Michael McNamara

I've received quite few messages from folks trying to setup and configure the ISC DHCP server that often comes bundled with all the major Linux distributions for Nortel Internet Telephony. Nortel has several "Technical Configuration Guides" that outline how to configure Microsoft's DHCP Server but I don't believe they ever discuss the ISC DHCP server.

I will admit that I really don't use the ISC DHCP server these days. We've been using Lucent's VitalQIP IP Management software to manage our internal BOOTP/DHCP/DNS/DDNS needs for the past 10 years.

However, since there was so much interest I decided to setup a lab (at home) with a i2002 phone and a server running CentOS v5.0. I installed dhcp-3.0.5-7.el5 via YUM and came up with a sample dhcpd.conf file that anyone should be able to modify to meet their specific needs.

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample 
#
# Sample dhcpd.conf file for Nortel Internet Telephony
#
# Notes: example dhcpd.conf file to illustrate how to configure Nortel
# Internet Telephone specific DHCP options for i2002/i2004 Internet
# Telephones and 2210/2211 Wireless Phones.
#
# *** WARNING *** WARNING *** WARNING *** WARNING ** WARNING ***
#
# This is just an sample file with specific IP information. You'll
# need to customize this file to your specific IP address scheme
# before you can use it in your environment.
#
# *** WARNING *** WARNING *** WARNING *** WARNING ** WARNING ***
#

ddns-update-style none;
not authoritative;

option nortel-callserver code 128 = string;
option nortel-2245 code 151 = ip-address;

# Vendor Class for i2002/i2004/1120e/1140e/1150e Internet Telephones
class "Nortel-i2004-A" {
match if substring (option vendor-class-identifier, 0, 14) = "Nortel-i2004-A";
option nortel-callserver "Nortel-i2004-A,192.168.200.2:4100,1,5;192.168.200.2:4100,1,5.";
option vendor-class-identifier "Nortel-i2004-A";
next-server 192.168.0.10;
}

# Vendor Class for 2210/2211 Wireless Phones
class "Nortel-221x-A" {
match if substring(option vendor-class-identifier, 0, 13) = "Nortel-221x-A";
option nortel-callserver "Nortel-i2004-A,192.168.200.2:4100,1,5:192.168.200.2:4100,1,5.";
option nortel-2245 192.168.200.25;
option vendor-class-identifier "Nortel-221x-A";
next-server 192.168.0.10;
}

# Network Definition
shared-network "mynetwork" {
 subnet 192.168.0.0 netmask 255.255.255.0 {
 option subnet-mask 255.255.255.0;
 option routers 192.168.0.1;
 option domain-name "acme.org";
 option domain-name-servers 192.168.0.1;
 default-lease-time 28800;
 max-lease-time 86400;
 
   # IP Address Pool for generic devices
   pool {
      range 192.168.0.50 192.168.0.100;
      deny members of "Nortel-i2004-A";
      deny members of "Nortel-221x-A";
   }

   # IP Address Pool for i2002/i2004/1120e/1140e/1150e
   pool {
      range 192.168.0.150 192.168.0.175;
      allow members of "Nortel-i2004-A";
      deny members of "Nortel-221x-A";
   }

   # IP Address Pool for 2210/2211
   pool {
      range 192.168.0.176 192.168.0.199;
      deny members of "Nortel-i2004-A";
      allow members of "Nortel-221x-A";
      }
 }
}

In the example above I setup two DHCP scopes; one for the standard hardwired Nortel Internet Telephones (Nortel-i2004-A) and another for the Nortel Wireless Phones (Nortel-221x-A). Hopefully this example should be fairly easy to follow just remember to edit all the site specific IP information.

Cheers!

A few folks have asked me to comment on the Nortel Wireless Phones (VoWLAN). I currently have ~ 100 Nortel Wireless 2211 Phones deployed across six locations. One site has ~ 60 phones deployed across a very large hospital campus. You should know that the Nortel Wireless 2200 Series phones are OEM'd from Spectralink. Spectralink makes some really great wireless products and Nortel has chosen a good partner in their endeavor. I would honestly have to say that the product works well and I'm generally impressed by it. I also have ~ 10 Nortel Wireless 2210 Phones but we found these phones did not have as good a signal reception/strength as the 2211s nor did they hold up to the abuse of a health care environment well.

You'll need a Nortel Succession Call Server (along with a Succession Signaling Server and Voice Gateway Media Card) configured for "IP Line" before you'll be able to deploy any wireless phones. If you already have any of the Internet Telephones deployed then you have already have "IP Line". Once you have your Call Server connected to the network you just need to deploy the Nortel WLAN IP Telephony Manager 2245 (Wireless Gateway). The 2245 wireless gateway converts the Spectralink Voice Priority (SVP) used by the phones to UNIStim/H.323 used by the backend Succession equipment. Of course you'll need a wireless network(802.11b) in place to carry the traffic. We use Motorola's WS5000 and WS5100 Wireless LAN Switches. We're also in the process of evaluating the RFS7000 from Motorola.

Note: we've currently identified an issue with the WS5100 v3.x that causes the Nortel Wireless phones to randomly watchdog and reboot themselves. We've also identified this same problem on the RFS7000 v1.x. We are currently only providing VoWLAN services on Motorola Wireless LAN switches running v2.1.3 software. Motorola and Nortel are aware of the issue and are working towards a solution.

The Nortel 2245 wireless gateway will literally proxy all communications between the phones at the Succession backend equipment. This requires that the 2245 assign a proxy/secondary IP address for every wireless phone (this is done in the configuration of the 2245). From the wireless network standpoint the wireless phones will have an IP address issued by the DHCP server, but the 2245 will replace that IP address with a second IP address it will use to communicate with the backend Succession environment. This is so when the Succession backend tries to signal the phone it will send the traffic back to the 2245 wireless gateway which will then transcode the signal/data and send it the actual IP address of the wireless phone. The Nortel 2245 wireless gateway also works to provide QoS for the wireless voice traffic.

Nortel has just recently release the 6120 and 6140 Wireless Phones which support 802.11a/b/g wireless networks. I'll be evaluating those in the coming months to see how they fair against the current products.

Technical Stuff
The Nortel 2210/2211 Wireless Phones can be configured in DHCP with the vendor class of "Nortel-221x-A". They will accept the same DHCP option code of "128" with the same format as the i2002/i2004/1120e/1140e/1150e Internet Telephone. You'll also need to pass DHCP option 151 (IP address of the 2245 server). Software upgrades are performed over TFTP using DHCP option 66 (IP address of TFTP server).

Hopefully that's enough to give you the basics.

Cheers!

It would seem that just like everyone else out there I have the same problems and woes.

I powered on my rig last Saturday morning only to get a SMART warning from my Epox Nforce4 Ultra motherboard.

SATA1 hard disk failure imminent; backup data and replace disk immediately.

I wondered if the report was correct. Well sure enough it became painfully evident that there was something wrong. When I went to check the System Log from Windows XP I found quite a few disk errors which all but confirmed the earlier report. I did some quick research and decided to take this opportunity to step-up from a 7,200 RPM drive to 10,000 RPM drive. With the HP Proliant servers we have at work the hard drives (SCSI, SATA, SAS) go up to 15,000 RPM. I chose the Western Digital Raptor X WD1500AHFD 150GB 10,000 RPM from NewEgg.com of course. (Image courtesy of NewEgg.com)

Let me just tell everyone that the performance boost is very noticeable. I will admit that I had to re-install Windows XP so that is probably also playing into the equation, but the system and GUI are much more responsive than before. I would quantify it at between 15% and 20% increase in performance. The Raptor X is only a SATA (1.5Gbps) while my two previous SATA drives were (3.0Gbps) but that doesn't seem to really matter. The drive has a clear top to it so you can see the actual head and disk platter, just be careful not to push/lean on it.

Cheers!

The Nortel ERS 5500 Series switches support Layer 3 switching (routing) but only with static routes. The Advanced Routing License is required to provide the following features;

• OSPF (Open Shortest Path First) Routing
• VRRP (Virtual Routing Redundancy Protocol)
• ECMP (Equal Cost Multi-Path)
• SMLT (Split Multilink Trunking)
• IPFIX (IP Flow Information Export)

The license is based on a switch or stack - a single license will be required for a standalone switch or for a stack of up to eight units. A single license will enable all of the features described above.

I believe Nortel is selling the licenses in counts of 1, 10, 50 or 100. The licenses will be tied to the MAC address of the switch with some amount of flexibility should a switch fail or need to be replaced.

Did you know that there is a 30 day demo license available?

As of software release v5.1 there is a 30 day demo license available which you can load on the switch to evaluate the different features. I'm currently running two ERS 5500 series switches with the 30 day demo license testing the OSPF functionality.

The 30 day demo license can be found on Nortel website just below the v5.1 software release. Once you've retrieved the demo license (filename: 30daydemo.lic) you'll need to place it on a TFTP server (or you could try a USB flash drive if your working with an ERS 5530 switch).

ERS5530> enable
ERS5530# copy tftp license 10.101.20.1 30daydemo.lic

You would of course need to substitute your TFTP server IP address with 10.101.20.1 above. Once you've downloaded the license you'll need to restart the switch to activate the license. After the switch has restarted you can use the following command to check the license;

ERS5530#show license all
Number of licenses: 1
---------------------------------------------------------
License 1
---------------------------------------------------------
version: 0
md5_key: 9f8d802b 1459576e 7d0b8951 af8e1751
md5_file: 8375fe89 ea7eb5e2 fa155e7a 181410c8
time_base: 2007/06/22 08:19:01
time_modify: 2007/06/22 08:19:01
time_expiration: 28 days, 05:05:00
num_unique_ids: 1
flags: 0x0000000d SINGLE EXPIRE EMERGENCY
memo:

*** This is a temporary license valid for 30 days. A valid license is ***
*** required for uninterrupted operation of the switch. There may be ***
*** service impact if this temporary license is not removed in 30 days. ***

You can also delete the existing software licenses with the following command;

ERS5530# clear license all

Cheers!

The Nortel VPN (formerly Contivity) Routers are among some of the best in the industry. The majority of the product line came to Nortel (formerly Bay Networks) from the acquisition of New Oak back in 1999.

Since that time Nortel has added a few lower end SOHO solutions, Nortel VPN Router 200 series, to the product line which I believe are OEM'd from ZyXEL. I'm not very fond of the 200 series and I would NOT recommend them to anyone. I am, however, very fond of the 1100 series as it runs the same software that the larger models run.

Thankfully they all share the same default username and password. Unfortunately they don't all share the same software or configuration interface.

The default username is "admin".
The default password is "setup".

With the traditional Nortel (Contivity Switches) VPN routers there are two internal IP addresses assigned to the one physical internal interface. One IP address is for management and the other for routing traffic. The default management IP address for these models (Nortel VPN Router 1000 Series, 2000 Series, 4000 Series, 5000 Series) is;

http://192.168.1.2

The actual traffic interface is 192.168.1.1 and the default DHCP address range should be between 192.168.1.3 - 192.168.1.254.

Cheers!

This post applies to the following models;

• Nortel Business Policy Switch 2000
• Nortel Ethernet Switch 300 Series
• Nortel Ethernet Switch 460
• Nortel Ethernet Switch 470
• Nortel Ethernet Switch 2500 Series
• Nortel Ethernet Switch 4500 Series
• Nortel Ethernet Route Switch 5500 Series

It is possible that the switch agent image, that is stored in NVRAM on the switch, can become corrupt for some reason or another. In this case the switch will not boot up properly and will require some special intervention.

Diagnostic Version X.X.X.X
Press Control-C to Enter Diag

Test ROM Config - PASSED
Test FANs - PASSED
Test Internal Loopback - PASSED
Test ASIC1 Registers - PASSED
Test ASIC2 Registers - PASSED
Test PHY Registers - PASSED
Test USB Registers - PASSED
Agent code verification fails!

>> Break Recognized - Wait...
Press 'a' to run Agent code
Press 'd' to download Agent code
Press 'e' to display errors
Press 'c' to clear log message
Press 'i' to initialize config flash
Press 'p' to run POST tests...

You can use the boot diagnostic code to download the agent code to the switch using the "d" option. While the switch is booting using "Ctrl-C" to break the boot sequence and select "d" from the menu.

WARNING: the TFTP server needs to be physically connected to the switch in question

Download Agent Code

Enter Port Number [ ]:
Enter Speed: 10, 100, 1000 [ ]:
Enter Local IP Address [ 0.0.0.0 ]: 10.10.10.15 (IP given to Switch)
Enter Server IP Address [ 0.0.0.0 ]: 10.10.10.1 (IP of local TFTP server)
Enter Subnet Mask [ 255.255.255.0 ]:
Enter Filename: boss_1234.img
Wait..
TFTP: Sending Open: .aaaaa.a
TFTP: Open
...............................................................
.............................................................
Len= 0x20795E= 2128222. (@1200000)
Agent Version= 5.0.0.0 ModelMask= 0x1C
Program y/N [ N ]: y (Press y)
Erasing - Wait 56 sec..
Programming - Wait 96 sec..

Once the download is complete you'll need to run the agent code by selecting "a"

Starting Agent Code..

Decompressing the image ...
Target Name: vxTarget
User: target
Attaching network interface idtip0... done.
Attaching network interface lo0... done.

Completing initialization...

At this point the switch should be booting up although it may take ~ 2 minutes for the switch to fully initialize the software and configuration.

Cheers!

Protecting your network switches from un-authorized access should be high on everyone's list these days. It's clear that an insecure switch is a liability in any network topology. In the vast majority of cases this means at least changing the default username and passwords along with the SNMP community strings. In environments where you need additional access security you can use the Ethernet Routing Switch 8600 Access Policy to restrict administrative access to the switch. This allows you to easily define networks which should have access and what services they should have access to.

In the example below I'm allowing access from the network 10.1.1.0/24 for FTP, HTTP, SNMP(v3), SSH, TELNET and TFTP.

ERS-8610:5# config sys access-policy policy 10 create
ERS-8610:5# config sys access-policy policy 10 network 10.1.1.0/24
ERS-8610:5# config sys access-policy policy 10 service ftp enable
ERS-8610:5# config sys access-policy policy 10 service http enable
ERS-8610:5# config sys access-policy policy 10 service snmpv3 enable
ERS-8610:5# config sys access-policy policy 10 service ssh enable
ERS-8610:5# config sys access-policy policy 10 service telnet enable
ERS-8610:5# config sys access-policy policy 10 service tftp enable
ERS-8610:5# config sys access-policy policy 10 snmp-group-add admin snmpv1
ERS-8610:5# config sys access-policy policy 10 snmp-group-add admin snmpv2c
ERS-8610:5# config sys access-policy policy 10 snmp-group-add v1v2grp snmpv1
ERS-8610:5# config sys access-policy policy 10 snmp-group-add v1v2grp snmpv2c
ERS-8610:5# config sys access-policy policy 10 snmp-group-add readgrp snmpv1
ERS-8610:5# config sys access-policy policy 10 snmp-group-add readgrp snmpv2c
ERS-8610:5# config sys access-policy policy 10 enable

Just don't forget to enable the access policy;

ERS-8610:5# config sys access-policy enable true

You could also use host masks as opposed to network masks if you wish to allow only specific management stations access to the switch.

Cheers!