Nortel 55x0

From FnordWiki
Jump to navigation Jump to search

Recently acquired 3 Nortel/Avaya BayStack ERS 5520-48T-PWR switches. They are pretty nifty.

Why an ERS 55x0?

  • The price is right. These can be had on eBay for < $50 including shipping at present.
  • Solid build. They have a reputation for sitting in wiring closets powering large numbers of desktop phones for years on end.
  • Well liked by the /r/homelab crowd on Reddit
  • Firmware can be found with a little searching. (These are no longer supported, and firmware is only available with a support contract if you want to go through Avaya channels. But recently released updates have made their way to sites across the Internet. Look for files with names like 5xxx_636017s.img and 5xxx_60021_diags.bin
  • Stackable. There are 2 40Gbps stack ports located at the rear of each switch. So they say "80Gbps stacking included". Stacking cables can be found for well under $20 on eBay at present.
  • POE to keep the phones and APs happy without additional power injectors in the network.
  • Way cheaper than an ERS 5650 line switch. The 5650s are the successor product. Better everything. But relatively few of them shipped. And sellers on eBay seem to want at least 5x as much for them right now. 5650s have redundant AC power options, faster stacking connection, and are still getting software updates.

Why to avoid this one

  • It's not whisper quiet. (It's not super loud, but you can't have a quiet conversation someone if you have one running on your desk.)
  • It has a reputation for being power hungry. No Kill-a-Watt so I can't measure it.
  • It's not a Cisco or Juniper or ProCurve or something else that will translate 1-for-1 to an enterprise switching certification. But they're capable and can do pretty much anything a mid-high end 48 port 1000baseT switch should do.
  • It isn't even remotely black. All the other switches I've had in recent memory have been black or grey. This is a light grey/putty color.

Get an old switch up to date

Oh, if only it were as simple as apt-get update; apt-get dist-upgrade. Alas, these run an customized embedded vxWorks that seems to be derived from an example OS provided by Broadcom, maker of most of the smarts inside these switches.

List of needed thingies:

  • Console cable. Straight through 9-pin works fine. A null modem cable is not needed. Put another way, the switch's console port is set up as an RS-232 DCE. A PC's RS-232 port is a DTE port. DTE talks to DCE over a straight through connection. And there is much rejoicing.
  • Terminal emulator. I like C-Kermit.
  • Google
  • A collection of Nortel/Avaya software images. (See above for hints on finding these. Also note that they're popular with the HomeLab crowd on Reddit
  • Enough network infrastructure to have a functional TFTP server.

Firmware update overview

The latest (and most likely last) software release for these switches is v6.3.6. I can't quite find a consistent name for the OS it runs, but that may be due to insufficient amounts of time googling. The first of the 3 switches I upgraded was running an early v6.0 release. Careful notes were not kept as that switch was upgraded. Here follows the process for switch number 2.

  1. Attach console cable
  2. fire up kermit. 9600bps, 8 data bits, no parity, one stop bit. (9600-8n1) No hardware or software flow control.
  3. Apply power to switch
  4. Interrupt bootstrap by pressing Esc a few times after "Starting.." appears. Be presented with a nice menu of options. This switch is running newer diag firmware than the first one. Diag image is "Diagnostic Version 6.0.0.10 Jan 28 2010, 11:58:40" and the agent image in the flash is "Vers: 6.1.5.015".
  5. Wipe switch config by selecting option "i" from the menu.
  6. boot the switch firmware by starting the "agent" code. This is option "a" or "b" on the menu.
  7. Type Ctrl-Y when prompted after the big NORTEL banner (This may be a big AVAYA banner instead, depending on the firmware on the switch)
  8. Enter an IP address that can reach the TFTP server when the switch's quick config wizard prompts for it.
  9. continue to the menu
  10. drop to the CLI from the the menu
  11. gain privileges using the enable command
  12. determine what versions of firmware are installed. show sys-info is your friend here. This switch (s/n LBNNTMJPT4080V) has diags version 6.0.0.10 and agent code v6.1.5.015 running. I have seen a number of references skipping lots of versions when installing updates is not a good idea, so I'll proceed from the 6.1.5 code currently running to 6.2.0 to 6.3.0 to 6.3.6.
  13. Determine if a "diags" update is needed. v6.2.0 includes diags 6.0.0.10, the same version currently installed. No need to re-flash this, so install the 6.2.0 agent code. Put the appropriate .img file in the root of the TFTP server's tree and execute download address 192.168.20.1 secondary image 5xxx_620009s.img to download and flash the new agent code. There is a handy image-if-newer version of this command, but it needs an image in the correct bank to compare against. image-if-newer 5xxx_620009s.img will report "Image version is not new" if there is no secondary image in the flash.
  14. Let switch reboot and move on to the v6.3.0 update. This one has a new diags image file: 5xxx_60015_diags.bin. The diags image is supposed to be updated before the agent image so we'll do "download address 192.168.20.1 diag 5xxx_60015_diags.bin and let the switch reboot. Follow with download address 192.168.20.1 secondary image-if-newer 5xxx_630013s.img.
  15. Last firmware step to bring us to the final 6.3.6 release: download address 192.168.20.1 diag 5xxx_60021_diags.bin followed by download address 192.168.20.1 secondary image-if-newer 5xxx_636017s.img.
  16. confirm software versions with show boot and show system


Basic configuration items

wipe the config

Put the factory blank config back onto the switch from the CLI: 

5520-48T-PWR>enable
5520-48T-PWR#restore factory-default
Warning the switch/stack will be reset to factory default configuration,
 Do you wish to continue  (y/n) ? y
Switch is now resetting to factory default configuration . . .

Switch will reboot with a clean config. The config can also be wiped using the Nortel button on the front panel or from the diags menu when first powered on.

Got logins?

It might be nice to have the switch ask for a password when a user connects to it. We'll set up two users, user and admin. Passwords are prompted for, but these lines are overwritten on the terminal so aren't recorded here. 

5520-48T-PWR>enable
5520-48T-PWR#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
5520-48T-PWR(config)#username user ro
% Invalid password length - must be from 10 to 15 characters in length
5520-48T-PWR(config)#username user ro
% Minimum 2 upper,2 lowercase letters,2 numbers,2 chars like !@#$%^&*() require
d
5520-48T-PWR(config)#username user ro
% Minimum 2 upper,2 lowercase letters,2 numbers,2 chars like !@#$%^&*() require
d
5520-48T-PWR(config)#username user ro
% Minimum 2 upper,2 lowercase letters,2 numbers,2 chars like !@#$%^&*() require
d
5520-48T-PWR(config)#username user ro
5520-48T-PWR(config)#

Note that it took several tries to get select a password that met the complexity requirements. And now for the privileged user: 

5520-48T-PWR(config)#username admin rw
5520-48T-PWR(config)#

Let!Me!L00k! and L3t!M3!Chang3! are possible passwords that do meet the complexity requirements.

Important Note: Providing a username and password is not required on the console unless the serial-security configuration setting is enabled.

Retrieved from "https://wiki.fnord.greeley.co.us/mediawiki/index.php?title=Nortel_55x0&oldid=886"