ll need to configure on your DHCP server in order for the phones to boot properly and connect to the Nortel Call Server.

Cheers!