1. Switch name change
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# snmp-server enable
ERS55xx-Switch(config)# snmp-server name “Avaya-ERS-Switch”
2. Assign IP address
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# ip default-gateway 10.10.10.1
ERS55xx-Switch(config)# ip address switch 10.10.10.2
ERS55xx-Switch(config)# ip adress netmask 255.255.255.0
ERS55xx-Switch(config)# ip address source configured-address
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# ip default-gateway 10.10.10.1
ERS55xx-Switch(config)# ip address stack 10.10.10.2
ERS55xx-Switch(config)# ip adress netmask 255.255.255.0
ERS55xx-Switch(config)# ip address source configured-address
3. Interface shutdown
ERS55xx-Switch(config)# interface fastethernet 45-46
ERS55xx-Switch(config)# shutdown
ERS55xx-Switch(config)# exit
4. Create VLANs, port assign and Trunk
ERS55xx-Switch(config)# vlan member remove 1 1-48 or ALL
or
ERS55xx-Switch(config)# vlan members 1 none
* Not recommended using VLAN 1 in real world. As a default, all ports are belong to VLAN1.
** CLI Configuration mode; ERS5000 switch is using the strict (default setting) VLAN configurationmode. In this mode, you must first remove port members from the default VLAN 1 prior to adding these port members to a new VLAN. The VLAN configuration mode is set by using the command vlan configcontrol automatic|autopvid|flexible|strict>
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# vlan create 10,20,30,99 type port 1
ERS55xx-Switch(config)# vlan port 47-48 tagging tagAll
ERS55xx-Switch(config)# vlan port tagging tagall filter-untagged-frame enable
ERS55xx-Switch(config)# vlan configcontrol flexible
ERS55xx-Switch(config)# vlan member 10 1-10, 41,42
ERS55xx-Switch(config)# vlan member 20 21-30, 43,44
ERS55xx-Switch(config)# vlan member 30 31-40, 45,46
ERS55xx-Switch(config)# vlan ports 1-10, 41,42 pvid 10
ERS55xx-Switch(config)# vlan ports 20 21-30, 43,44 pvid 20
ERS55xx-Switch(config)# vlan ports 30 31-40, 45,46 pvid 30
5. Management VLAN
ERS55xx-Switch(config)# vlan create 99 name mgmt
ERS55xx-Switch(config)# vlan member 99
6. MLT / Aggregation
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# mlt 1 name “Trunk #1′ enable member 47-48
ERS55xx-Switch(config)# vlan ports 47,48 tagging enable
ERS55xx-Switch(config)# mlt 1 disable
ERS55xx-Switch(config)# mlt 1 name “MLT-8600”
ERS55xx-Switch(config)# mlt 1 learning disable
ERS55xx-Switch(config)# mlt 1 member 47,48
ERS55xx-Switch(config)# mlt 1 enable
or
ERS55xx-Switch(config)# mlt 1 member 1/23-24 learning disable
ERS55xx-Switch(config)# mlt 1 encapsulatin dot1q
ERS55xx-Switch(config)# vlan mlt [vlan] [index]
ERS55xx-Switch(config)# mlt 1 enable
* show mlt
7. STP : Spanning-Tree
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# interface FastEthernet All
ERS55xx-Switch(config-if)# spanning-tree port 1-46 learning fast
* it is different from Cisco portfast.
** still STP on the port but take 2 sec learning and forwarding
or
ERS55xx-Switch(config)#interface fastEthernet 1/47,1/48
ERS55xx-Switch(config-if)#spanning-tree learning normal
ERS55xx-Switch(config-if)# spanning-tree port 47-48 learning disable
ERS55xx-Switch(config-if)# exit
ERS55xx-Switch(config)# mlt spanning-tree 1 stp 1 learning disable
ERS55xx-Switch(config)# spanning-tree port-mode auto
ERS55xx-Switch(config)# spanning-tree stp 1 priority 1000 ; 4096 in decimal(8000 for 32768 in decimal), Core switch… root bridge.
* If trunk port is blocking mode, check MLT is true
8. Security – MAC Security
< Manual MAC security control >
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# mac-security enable ; Globally enable
ERS55xx-Switch(config)# interface FastEthernet 1-46 ; interface level configuration
ERS55xx-Switch(config-if)# mac-security enable
ERS55xx-Switch(config-if)# exit
ERS55xx-Switch(config)# mac-security mac-address-table address 00-11-22-33-44-55 port 1
ERS55xx-Switch(config)# mac-security mac-address-table address 00-11-22-66-77-88 port 2
< MAC security control with Auto learn >
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# mac-security enable ; Globally enable
ERS55xx-Switch(config)# mac-security learning-port 11-21
ERS55xx-Switch(config)# mac-security learning enable
or
ERS55xx-Switch(config)# interface FastEthernet 11-21
ERS55xx-Switch(config-if)# mac-security learning
ERS55xx-Switch(config-if)#exit
* Never enable MAC security on uplink / MLT
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# interface FastEther 47-48
ERS55xx-Switch(config-if)# mac-security lock-out
ERS55xx-Switch(config-if)# exit
** Disable SNMP write access
ERS55xx-Switch# conf t
ERS55xx-Switch(config)# mac-security snmp-lock enable
ERS55xx-Switch# show mac-security port 47-48
ERS55xx-Switch# show mac-security config c ; Global status of MAC-security
ERS55xx-Switch# show mac-security port ; port status of MAC-securit
ERS55xx-Switch# show mac-security mac-address-table
ERS55xx-Switch# show mac-address-table vid 10
*** unauthorized device is still able to see broadcast and unknown traffic flowing in the VLAN.
Example#1> Replacing PC on port 14. (new mac)
a. ERS55xx-Switch(config)# interface FastEthernet 14
b. ERS55xx-Switch(config-if)# mac-security disable
c. ERS55xx-Switch(config-if)# exit
d. ERS55xx-Switch(config)# mac-security learning-port 14
e. ERS55xx-Switch(config)# mac-security learning enable
* This process won’t impact on MAC security or traffic on any other ports
– Waiting for new MAC on the mac-address-table / show mac-security-address-table
– Now you should see the new MAC and proceed to re-enable MAC security on port 14
f. ERS55xx-Switch(config)# mac-security learning disable
g. ERS55xx-Switch(config)# interface FastEthernet 14
h. ERS55xx-Switch(config-if)# mac-security enable
i.ERS55xx-Switch(config-if)# exit
9. DHCP / IP-helper Address
ERS55xx-Switch(config)# interface vlan 38
ERS55xx-Switch(config)# ip address 10.10.38.1 255.255.255.0 4
ERS55xx-Switch(config)# ip dhcp-relay
ERS55xx-Switch(config)# exit
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.240
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.77
or
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.77 enable
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.240 enable
or
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.77 enable
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.77 mode bootp-dhcp (may not necessary)
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.240 enable
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.240 mode bootp-dhcp (may not necessary)
10. SSH
ERS55xx-Switch(config)# ssh secure
Enable secure mode will cut off all remote access. Telnet, snmp and web will be disabled. Are you sure (y/n) ? y
* Eabling SSH will disable telnet, web and snmp access.
11. IP routing
ERS55xx-Switch(config)# ip routing
ERS55xx-Switch(config)# ip route
ip route 10.10.50.0 255.255.255.128 10.10.39.2 1
ip route 0.0.0.0 0.0.0.0 10.10.39.50 1
12. Stack
Forced stack mode feature on the Ethernet switches; If a switch fails, the remaining switch is a stack of one as opposed to returning to standalone switch mode.
stack forced-mode
stack-monitor stack-size 2
stack-monitor trap-interval 300
stack-monitor enable
* stack
– Automatically s/w update
Ex) Two Unit stacking (Unit#1=base unit)
1. power on only Unit1 : Acting switch mode, no pinging stack IP. Reconfigure switch IP from stack IP)
2. power on only unit2 : Acting switch mode, no pinging stack IP. Reconfigure switch IP from stack IP)
3. Both power on : Doesn’t matter which one first). Once stacking initializing is completed,
stack IP is pingable.
4. Power off one of unit : VLAN and stacking configuration is taking over and stack ip is
still pingable. (delay for 120 seconds)
13. SNMP
Switch(config)# snmp enable
Switch(config)# ipmgr snmp
Switch(config)# snmp-server enable
Switch(config)# snmp-server disable
Switch(config)# snmp-server community xxxxx ro
Switch(config)# snmp-server community xxxxx rw
14. VLACP
If you are connecting to an Avaya core A & B don뭪 forget to enable VLACP
interface fastEthernet 1/48,2/48
vlacp port 1/48,2/48 timeout short
vlacp port 1/48,2/48 timeout-scale 5
vlacp port 1/48,2/48 enable
exit
vlacp enable
15. Save configuration
ERS55xx-Switch(config)# autosave enable
ERS55xx-Switch# save config