Introducing Avaya ERS 4000

Hello! About a year ago, when I first encountered the hardware of the former Nortel, and now Avaya, I discovered the absence of any sane information on the network for setting up and troubleshooting this equipment. Only official documentation, from which it is not always possible to explicitly obtain the necessary information.

Therefore, today I present to your attention, as an acquaintance with the vendor and the CLI syntax, an analysis of the configuration of the Avaya 4850GTS-PWR + access level switch, which is imprisoned for servicing access to the network of ordinary residential apartments.

The Avaya syntax, at first glance, is very similar to Cisco, but the principle of approach to implementing some features is very different. So, unpack our switch, plug it into a power outlet and plug in the console cable.

Immediately the first tip: pay attention to the power cable connector. On some models, it comes with a small neckline. If this is the case in your case, take care as the apple of your eye, so that you don’t have to think about how you managed to lose it, cutting the same notch from the standard power cable with a knife.

During the first boot, you will be prompted to start autoconfiguration. I recommend skipping this step, especially in cases where you need to configure more than one or two switches. Instead, it’s much easier to fill the configuration from the template, which ultimately boils down to ctrl-C ctrl-V.

At the end of the download, we see the vendor’s banner and the offer to press ctrl + Y to continue, which we will do.

4850GTS-PWR+>


We switch to privileged mode with the enable command and immediately into the configure configure terminal. On this, the “Deja Vu” that arose among many can be considered practically exhausted.

4850GTS-PWR+>enable
4850GTS-PWR+#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
4850GTS-PWR+(config)#


The first thing to do is to disable such a “useful” function as autosave, which periodically saves the configuration, even if it leads to the inaccessibility of the switch from the outside. What this threatens, I think, you understand yourself. Therefore, just turn it off.

4850GTS-PWR+(config)#no autosave enable


Next, we will immediately do two things that apply only after a reboot, so that we no longer get distracted by the configuration process.
First, select the Spanning-tree mode of operation. In my case, this is RSTP:

4850GTS-PWR+(config)#spanning-tree mode rstp
New operational mode RSTP will take effect upon reset
4850GTS-PWR+(config)#


Secondly, the QoS mode of operation. QoS on Avaya is a topic of a rather big article; for now, I’ll just say that by scientific trial and error, it was found that the optimal solution for an access level switch is:

4850GTS-PWR+(config)#qos agent aq-mode mixed
4850GTS-PWR+(config)#qos agent buffer maximum
QoS buffer setting isn't effective until after reset.
4850GTS-PWR+(config)#


You can, of course, configure the queues with your own hands, but, again, there is no point in this at the access level (unless, of course, you have hardcore users hanging on all ports that download Terabytes of torrents around the clock).

Speaking of the second team. Avaya recommends using the maximum buffer if services such as video streaming are provided on your network (banal IP_TV also falls under this). If the buffer is configured, for example, to regular, the television will work exactly until it is provided on a port separate from access to the network. For example, if there is a small but very proud D-Link at that end, into which a home computer and a TV are stuck, then the picture on the TV will most likely “crumble”.

Create groups and assign interfaces to use QoS:

4850GTS-PWR+(config)#qos if-group name UPLINK class trusted
4850GTS-PWR+(config)#qos if-group name USER class untrusted
4850GTS-PWR+(config)#qos if-assign port 1-48 name USER
4850GTS-PWR+(config)#qos if-assign port 49-50 name UPLINK
4850GTS-PWR+(config)#


After the above, we save the configuration painfully familiar write memory (by the way copy running-config startup-config does not work here. This command can only copy the configuration to USB, FTP, etc.)
And reboot with the boot command.

4850GTS-PWR+(config)#write memory
4850GTS-PWR+(config)#boot
Reboot the unit(s) (y/n) ? y


While our switch is testing memory and fans, I’ll tell you that the boot command can also be used to reset to factory settings. In this case, it will look like boot default. Be careful with this command. If additional licenses are installed on the switch, they will fly off during a reset , so if there is no license file for this switch at hand, it is better not to use it.

So. Our switch booted up, continue.

We’ll take care of security and set passwords. Avaya password complexity requirements are almost identical, for example, requirements in a Windows domain. If this contradicts someone’s notions of beauty, you can turn them off with the command

4850GTS-PWR+(config)#no password security


Create a user:

4850GTS-PWR+(config)#username avaya avaya1 rw


where avaya is the name, avaya1 is the password, rw is the access level. You can put ro, then this user will not get further than viewing the status of ports and the current configuration.

Set the authentication mode on the device:

4850GTS-PWR+(config)#cli password serial local
4850GTS-PWR+(config)#cli password telnet local


Also, I think, almost everything is clear. Local means that the data will be checked against the local user database.
Since locally you can create only one user for read and full access, which is not enough for me personally, we will reconfigure authentication to use the Radius server.

4850GTS-PWR+(config)#username admin admin1 rw
4850GTS-PWR+(config)#username user user1 ro
4850GTS-PWR+(config)#radius-server password fallback
4850GTS-PWR+(config)#radius-server host 192.168.1.2
4850GTS-PWR+(config)#radius-server key avaya


The Username fields must be set anyway, they are used if the Radius server is unavailable.

Set Radius to use for authentication:

4850GTS-PWR+(config)#cli password serial radius
4850GTS-PWR+(config)#cli password telnet radius


By the way, to the topic of setting the radius. Before making any changes to the settings for connecting to Radius, you need to change the authentication to local, otherwise you will not see anything other than an error in the console output.

Next, set the switch name:

4850GTS-PWR+(config)#snmp-server name Avaya_4850_test
Avaya_4850_test(config)#


Well, at the same time enable snmp-server for further monitoring:

Avaya_4850_test(config)#snmp-server community Public rw
Avaya_4850_test(config)#snmp-server host 192.168.1.2 v2c Public
Avaya_4850_test(config)#snmp-server enable


snmp-server host in this case is the address of the remote server from which monitoring, version and community will be carried out.

Now let's take a look at Vlan itself. We have quite a few vlanes in the network, so I will show the principle of their settings on the device.
First, turn on the automatic assignment of PVID interfaces (again, if this does not contradict your ideas about the beautiful).

Avaya_4850_test(config)#vlan configcontrol automatic


Now create the necessary Vlan:

Avaya_4850_test(config)#Vlan create 3 name Data type port
Avaya_4850_test(config)#vlan create 4 name TV type port
Avaya_4850_test(config)#Vlan create 5 name Management type port


Let's decide on trunks:

Avaya_4850_test(config)#vlan ports 1-48 tagging unTagAll
Avaya_4850_test(config)#vlan ports 49-50 tagging tagAll


And we will scatter Vlan on ports, having deleted all ports from Vlan 1

Avaya_4850_test(config)#vlan members remove 1  ALL
Avaya_4850_test(config)#vlan members add 3 1-20,49-50
Avaya_4850_test(config)#vlan members add 4 20-40,49-50
Avaya_4850_test(config)#vlan members add 5 49-50


Define Vlan to control the switch and restrict access to it, for example, the office network 192.168.2.0/24

Avaya_4850_test(config)#vlan mgmt 5
Avaya_4850_test(config)#ipmgr source-ip 1 192.168.2.0 mask 255.255.255.0 


We enable multicast packet tracking in all Vlan and finally assign an IP address to our switch:

Avaya_4850_test(config)#interface vlan 3
Avaya_4850_test(config-if)#ip igmp snooping
Avaya_4850_test(config-if)#exit
Avaya_4850_test(config)#interface vlan 4
Avaya_4850_test(config-if)#ip igmp snooping
Avaya_4850_test(config-if)#exit
Avaya_4850_test(config)#interface vlan 5
Avaya_4850_test(config-if)#ip address 192.168.5.4 255.255.255.0
Avaya_4850_test(config-if)#ip default-gateway 192.168.5.1
Avaya_4850_test(config-if)#ip igmp snooping
Avaya_4850_test(config-if)#exit


Since I have Avaya VSP 7024XLS installed on the other end, we will assemble the trunks in MLT (in principle, the same Ether-Channel from Cisco is only in profile).

Avaya_4850_test(config)#mlt 1 name UPLINK member 49-50 learning disable
Avaya_4850_test(config)#mlt 1 enable


And finally, we’ll configure a couple more usefulnesses:
Let’s only receive DHCP-OFFER from the trunk side:

Avaya_4850_test(config)#ip dhcp-snooping enable
Avaya_4850_test(config)#ip dhcp-snooping vlan 3
Avaya_4850_test(config)#ip dhcp-snooping vlan 4
Avaya_4850_test(config)#interface FastEthernet ALL
Avaya_4850_test(config-if)#ip dhcp-snooping port 49-50 trusted
Avaya_4850_test(config-if)#ip dhcp-snooping port 1-48 untrusted
Avaya_4850_test(config-if)#exit


And we will protect ourselves from loops:

Avaya_4850_test(config)#interface FastEthernet all
Avaya_4850_test(config-if)#slpp-guard port 1-48 enable
Avaya_4850_test(config-if)#exit


Turn on SSH and save our configuration:

Avaya_4850_test(config)#ssh
Avaya_4850_test(config)#write memory


Here is a sample usable configuration on Avaya switches. It can equally be used for the entire ERS 4000 line, partially valid for both 5000 and 7000.
As a post-script, a couple of frequently encountered problems and methods for resolving them:

1) IP addresses for DHCP are obtained for a long time and / or the TV stream is pulled.

At this point, we recall the existence of the Spanning-tree, grab onto the head and quickly fix everything by defining the terminal ports:

Avaya_4850_test#conf t
Avaya_4850_test(config)#Inter fa all
Avaya_4850_test(config-if)#spanning-tree rstp port 1-40 learning enable
Avaya_4850_test(config-if)#spanning-tree rstp port 1-40 edge-port true


Do not forget to protect yourself from various smart users with your glands. Enable BPDU packet filtering (not compatible with some models of Linksys home routers):

Avaya_4850_test(config)#spanning-tree bpdu-filtering port 1-48 enable timeout 300


2) The TV stream is intermittent (valid for any broadcast stream).

Check out such a great option as rate-limit . If the network has a broadcast stream, turn it off on trunks, otherwise part of the stream will be constantly chopped, especially at high load.

That's probably all. I will be glad to any of your questions and comments.

Also popular now: