Michael McNamara

In a previous article we reviewed how to configure a Nortel Ethernet Routing Switch 5520 using ADAC/LLDP (802.1ab) so a Nortel Internet Telephone could discover the voice VLAN ID automatically without manually configuration of the phone.

If you don't have a switch that supports ADAC/LLDP you can still utilize automatic VLAN assignment using DHCP. I've actually used this method (before Nortel supported LLDP) and it works well but can sometimes be difficult to troubleshoot.

You'll need to configure DHCP option 191 (string) with the following syntax;

VLAN-A:vvvv.

Where: "VLAN-A" Option 191 begins with this string for all Nortel IP phones.
"vvvv" The VLAN ID for the voice VLAN in decimal

Here's an example if I were trying to assign the phones with a voice VLAN of 31;

VLAN-A:31.

There must be a colon (:) seperating the VLAN-A from the VLAN ID. The string must also end in a period. It may be necessary, depending on your DHCP server, to enclose the enter string in quotation marks.

How does it actually work?
With the phone and DHCP server configured properly here's how it will work.

1. The phone will boot up and make a DHCP request for option 191 in the Default VLAN of the port connecting the phone.
2. If the phone receives a response to it's request it will issue a DHCP Release of the address it received in Step 1.
3. The phone will make a second DHCP request in the VLAN that was returned in option 191. The phone will be requesting DHCP option 128 from the DHCP server, this will include the Call Server information. (Note: if you use a sniffer you will see that the DHCP packets will have an 802.1q header with the appropriate VLAN ID)
4. The phone will connect to the Call Server specified in DHCP option 128 and will prompt the user for the Node ID and TN information.

With all that said we did leave out one very important piece of the pie... the network switch configuration. You'll need to configure the VLAN and QoS settings manually depending on the switch vendor.

Cheers!

In my previous post I outlined all the commands that you would need to configure a Nortel Ethernet Routing Switch 5520 to support deploying Nortel's i2002/i2004 Internet Telephones using LLDP-MED in conjunction with ADAC (Automatic Detection and Automatic Configuration). If you followed the steps your probably well on your way to getting things work. Unfortunately things can sometimes go wrong even with the best documentation and understanding of the product.

In this post I'm going to outline some of the basic commands you can use to troubleshoot any issues you might have between the ERS5520 and the i2002/i2004 phones.

Q. How can I check the log file?
A. show logging

ERS-5520#show logging
Type Time Idx Src Message
---- ----------------------- ---- --- -------
S 00:00:00:00 1 NVR SNTP: Could not sync to NTP servers.
S 2007-04-05 17:18:08 GMT 2 NVR SNTP: Could not sync to NTP servers.
S 2007-04-05 17:22:07 GMT 3 NVR Audit data initialized - incorrect magic number: 0xffffffff
I 2007-04-19 01:21:03 GMT 4 Web server starts service on port 80.
I 2007-04-19 01:21:19 GMT 5 IGMP: Unknown Multicast Filter disabled
I 2007-04-19 01:21:19 GMT 6 PoE Port Detection Status: Port 1 Status: Delivering Power
I 2007-04-19 01:21:22 GMT 7 PoE Port Detection Status: Port 35 Status: Delivering Power
I 2007-04-19 01:21:49 GMT 8 Port 0/47 reenabled by VLACP
I 2007-04-19 01:21:49 GMT 9 Port 0/48 reenabled by VLACP
I 2007-04-19 01:23:05 GMT 10 SNTP: First synchronization successful.
I 2007-04-19 01:23:18 GMT 11 Warm Start Trap
I 2007-04-19 01:23:19 GMT 12 Link Up Trap Port: 1
I 2007-04-19 01:23:20 GMT 13 Trap: pethPsePortOnOffNotification
I 2007-04-19 01:23:20 GMT 14 Trap: bsAdacPortConfigNotification for Port: 47, Config: Applied

Q. How can I check the state of a port?
A. show interfaces

ERS-5520#show interfaces 47,48
Status Auto Flow
Port Trunk Admin Oper Link LinkTrap Negotiation Speed Duplex Control
---- ----- ------- ---- ---- -------- ----------- -------- ------ -------
47 1 Enable Up Up Enabled Enabled 1000Mbps Full Asymm
48 1 Enable Up Up Enabled Enabled 1000Mbps Full Asymm

Q. How can I check the VLACP state of a port?
A. show vlacp interface

ERS-5520#show vlacp interface 47,48
===============================================================================
VLACP Information
===============================================================================
PORT ADMIN OPER HAVE FAST SLOW TIMEOUT TIMEOUT ETH MAC
ENABLED ENABLED PARTNER TIME TIME TYPE SCALE TYPE ADDRESS
-------------------------------------------------------------------------------
0/47 true true yes 500 30000 short 3 8103 01:80:c2:00:11:00
0/48 true true yes 500 30000 short 3 8103 01:80:c2:00:11:00

Q. How can I check what FDB entries have been learned on a specific port?
A. show mac-address-table port

ERS-5520#show mac-address-table port 47
Mac Address Table Aging Time: 300
Number of addresses: 9

MAC Address Source MAC Address Source
----------------- -------- ----------------- --------
00-00-5E-00-01-01 Trunk: 1 00-15-40-45-68-00 Trunk: 1
00-17-D1-57-30-00 Trunk: 1 00-17-D1-57-30-10 Trunk: 1
00-17-D1-57-32-03 Trunk: 1 00-18-B0-CC-F0-00 Trunk: 1
00-18-B0-CC-F0-10 Trunk: 1 00-18-B0-CC-F2-01 Trunk: 1
00-1B-25-4C-74-00 Trunk: 1

Q. How can I check the FDB table for a specific MAC address?
A. show mac-address-table address

ERS-5520#show mac-address-table address 00:18:b0:cc:f0:10
Mac Address Table Aging Time: 300
Number of addresses: 1

MAC Address Source MAC Address Source
----------------- -------- ----------------- --------
00-18-B0-CC-F0-10 Trunk: 1

Q. How can I check to see if ADAC has been configured/enabled?
A. show adac

ERS-5520#show adac
ADAC Global Configuration
---------------------------------------
ADAC: Enabled
Operating Mode: Tagged Frames
Traps Control Status: Enabled
Voice-VLAN ID: 12
Call Server Port: None
Uplink Port: 48

Q. How can I check to see if ADAC has been applied to a specific port?
A. show adac interface

ERS-5520#show adac interface 20
Port Auto-Detection Auto-Configuration
---- -------------- ------------------
20 Enabled Applied

Q. How can I check to see the LLDP information with a specific port?
A. show lldp port neighbor detail

ERS-5520#show lldp port 20 neighbor detail
-------------------------------------------------------------------------------
lldp neighbor
-------------------------------------------------------------------------------
Port: 20 Index: 5 Time: 8 days, 13:47:49
ChassisId: Network address ipV4 192.168.100.101
PortId: MAC address 00:17:65:ff:e0:fc
SysCap: TB / TB (Supported/Enabled)
PortDesc: Nortel IP Phone
SysDescr: Nortel IP Telephone 2002, Firmware:0604DAS


PVID: 0 PPVID Supported: not supported(0)
VLAN Name List: none PPVID Enabled: none

Dot3-MAC/PHY Auto-neg: supported/enabled OperMAUtype: 100BaseTXFD
PSE MDI power: not supported/disabled Port class: PD
PSE power pair: signal/not controllable Power class: 2
LinkAggr: not aggregatable/not aggregated AggrPortID: 0
MaxFrameSize: 1522
PMD auto-neg: 10Base(T, TFD), 100Base(TX, TXFD)

MED-Capabilities: CNLDI / CNDI (Supported/Current)
MED-Device type: Endpoint Class 3
MED-Application Type: Voice VLAN ID: 12
L2 Priority: 6 DSCP Value: 46 Tagged Vlan, Policy defined
Med-Power Type: PD Device Power Source: Unknown
Power Priority: High Power Value: 5.4 Watt
HWRev: FWRev: 0604DAS
SWRev: SerialNumber:
ManufName: Nortel-01 ModelName: IP Phone 2002
AssetID:
-------------------------------------------------------------------------------
Port: 20 Index: 6 Time: 8 days, 13:48:20
ChassisId: Network address ipV4 10.119.241.50
PortId: MAC address 00:17:65:ff:e0:fc
SysCap: TB / TB (Supported/Enabled)
PortDesc: Nortel IP Phone
SysDescr: Nortel IP Telephone 2002, Firmware:0604DAS


PVID: 0 PPVID Supported: not supported(0)
VLAN Name List: 12 PPVID Enabled: none

Dot3-MAC/PHY Auto-neg: supported/enabled OperMAUtype: 100BaseTXFD
PSE MDI power: not supported/disabled Port class: PD
PSE power pair: signal/not controllable Power class: 2
LinkAggr: not aggregatable/not aggregated AggrPortID: 0
MaxFrameSize: 1522
PMD auto-neg: 10Base(T, TFD), 100Base(TX, TXFD)

MED-Capabilities: CNLDI / CNDI (Supported/Current)
MED-Device type: Endpoint Class 3
MED-Application Type: Voice VLAN ID: 12
L2 Priority: 6 DSCP Value: 46 Tagged Vlan, Policy defined
Med-Power Type: PD Device Power Source: Unknown
Power Priority: High Power Value: 5.4 Watt
HWRev: FWRev: 0604DAS
SWRev: SerialNumber:
ManufName: Nortel-01 ModelName: IP Phone 2002
AssetID:
-------------------------------------------------------------------------------
Sys capability: O-Other; R-Repeater; B-Bridge; W-WLAN accesspoint; r-Router;
T-Telephone; D-DOCSIS cable device; S-Station only.
Med Capabilities-C: N-Network Policy; L-Location Identification; I-Inventory;
S-Extended Power via MDI - PSE; D-Extended Power via MDI - PD.

Those are some of the commands that you might have to execute if you needed to perform troubleshooting between an ERS5520 and a i2002/i2004 phone.

Your DHCP server logs will be your friend during your troubleshooting. If you don't see the phone making a DHCP request (or a request in the proper VLAN) then you should check that ADAC was applied to the switch port. ADAC is the component that will automatically add the switch port (the switch port the phone is connected to) into the Voice VLAN. If ADAC is not applied (or enabled) on the port then you'll be able to see that the switch port in question is only a member of the Data VLAN. You need to remember that ADAC works on MAC address ranges. You need to check that the MAC address of your phone is in the ADAC MAC address table.

5520-48T-PWR#show adac mac-range-table
Lowest MAC Address Highest MAC Address
------------------------ -------------------------
00-0A-E4-01-10-20 00-0A-E4-01-23-A7
00-0A-E4-01-70-EC 00-0A-E4-01-84-73
00-0A-E4-01-A1-C8 00-0A-E4-01-AD-7F
00-0A-E4-01-DA-4E 00-0A-E4-01-ED-D5
00-0A-E4-02-1E-D4 00-0A-E4-02-32-5B
00-0A-E4-02-5D-22 00-0A-E4-02-70-A9
00-0A-E4-02-D8-AE 00-0A-E4-02-FF-BD
00-0A-E4-03-87-E4 00-0A-E4-03-89-0F
00-0A-E4-03-90-E0 00-0A-E4-03-B7-EF
00-0A-E4-04-1A-56 00-0A-E4-04-41-65
00-0A-E4-04-80-E8 00-0A-E4-04-A7-F7
00-0A-E4-04-D2-FC 00-0A-E4-05-48-2B
00-0A-E4-05-B7-DF 00-0A-E4-06-05-FE
00-0A-E4-06-55-EC 00-0A-E4-07-19-3B
00-0A-E4-08-0A-02 00-0A-E4-08-7F-31
00-0A-E4-08-B2-89 00-0A-E4-09-75-D8
00-0A-E4-09-BB-9D 00-0A-E4-09-CF-24
00-0A-E4-09-FC-2B 00-0A-E4-0A-71-5A
00-0A-E4-0A-9D-DA 00-0A-E4-0B-61-29
00-0A-E4-0B-BB-FC 00-0A-E4-0B-BC-0F
00-0A-E4-0B-D9-BE 00-0A-E4-0C-9D-0D

Total Ranges: 21

If the MAC address of your i2002/i2004 phone does not match any of the MAC address ranges in the switch you'll need to add a range to include those MAC addresses. If the MAC address of your i2002 phone was 00:18:b0:11:22:33 you could use the following commands;

5520-48T-PWR> enable
5520-48T-PWR# config terminal
5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff

You might think you could configure a port mirror and run a quick packet capture to understand what's going on... unfortunately you cannot configure any port with port mirroring that has ADAC enabled.

Thats all for now.

The last step is the DHCP server so stay tuned.

In this post I'll try to outline how you can configure the Nortel Ethernet Routing Switch 5520 in a VoIP environment using Nortel i2002/i2004 Internet Telephones (this procedure will also work the same with the i2007/1120E/1140E phones).

You'll obviously need a ERS 5520 switch and you'll need SW 5.0.6.22 or later and FW 5.0.0.3 or later (there are known issues with earlier software versions that create inconsistent results using LLDP with the i2002/i2004 phones). I would strongly advise that you start with a default configuration. From the CLI issue the following commands to reset the switch to factory defaults;

5520-48T-PWR> enable
5520-48T-PWR# boot default

The switch should reboot with a default configuration. Let's proceed with the configuration;

5520-48T-PWR> enable
5520-48T-PWR# configure terminal

Enable AUTOPVID;

5520-48T-PWR (config)# vlan configcontrol autopvid

We'll be uplinking this switch using a MultiLink trunk on ports 47 and 48 so we'll enable tagging on the fiber uplinks;

5520-48T-PWR (config)# vlan ports 47,48 tagging enable

Let's create the data VLAN (VID 100) and management VLAN (VID 200) on the switch;

5520-48T-PWR (config)# vlan members remove 1 ALL
5520-48T-PWR (config)# vlan create 200 name "10-1-200-0/24" type port
5520-48T-PWR (config)# vlan members add 200 47,48
5520-48T-PWR (config)# vlan create 100 name "10-1-100-0/24" type port
5520-48T-PWR (config)# vlan members add 100 1-48
5520-48T-PWR (config)# vlan port 1-46 pvid 100
5520-48T-PWR (config)# vlan port 47,48 pvid 200

Let’s make VLAN 200 the management VLAN and assign the IP address;

5520-48T-PWR (config)# vlan mgmt 200
5520-48T-PWR (config)# ip address switch 10.1.200.10 netmask 255.255.255.0 default-gateway 10.1.200.1

Let’s setup Simple Network Management Protocol (SNMP);

5520-48T-PWR (config)# snmp-server authentication-trap disable
5520-48T-PWR (config)# snmp-server community ro
5520-48T-PWR (config)# snmp-server community rw
5520-48T-PWR (config)# snmp-server host

Let’s configure the logging so it will overwrite the oldest events;

5520-48T-PWR (config)#logging volatile overwrite
5520-48T-PWR (config)#logging enable

Let’s setup Simple Network Time Protocol (SNTP);

5520-48T-PWR (config)# sntp server primary address
5520-48T-PWR (config)# sntp server secondary address
5520-48T-PWR (config)# sntp enable

Let’s setup the MultiLink trunk that will connect the switch back to the backbone;

5520-48T-PWR (config)# mlt 1 disable
5520-48T-PWR (config)# mlt 1 name "MLT-8600"
5520-48T-PWR (config)# mlt 1 learning disable
5520-48T-PWR (config)# mlt 1 member 47,48
5520-48T-PWR (config)# mlt 1 enable

Let’s setup ADAC (Automatic Detection and Automatic Configuration) for our i2002/i2004 phones. We’ll using VLAN 50 as our voice VLAN and we’ll use port 48 as our uplink (the switch will add 47 automatically because of the MLT configuration).

5520-48T-PWR (config)# adac voice-vlan 50
5520-48T-PWR (config)# adac op-mode tagged-frames
5520-48T-PWR (config)# adac uplink-port 48
5520-48T-PWR (config)# adac mac-range-table low-end 00:18:b0:00:00:00 high-end 00:18:b0:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:16:ca:00:00:00 high-end 00:16:ca:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:17:65:00:00:00 high-end 00:17:65:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:0a:e4:75:00:00 high-end 00:0a:e4:75:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:14:c2:00:00:00 high-end 00:14:c2:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:69:00:00:00 high-end 00:19:69:ff:ff:ff
5520-48T-PWR (config)# adac mac-range-table low-end 00:19:e1:00:00:00 high-end 00:19:e1:ff:ff:ff
5520-48T-PWR (config)# adac enable

We need to strip the 802.1q tag from any packets in the PVID VLAN from going to the phone. In this design we’re expecting to connect IP phones to ports 1 – 46.

5520-48T-PWR (config)# vlan port 1-46 tagging untagpvidOnly

Let’s configure LLDP for the ports we expect to connect IP phones (1 – 46);

5520-48T-PWR (config)# interface fastEthernet 1-46
5520-48T-PWR (config-if)# vlan ports 1-46 filter-unregistered-frames disable
5520-48T-PWR (config-if)# lldp tx-tlv port-desc sys-cap sys-desc sys-name
5520-48T-PWR (config-if)# lldp status txAndRx config-notification
5520-48T-PWR (config-if)# lldp tx-tlv med extendedPSE med-capabilities network-policy
5520-48T-PWR (config-if)# poe poe-priority high
5520-48T-PWR (config-if)# spanning-tree learning fast
5520-48T-PWR (config-if)# adac enable
5520-48T-PWR (config-if)# exit

The option in RED above was added after an issue was discovered when trying to upgrade the firmware on the IP phones. The “filter-unregistered-frames” is enabled by default and should be disabled to avoid and issues with upgrading the firmare on the IP phones. We are attempting to investigate further with Nortel and our voice vendor Shared Technologies.

Let’s disable the two remaining ports that share the GBIC interfaces incase we need those in the future;

5520-48T-PWR (config)# interface fastEthernet 45-46
5520-48T-PWR (config-if)# shutdown
5520-48T-PWR (config-if)# exit

Let’s setup a QoS interface group to trust all traffic that will ingress on the fiber uplinks. By default the ERS 5520 switch will strip all QoS tags on all ports. Thankfully ADAC will take care of the QoS settings for all VoIP traffic.

5520-48T-PWR (config)# qos if-group name allUpLinks class trusted
5520-48T-PWR (config)# interface fastEthernet 47,48
5520-48T-PWR (config)# qos if-assign port 47,48 name allUpLinks
5520-48T-PWR (config)# exit

Let’s set the SNMP information;

5520-48T-PWR (config)# snmp-server name "sw-icr1-1east.sub.domain.org"
5520-48T-PWR (config)# snmp-server location "Acme Internet Phone Company (ICR1)"
5520-48T-PWR (config)# snmp-server contact "Network Infrastructure Team"

Let’s enable rate limiting for all broadcast and multicast traffic to 10% of the link;

5520-48T-PWR (config)# interface fastEthernet ALL
5520-48T-PWR (config-if)# rate-limit both 10
5520-48T-PWR (config-if)# exit

Let’s setup VLACP (Virtual Link Aggregation Protocol) on the uplinks to the core;

5520-48T-PWR (config)# interface fastEthernet 47,48
5520-48T-PWR (config-if)# vlacp port 47,48 timeout short
5520-48T-PWR (config-if)# vlacp port 47,48 enable
5520-48T-PWR (config-if)# exit
5520-48T-PWR (config)# vlacp enable

That's it your done! Well hopefully your done.

In my next post I'll tell you what DHCP options you'll need to configure on your DHCP server in order for the phones to boot properly and connect to the Nortel Call Server.

I'd like to take some time to discuss Voice over IP and share some of my real world experiences with the technology. I should note to everyone that my experiences with VoIP are strictly limited to Nortel equipment. While I'm somewhat knowledgeable about Cisco Callmanager (mostly thanks to my cousin who maintains the Call Center for a large automotive manufacturer) my personal experiences are limited to Nortel.

We've been using VoIP for almost the past 6 years with very good success. Our first forey into VoIP was using Nortel's IP Line ITG (Internet Telephony Gateway) with a Nortel Meridian 1 Option 61C switch. We had Nortel's first generation i2004 phones (the purple "barney" phones as we fondly referred to them). A few hardware and software upgrades later that same system is now known as Nortel's Succession 4.5 1000M Call Server. We've been running IP Trunks (H.323) between 5 different Succession 4.5 1000M Call Servers for well over 4 years now with great success. We've only just in the past year started really rolling out VoIP to the desktop where it makes sense (example; new construction).

What do you need to run VoIP with Nortel?

These days you can run VoIP on all sorts of different platforms from small office (BCM 50) to very large multi-site enterprises (CS 2100). I'll describe the equipment that I'm currently using;

• Nortel Succession 4.5 Call Server 1000M
• Nortel Succession 4.5 Signaling Server (two for high availability)
  
• Nortel Succession Voice Gateway Media Cards (five for high availability and capacity)
• Nortel Succession Internet License (Incremental Software Management - ISM)

You'll need a phone of course;

• Nortel i2002 Internet Telephone
• Nortel i2004 Internet Telephone
• Nortel 1140E Internet Telephone
• Nortel i2050 Software internet Telephone

You'll also need some back-end network electronics/switches;

• Nortel Ethernet Routing Switch 8600 (core)
  
• Nortel Ethernet Routing Switch 5520 PoE (edge)
  

And to make life easy you'll also need a DHCP server which you can configure with custom vendor DHCP options.

If your a data person you're most likely going to need some help from either a voice/telecom person or voice reseller. Likewise if your a voice/telecom person you're going to need some help from either a data person or a data reseller. I happen to be a data person that has learned the voice/telecom side of things from my years of exposure and from the failure of several voice resellers, nothing like picking up the books and learning something new.

Since I'm a data person I'm going to focus on the actual network electronics and the phone configuration. In the past year I've deployed more than 250 IP phones at more than 5 locations. That number doesn't include the 100 or so Nortel 2211 Wireless Internet Telephones which we'll discuss at some later date.

I currently have a Nortel 1140E (pictured right) on my desk at work along with a Nortel i2007 on my desk at home (Nortel 1150 VPN Router with Branch Office Tunnel - BOT) and an i2050 software IP phone on my laptop with a USB headset adapter that really makes the phone work.

We recently built a health center with 140+ IP phones which are all connecting to a hospital that is more than 17 miles away. We built a 10GB Wide Area Network over dark fiber utilizing Nortel Ethernet Routing Switch 8600s with 8683XLR cards and 10GBase-ER/EW XFP GBICs. We also installed and provisioned a Nortel 1000B Branch Office at the health center to provide a failover solution should the IP phones get disconnected from the Main Office Call Server. This site has been live for the past 5 months now and I'm very satisfied with the result of our work and efforts. The solution is very reliable and thanks to the design of the data network we've yet to experience an unscheduled outage.

Stay tuned for more...