Avaya

1. Switch name change

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# snmp-server enable
ERS55xx-Switch(config)# snmp-server name “Avaya-ERS-Switch”

 

2. Assign IP address

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# ip default-gateway 10.10.10.1
ERS55xx-Switch(config)# ip address switch 10.10.10.2
ERS55xx-Switch(config)# ip adress netmask 255.255.255.0
ERS55xx-Switch(config)# ip address source configured-address

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# ip default-gateway 10.10.10.1
ERS55xx-Switch(config)# ip address stack 10.10.10.2
ERS55xx-Switch(config)# ip adress netmask 255.255.255.0
ERS55xx-Switch(config)# ip address source configured-address

 

3. Interface shutdown

ERS55xx-Switch(config)# interface fastethernet 45-46
ERS55xx-Switch(config)# shutdown
ERS55xx-Switch(config)# exit

 

4. Create VLANs, port assign and Trunk

 

ERS55xx-Switch(config)# vlan member remove 1 1-48 or ALL
or
ERS55xx-Switch(config)# vlan members 1 none

* Not recommended using VLAN 1 in real world. As a default, all ports are belong to VLAN1.

** CLI Configuration mode;  ERS5000 switch is using the strict (default setting) VLAN configurationmode. In this mode, you must first remove port members from the default VLAN 1 prior to adding these port members to a new VLAN. The VLAN configuration mode is set by using the command vlan configcontrol automatic|autopvid|flexible|strict>

 

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# vlan create 10,20,30,99 type port 1
ERS55xx-Switch(config)# vlan port 47-48 tagging tagAll
ERS55xx-Switch(config)# vlan port tagging tagall filter-untagged-frame enable
ERS55xx-Switch(config)# vlan configcontrol flexible

ERS55xx-Switch(config)# vlan member 10 1-10, 41,42
ERS55xx-Switch(config)# vlan member 20 21-30, 43,44
ERS55xx-Switch(config)# vlan member 30 31-40, 45,46
ERS55xx-Switch(config)# vlan ports 1-10, 41,42 pvid 10
ERS55xx-Switch(config)# vlan ports 20 21-30, 43,44 pvid 20
ERS55xx-Switch(config)# vlan ports 30 31-40, 45,46 pvid 30

 

5. Management VLAN

ERS55xx-Switch(config)# vlan create 99 name mgmt
ERS55xx-Switch(config)# vlan member 99

 

6. MLT / Aggregation

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# mlt 1 name “Trunk #1′ enable member 47-48

 

ERS55xx-Switch(config)# vlan ports 47,48 tagging enable
ERS55xx-Switch(config)# mlt 1 disable
ERS55xx-Switch(config)# mlt 1 name “MLT-8600”
ERS55xx-Switch(config)# mlt 1 learning disable
ERS55xx-Switch(config)# mlt 1 member 47,48
ERS55xx-Switch(config)# mlt 1 enable

or

ERS55xx-Switch(config)# mlt 1 member 1/23-24 learning disable
ERS55xx-Switch(config)# mlt 1 encapsulatin dot1q
ERS55xx-Switch(config)# vlan mlt [vlan] [index]
ERS55xx-Switch(config)# mlt 1 enable

* show mlt

 

 

7. STP : Spanning-Tree

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# interface FastEthernet All
ERS55xx-Switch(config-if)# spanning-tree port 1-46 learning fast

* it is different from Cisco portfast.
** still STP on the port but take 2 sec learning and forwarding

or

ERS55xx-Switch(config)#interface fastEthernet 1/47,1/48
ERS55xx-Switch(config-if)#spanning-tree learning normal

ERS55xx-Switch(config-if)# spanning-tree port 47-48 learning disable
ERS55xx-Switch(config-if)# exit

ERS55xx-Switch(config)# mlt spanning-tree 1 stp 1 learning disable
ERS55xx-Switch(config)# spanning-tree port-mode auto
ERS55xx-Switch(config)# spanning-tree stp 1 priority 1000 ; 4096 in decimal(8000 for 32768 in decimal), Core switch… root bridge.

* If trunk port is blocking mode, check MLT is true

 

8. Security – MAC Security

 

< Manual MAC security control >

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# mac-security enable ; Globally enable

ERS55xx-Switch(config)# interface FastEthernet 1-46 ; interface level configuration
ERS55xx-Switch(config-if)# mac-security enable
ERS55xx-Switch(config-if)# exit
ERS55xx-Switch(config)# mac-security mac-address-table address 00-11-22-33-44-55 port 1
ERS55xx-Switch(config)# mac-security mac-address-table address 00-11-22-66-77-88 port 2

 

< MAC security control with Auto learn >

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# mac-security enable ; Globally enable
ERS55xx-Switch(config)# mac-security learning-port 11-21
ERS55xx-Switch(config)# mac-security learning enable
or
ERS55xx-Switch(config)# interface FastEthernet 11-21
ERS55xx-Switch(config-if)# mac-security learning
ERS55xx-Switch(config-if)#exit

 

* Never enable MAC security on uplink / MLT

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# interface FastEther 47-48
ERS55xx-Switch(config-if)# mac-security lock-out
ERS55xx-Switch(config-if)# exit

 

** Disable SNMP write access

ERS55xx-Switch# conf t
ERS55xx-Switch(config)# mac-security snmp-lock enable

 

ERS55xx-Switch# show mac-security port 47-48
ERS55xx-Switch# show mac-security config c ; Global status of MAC-security
ERS55xx-Switch# show mac-security port ; port status of MAC-securit
ERS55xx-Switch# show mac-security mac-address-table
ERS55xx-Switch# show mac-address-table vid 10

 

*** unauthorized device is still able to see broadcast and unknown traffic flowing in the VLAN.

 

Example#1>  Replacing PC on port 14. (new mac)

a. ERS55xx-Switch(config)# interface FastEthernet 14
b. ERS55xx-Switch(config-if)# mac-security disable
c. ERS55xx-Switch(config-if)# exit
d. ERS55xx-Switch(config)# mac-security learning-port 14
e. ERS55xx-Switch(config)# mac-security learning enable
* This process won’t impact on MAC security or traffic on any other ports

– Waiting for new MAC on the mac-address-table / show mac-security-address-table
– Now you should see the new MAC and proceed to re-enable MAC security on port 14

f. ERS55xx-Switch(config)# mac-security learning disable
g. ERS55xx-Switch(config)# interface FastEthernet 14
h. ERS55xx-Switch(config-if)# mac-security enable
i.ERS55xx-Switch(config-if)# exit

 

 

9. DHCP / IP-helper Address

ERS55xx-Switch(config)# interface vlan 38
ERS55xx-Switch(config)# ip address 10.10.38.1 255.255.255.0 4
ERS55xx-Switch(config)# ip dhcp-relay
ERS55xx-Switch(config)# exit

ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.240
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.77
or
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.77 enable
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.240 enable
or
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.77 enable
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.77 mode bootp-dhcp (may not necessary)
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.240 enable
ERS55xx-Switch(config)# ip dhcp-relay fwd-path 10.10.38.1 10.10.39.240 mode bootp-dhcp (may not necessary)

 

 

10. SSH

ERS55xx-Switch(config)# ssh secure
Enable secure mode will cut off all remote access. Telnet, snmp and web will be disabled. Are you sure (y/n) ? y

* Eabling SSH will disable telnet, web and snmp access.

 

11. IP routing

ERS55xx-Switch(config)# ip routing
ERS55xx-Switch(config)# ip route

ip route 10.10.50.0 255.255.255.128 10.10.39.2 1
ip route 0.0.0.0 0.0.0.0 10.10.39.50 1

 

12. Stack

Forced stack mode feature on the Ethernet switches; If a switch fails, the remaining switch is a stack of one as opposed to returning to standalone switch mode.

stack forced-mode
stack-monitor stack-size 2
stack-monitor trap-interval 300
stack-monitor enable

* stack
– Automatically s/w update

Ex) Two Unit stacking (Unit#1=base unit)
1. power on only Unit1 : Acting switch mode, no pinging stack IP. Reconfigure switch IP from stack IP)
2. power on only unit2 : Acting switch mode, no pinging stack IP. Reconfigure switch IP from stack IP)
3. Both power on : Doesn’t matter which one first). Once stacking initializing is completed,
stack IP is pingable.
4. Power off one of unit : VLAN and stacking configuration is taking over and stack ip is
still pingable. (delay for 120 seconds)

 

13. SNMP

Switch(config)# snmp enable
Switch(config)# ipmgr snmp

Switch(config)# snmp-server enable
Switch(config)# snmp-server disable
Switch(config)# snmp-server community xxxxx ro
Switch(config)# snmp-server community xxxxx rw

 

14. VLACP

If you are connecting to an Avaya core A & B don뭪 forget to enable VLACP

interface fastEthernet 1/48,2/48
vlacp port 1/48,2/48 timeout short
vlacp port 1/48,2/48 timeout-scale 5
vlacp port 1/48,2/48 enable
exit
vlacp enable

 

15. Save configuration

ERS55xx-Switch(config)# autosave enable
ERS55xx-Switch# save config

Leave a Comment