Avaya / Nortel Switch Notes

KB ID 0001285 

Problem

I don’t often use Nortel (now Avaya) switches, I know they are decent, but in my day job I usually work on Cisco, occasionally HP, and other cheap assorted nastiness switches.

I was replacing an old 10/100 Cisco 3750 switch with a Nortel 4526GTX this week, and thought I’d take some notes for the common things I do, just in case I have to do another.

So this post is an eclectic collection of the various things I had to do, and worked out for the future.

Solution

I’m carrying the following out via console cable, the settings are the same as you would expect for a Cisco/HP switch, i.e. 

  • 9600 Baud
  • 8 bits
  • 1 stop bit
  • No Parity

WARNING: The console cable is NOT the same pinout as a normal console cable, it’s a straight through cable, (not a rollover cable). Though I did discover that the Cisco SMB switches also use the same cable.

Console: When connected it may look like nothing is happening, pressing enter etc shows no output. This is normal, you need to press CTRL+Y before you will get to command prompt.

Nortel / Avaya Switches Update the Firmware / Software

WARNING: Requires downtime, (2x reboots).

Nortel /  Avaya switches have a software image and a firmware file. ALWAYS update the firmware first! I’ve got a TFTP server setup on my laptop (see links below). With the firmware and software image files ready.

[box]

CTRL+Y 
enable 
download address {IP-address-of-TFTP-Server} diag {xxxx_xxxx_diag.bin}

[/box]

The switch will download the firmware, upgrade it and perform a reboot. When it’s back online perform the same procedure for the software image.

[box]

CTRL+Y 
enable 
download address {IP-address-of-TFTP-Server} image {xxxx_xxxxxxx_.img}

[/box]

Once again the switch will reboot, when it’s back online check the firmware, and software versions are correct on the welcome screen.

Backing up and Restoring Nortel / Avaya Switches via TFTP

I’m usually doing this for other switch vendors and for those I will backup the config to a readable text file, that I can also revert to to see how things are configured. You can do the same thing on a Nortel / Avaya switch, but YOU CANT restore the firewall from  that ‘readable’ backup, (unless you copy and paste the commands back in). To backup to a human readable file use the following  command;

[box]

copy running-config tftp address {IP-address-of-TFTP-Server} filename {File-Name}

[/box]

Well that’s all well and good, but to produce a file you can ‘restore’ the firewall from, you need to backup and restore the ‘code’. 

Backup Nortel / Avaya

[box]

copy config tftp address  {IP-address-of-TFTP-Server} filename {File-Name}

[/box]

Restore Nortel / Avaya

This reboots the switch!

[box]

copy tftp config address  {IP-address-of-TFTP-Server} filename {File-Name}

[/box]

Factory Reset Nortel Avaya Switches

As I mentioned above, I’m working on a 4526GTX switch, but the procedure is the same for;

  • 400 Series, (450, 460, 470.)
  • 2500 Series.
  • 4500 Series.
  • 5500 Series, ( 5510, 5520, 5530.)

Connect to the switch using a serial connection (settings above), then reboot the switch. If you watch the boot text, eventually it will say “Press Control C to Enter Diag” > Press Control+C > Choose option ‘i’ initiate config flash.

Then choose option ‘a’ to run agent code > The switch will now boot up.

Press CTRL+Y and the switch will have a blank, (factory reset) config.

Nortel / Avaya Set a Management IP (and Default Route)

Like other vendors, if you are going to deploy the switch in a ‘flat’ network (i.e. all ports in VLAN 1) then you only need to set up an IP address for for VLAN1. 

By default the switch will be on 192.168.1.1 which you can see with the following command;

[box]

4526GTX(config-if)#show ip
Bootp/DHCP Mode: Disabled

                      Configured        In Use         Last BootP/DHCP
                    --------------- --------------- --------------------
Stack IP Address:   192.168.1.2                       0.0.0.0
Switch IP Address:  192.168.1.1     192.168.1.1    0.0.0.0
Switch Subnet Mask: 255.255.255.0   255.255.255.0  0.0.0.0
Default Gateway:    0.0.0.0          

[/box]

To change that, first I’m going to rename VLAN, then remove that IP, and finally, set a new one.

[box]

4526GTX(config)#vlan name 1 Default-VLAN
4526GTX(config)#interface vlan 1
4526GTX(config-if)#no ip address 192.168.1.1 255.255.255.0
4526GTX(config-if)#ip address 192.168.254.1 255.255.255.0

[/box]

To set the default route, first I’m enabling routing, then setting the default route;

[box]

4526GTX(config)#ip routing
4526GTX(config)#ip route 0.0.0.0 0.0.0.0 192.168.254.254 1

[/box]

Nortel / Avaya Allowing Remote Management

This looks a little ‘Juniper SRX ‘ish”. Below the usernames will remain RW and RO. 

DONT set the RO and RW passwords the same!

To set the passwords;

[box]

4526GTX(config)#username RO Re@d0nly ro
4526GTX(config)#username RW P@ssw0rd123 rw

[/box]

Then to enable telnet, (and SSH strangely), using local authentication’

[box]

4526GTX(config)#cli pass telnet local

[/box]

Note: I didn’t have to add any extra commands to enable web management via the GUI.

Nortel / Avaya Assigning Ports to VLANS

At command line this can get a little confusing, my colleagues point out that it’s much simpler to do in the web interface. But at PNL we don’t work on the web interface.

To understand how it works, you need to remember; ‘Any port can be ‘tagged’ in a vlan, (or any number of vlans). but a port can only be untagged in one vlan‘. This is the same for all vendors, they just use different terminology i.e. HP=Tagged and Untagged, (simple). Cisco=Access Port and Trunk, (simple if you are used to it).

Unlike ‘modern‘ Cisco switches, if you reference a VLAN that does not exist, it will just error, like older switches you need to create the VLAN and add it to the VLAN database first.

Creating and Naming a VLAN

Here I create VLAN 100, and call it PROD-NW.

[box]

4526GTX(config)#vlan create 100 name PROD-NW type port

[/box]

Assign an IP Address (SVI) to a VLAN

Using the VLAN I created above, I’m adding ip address 192.168.100.1/24 to it. 

[box]

4526GTX(config)#interface vlan 100
4526GTX(config-if)#ip address 192.168.100.1 255.255.255.0

[/box]

Adding Ports to VLANS

Remember what I said above about VLANs, (a port can be tagged in multiple VLANS.) If you are a Cisco-head a port with multiple VLAN tags is a trunk. (If all the HP engineers are confused at this point, read the link a the bottom of the page).

So you need to ‘Remove’ a port from VLAN1 (or the VLAN it is in) then make it a member of your new VLAN, and finally you need to assign the PVID of your new VLAN to the port! 

So below I’m moving ports 1 to 4 into VLAN 100 from VLAN 1;

[box]

4526GTX(config)#vlan members remove 1 1-4 
4526GTX(config)#vlan members add 100 1-4 
4526GTX(config)#vlan ports 1-4 pvid 100

[/box]

Note: If you do it in the wrong order and get a warning you can stop the warnings with a ‘vlan configcontrol flexible‘ command.

To prove it worked;

[box]

4526GTX(config)#show vlan int info
      Filter     Filter
     Untagged Unregistered
Port  Frames     Frames    PVID PRI    Tagging    Name
---- -------- ------------ ---- --- ------------- --------------
1    No       Yes          100  0   UntagAll      Port 1
2    No       Yes          100  0   UntagAll      Port 2
3    No       Yes          100  0   UntagAll      Port 3
4    No       Yes          100  0   UntagAll      Port 4
5    No       Yes          1    0   UntagAll      Port 5
6    No       Yes          1    0   UntagAll      Port 6
7    No       Yes          1    0   UntagAll      Port 7
8    No       Yes          1    0   UntagAll      Port 8
9    No       Yes          1    0   UntagAll      Port 9
10   No       Yes          1    0   UntagAll      Port 10
11   No       Yes          1    0   UntagAll      Port 11
12   No       Yes          1    0   UntagAll      Port 12
-----------Config Removed for the Sake of Brevity----------

[/box]

You can also use the following command;

[box]

4526GTX(config)#show vlan
Id  Name                 Type     Protocol         PID      Active IVL/SVL Mgmt
--- -------------------- -------- ---------------- -------- ------ ------- ----
1   Default-VLAN         Port     None             0x0000   Yes    IVL     Yes
        Port Members: 5-26
100 PROD-NW              Port     None             0x0000   Yes    IVL     No
        Port Members: 1-4
Total VLANs: 2

[/box]

Or if you are running a newer version of the code;

[box]

4526GTX(config)#show run mod vlan
! Embedded ASCII Configuration Generator Script
! Model = Ethernet Routing Switch 4526GTX
! Software version = v5.6.3.025
!
! Displaying only parameters different to default
!================================================
enable
configure terminal
!
! *** VLAN ***
!
vlan create 100 type port 1
vlan name 1 "Default-VLAN"
vlan name 100 "PROD-NW"
vlan configcontrol flexible
vlan members 1 5-26
vlan members 100 1-4
vlan ports 1-4 pvid 100
no auto-pvid
!
! *** VLAN Phase 2***
!

[/box]

Other Quick Examples

[box]

Create VLAN 200 named 8021x-NW, with SVI of 192.68.100.1 and add ports 13 to 16

vlan create 200 name 8021x-NW type port
vlan members remove 1 13-16
vlan members add 200 13-16
vlan ports 13-16 pvid 200
int vlan 200
 ip address 192.168.200.1 255.255.255.0
 exit

Create a VLAN 101 named DMZ-NW, and add ports 7 to 10

vlan create 101 name DMZ-NW type port
vlan members remove 1 7-10
vlan members add 101 7-10
vlan ports 7-10 pvid 101

Add Ports 5 and 6 to (Existing) VLAN 100

vlan members remove 1 5-6
vlan members add 100 5-6
vlan ports 5-6 pvid 100

[/box]

 

Related Articles, References, Credits, or External Links

Special thanks for Kevin Almond, for his assistance.

Install and Use a TFTP Server

MAC OS X TFTP Software

CentOS – Install and Configure a TFTP Server

HP and Cisco – VLANs and Trunks Confusion!

ZyXEL – Router Setup (Public IP Range)

KB ID 0000331 

Problem

You have a ZyXEL router (In my case a P-600R-D1) and you want to put a device behind it with a public IP.

Note: I’m assuming you have agreed with your ISP that you will receive a range of public IP addresses. With some ASDL packages the first IP in the range usually gets allocated to the router, confirm this with your ISP.

BT Business Broadband Note: If you are a BT Business customer, your setup will be slightly different, I’ll point that out as we go along.

Solution

1. Connect up to the router, and you should get an IP address from it, open your web browser and proceed to http://192.168.1.1 the default password is “1234”

2. You will be prompted to change the default password, do so, then select the option to go to ‘Advanced Setup’.

3. Expand Network > WAN > Enter the ADSL details provided by your ISP (i.e. ADSL username and ADSL password). If you are having a static IP on the outside of the router you can also set that here.

Note: If you have only been given TWO IP addresses you may need to set BOTH the WAN and LAN IP address to the SAME IP (and disable NAT).

BT Business Broadband Note: Even if you have been allocated a range of public IP addresses, you LEAVE the routers outside IP address option set to, ‘Obtain an IP address automatically’

4. Disable NAT ONLY IF YOU ARE SETTING THE LAN AND WAN TO THE SAME IP: Select NAT > General > Un-tick “Active Network Address Translation (NAT)” > Apply.

4. Disable DHCP: Select LAN > DHCP Setup > Change DHCP to “None” > Apply.

5. Set the inside IP: Set this to the IP address allocated to your Router – (Note: this may be the SAME as the address allocated to the outside IP, don’t panic it will not conflict (NAT is disabled).

BT Business Broadband Note: This is typically the highest IP address in the range, BT have given you.

6. You can now connect your internal device/firewall (Note: You may need to reboot the device AND the router as the MAC address may have changed if you have been testing from your laptop/PC.) Or simply allocate another public IP address to device, then make its default route, (or default gateway) the IP address you set on the LAN port of the ZyXEL, (in our example above 123.123.123.124).

Factory Reset ZyXEL Router

If things break and you want to reset the router,

1. Power off the router.

2. Depress the reset button on the rear of the router.

3. Power on the device until the ethernet light, flashes amber.

4. Now DHCP will be turned on and the router will use 192.168.1.1 internally and the default password will be reset to 1234.

Related Articles, References, Credits, or External Links

ZyXEL Firmware downloads (Look under DSL Technology)

Original Article Written 28/09/10

Factory Reset Juniper SRX Firewall

KB ID 0001003 

Problem

If you manage to stuff up your firewall, or you have just done some testing and want to revert back to ‘as new’ here is how to do it.

Solution

1. Connect to the firewall either by console cable or via SSH, go to CLI mode then configuration mode.

[box] login: PeteL
Password: ************

— JUNOS 12.1X47-D10.4 built 2014-08-14 22:21:50 UTC

PeteL@Petes-SRX> cli

PeteL@Petes-SRX> configure
Entering configuration mode

[edit]
PeteL@Petes-SRX#

[/box]

2. Load factory defaults, at this point you cannot commit/save the configuration unless you set a password, so do that next.

[box]

[edit]
PeteL@Petes-SRX# set system root-authentication plain-text-password
New password: Password123
Retype new password: Pasword123

[edit]
PeteL@Petes-SRX#

[/box]

3. Save the changes then reboot.

[box] [edit]
PeteL@Petes-SRX# commit and-quit

commit complete
Exiting configuration mode

PeteL@Petes-SRX> request system reboot
Reboot the system ? [yes,no] (no) yes

Shutdown NOW!
[pid 1904]

PeteL@Petes-SRX>

*** FINAL System shutdown message from root@FW-01 ***

System going down IMMEDIATELY

[/box]

Reset To Factory Settings if the SRX is part of a Chassis Cluster (is in Failover mode)

1. If the firewall is part of the Chassis cluster then you need to the following before you can carry out the procedure above.

[box]

PeteL@Petes-SRX> set chassis cluster disable reboot

For cluster-ids greater than 15 and when deploying more than one
cluster in a single Layer 2 BROADCAST domain, it is mandatory that
fabric and control links are either connected back-to-back or
are connected on separate private VLANS.

{primary:node0}
PeteL@Petes-SRX>

*** FINAL System shutdown message from root@FWA ***

System going down IMMEDIATELY

[/box]

Completely Wipe the Juniper SRX

Alternatively you can also do the following.

[box]

root> request system zeroize
warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files? [yes,no] (no) yes

warning: zeroizing re0

root>

[/box]

 

Related Articles, References, Credits, or External Links

NA

 

HP MSM 765zl – How To Factory Reset

KB ID 0000916 

Problem

I had to setup some HP wireless gear again this week. It had been installed a while ago, but not used and there was some problems with it, so I elected to flatten it and start again. The handbook goes through how to factory reset it from the web management interface. That’s great if you can get to the management console, but I could not.

Solution

As the MSM765zl is a controller that is on a ‘blade’ it’s designed to fit into an HP Networking ‘chassis switch’. You will need command line access to that switch, either via telnet or a console cable.

1. Log into the switch, assuming you are in ‘enable mode’ issue a services command. This will tell you what slot the MSM is in, and what its index number is. In the example below that’s slot F and index 2.

2. Now using the slot and index number you can connect directly to the MSM, go to enable mode > go to config mode > issue a factory settings command.

3. You should exit back to the switch configuration, the MSM will now have no settings and will need setting up from scratch.

Related Articles, References, Credits, or External Links

NA