Nortel will be providing converged Local Area Network (LAN) equipment to VANOC to support the networking needs of their different venues. Nortel will also be providing converged Wide Area Networking equipment to Bell Canada as they build a core IP network dedicated to the Games, to enable secure and reliable communications among all event locations.

I’m curious if this will be the last time we’ll see such a big sponsorship from Nortel. Perhaps the Nortel logo won’t even make it to Vancouver, maybe it’ll be replaced by the Avaya logo? (Anyone have any insight into that angle?).

Nortel has a website dedicated to the Vancouver 2010 Winter Olympic Games which has a very interesting case study and some detailed information. They also have a very large network diagram that I’ll post below.

Cheers!

The following enhancements are available;

• Support for Microsoft Windows 7
• Log file improvements

The following issues have been resolved;

• (090304-89596) IP Softphone 2050 freezes when calls are answered on Nortel USB Headset
• (081009-83319) IP Softphone 2050/3.3 One-way speech path
• (090903-09977) IP Softphone 2050 getting double DTMF tones on CS2100
• (090317-99855) New Call Voice Notification fails to say the CLID properly
• (090526-47034) Translation error in GUI – correct word “Release” in French, German and Spanish
• (090515-40414) Agent voice is recorded on IPCR after Mute key is activated
• (090510-36664) IP Softphone 2050 Logs have no limit in size

There were some qualifications that should be mentioned. The release notes specifically indicate that 64-bit versions of Windows XP, Windows Vista and Windows 7 are not supported although it doesn’t mention that they don’t work. The release notes also make mention that while the IP Softphone 2050 may run in VDI (Virtual Desktop Interface) from both VM Ware and Citrix Xen Desktop, neither are supported. I couldn’t imaging the potential issues of running a softphone in a VDI configuration but I guess someone has been toying with the idea.

We have about ten Contact Center users utilizing the IP Softphone 2050 v3.x with Contact Center 6 on a Nortel Succession 1000 4.5 Call Server. These users work out of their home and are connected across a Juniper SSL VPN SA4000 appliance utilizing Juniper’s Network Connect client software. We provide them an HP NC6900 laptop with all the software and they connect to their home network and Internet broadband. It’s been very successful so long as the Internet broadband connection remains stable.

You can find the complete release notes here and here.

Cheers!

The document covers standalone Nortel IP Phone sets and how they can be deployed on various Nortel switches. It also covers features on Nortel switches related to VoIP with configuration examples. Overall, topics that will be covered include the following:

Ethernet switch platforms that support PoE:

• Ethernet Switch 470-PWR
• Ethernet Routing Switch 5xxx: 5520-24T-PWR, 5220-48T-PWR, 5650TD-PWR, 5698TFD-PWR,
• Ethernet Routing Switch 45xx: 4526T-PWR, 4550T-PWR, 4524GT-PWR, 4526GTX-PWR, 4548GT-PWR
• Ethernet Routing Switch 25xx: 2526T-PWR, 2550T-PWR
• Ethernet Routing Switch 8300

VoIP technologies:

• Power over Ethernet (PoE)
• Auto configuration via DHCP for VoIP Phone sets
• Auto provisioning using tftp or http
• Quality over Service (QoS)
• Authentication using EAPoL (802.1x)
• Auto Detection Auto Configuration (ADAC)
• LLDP

If you are working with Nortel IP telephony products I would highly recommend you give this document a quick review.  It’s about 257 pages in length it’s very detailed providing lots of examples.

Cheers!

You can factory reset a Nortel IP phone that is already running UNIStim firmware release 3.0 or later.  You will need to be running the following firmware at a minimum for this procedure to work;
IP 1110 (0623C6E), IP 1120E (0624C6E), IP 1140E (0625C6E), IP 1150E (0627C6E), IP 1210 (062AC6E), IP 1220 (062AC6E), IP 1230 (062AC6E), IP 2001 (0604DCD), IP 2002 (0604DCD), IP 2004 (0604DCD), and IP 2007 (0621C6D).

The UNIStim firmware release 3.0 for IP Phones introduces the ability to restore an IP Phone to a “factory default” configuration. This can be useful when redeploying an IP Phone from one location to another, when starting to use an IP Phone with unknown history, or to reset to a known baseline configuration.

With UNIStim firmware release 3.0, and greater, the following keypad sequence is used to reset all provisioning parameters to a “factory default”:

[*][*][7][3][6][3][9][MAC][#][#]

Where the MAC corresponds to the MAC address of the IP Phone which can be found on a label on the back of the IP Phone.

Since a MAC address can contain the letters A through F, the letters A, B and C can be entered via the [2] key on the dial pad, and letters D, E and F can be entered via the [3] key.

For example, an IP Phone with MAC address 00:19:E1:E2:17:12 would be reset to “factory default” when the sequence **73639001931321712## is entered on the keypad.

Cheers!

• 0604DCN for Phase II IP Phones (2001, 2002 & 2004),
• 0621C6R for IP Phone 2007,
• 0623C6T, 0624C6T, 0625C6T and 0627C6T for IP Phone 1110, 1120E, 1140E and 1150E respectively and
• 062AC6T for IP Phone 1210, 1220, and 1230

The enhancements available with UNIStim firmware release 3.4 for IP Phones include:

• Screen Saver support (including slideshow) on the IP Phone 2007
• Support for Voice Signaling Application in LLDP-MED Network Policy TLV
• Incoming calls accepted during Zone Paging
• AG interface enhancement – forwarding of cookie deletion events
• GXAS interface enhancement – expanded Status Updates commands
• OS Diagnostics support on the IP Phone 1100 series

Here are a list of fixes included in release 3.4:

• 090708-75234 Slight chance that the IP Phone 2004 may freeze when ending an IP Call
  Recording (IPCR) call
• 090824-03336 Problem with the IP Phone 2004 obtaining an IP address when 802.1Q is
  enabled
• 090805-92397 Issue with Mouse Cursor on the IP Phone 2007 when backlight turns off
• 090713-78022 Issue with menu access when Lock Menu is enabled
• 090519-43214 SSH challenge prompt causes issue on IP Phone 1100 series
• 090728-87526 Concern with lowest ring tone setting on the IP Phone 1120E

Please refer to the release notes and the product bulletin for complete details.

Cheers!

I would urge anyone interested in voicing their support to visit Save the Internet and sign the petition.

I found this great graphic over on DVICE that should really help put it into perspective for the common Internet user.

There’s also a great article from Paul Venezia over on Infoworld; http://www.infoworld.com/d/hardware/net-neutrality-stupid-stupid-does-179

Cheers!

Here are the values I’m going to be using below;

SNMP v1,v2 read-only string = readme123
SNMP v1,v2 read-write string = writeme123
SNMP v3 userID = Manager (yes I use the same username as the old BayRS software)
SNMP v3 SHA authentication = winnie2009
SNMP v3 AES encryption = poobear2009

Nortel Ethernet Routing Switch 8600

One word of caution with the ERS8600; early default switch configurations included a SNMPv3 user called initial that had full read-write access to the entire switch. I’m not sure if Nortel has changed this behavior but I would strongly urge you to delete any default SNMP v3 users as well as change the default SNMP community strings.

Let’s set the SNMP community strings right away;

 ERS-8610:5# config snmp-v3 community commname first new-commname readme123
 ERS-8610:5# config snmp-v3 community commname second new-commname writeme123

Let’s load the proper AES, 3DES and DES encryption files;

 ERS-8610:5# config load-encryption-module 3DES /flash/p80c5110.img
 ERS-8610:5# config load-encryption-module AES /flash/p80c5110.aes

Let’s create a new SNMP v3 user called Manager;

 config snmp-v3 usm create Manager sha auth winnie priv-prot aes priv poo

Let’s create a new SNMP v3 group called admin;

 config snmp-v3 group-access create admin "" usm authPriv

Let’s give this new group access to the root MIB;

 config snmp-v3 group-access view admin "" usm authPriv read root write root notify root

Let’s add the user Manager to the group admin;

 config snmp-v3 group-member create Manager usm admin

Let’s clear out any previous SNMP trap hosts;

 config snmp-v3 target-addr delete TAddr1
 config snmp-v3 target-addr delete TAddr2

Let’s configure two new SNMP trap hosts. I actually have two configured on all my switches, with one being our HP OpenView Network Node Manager server (10.1.31.1) and the second being our Nortel Enterprise Network Management System server (10.1.31.2);

 config snmp-v3 target-addr create HPOpenView 10.1.31.1:162 TparamV1 taglist trapTag
 config snmp-v3 target-addr create NortelENMS 10.1.31.2:162 TparamV1 taglist trapTag

Let’s delete that default SNMP v3 user just in case it still exists;

 config snmp-v3 usm delete initial

Let’s set the source IP address used to communicate with the SNMP trap hosts. I want this to be the CLIP (Circuitless IP Interface) that I use for all management purposes which in this example is 10.1.50.1. I should mention that the commands below may not appear in switch software earlier than 4.7.1 or 4.6.3.

 config sys set snmp sender-ip 10.1.31.1 10.1.50.1
 config sys set snmp sender-ip 10.1.31.2 10.1.50.1
 config sys set snmp force-trap-sender true
 config sys set snmp force-iphdr-sender true

That should be everything for the Ethernet Routing Switch 8600.

Nortel Ethernet Routing Switch 1600

I’m not going to go into the line by line detail here as I did above. You should be able to follow the explanation provided above.

 ERS-1648T:1# config load-module DES /flash/p16c2160.des

 ERS-1648T:1# config snmp-v3 community commname first new-commname readme123
 ERS-1648T:1# config snmp-v3 community commname second new-commname writeme123

 ERS-1648T:1# config snmp-v3 usm create Manager sha auth winnie2009 priv poobear2009
 ERS-1648T:1# config snmp-v3 group-access create admin "" usm authPriv
 ERS-1648T:1# config snmp-v3 group-access view admin "" usm authPriv read root write root notify root
 ERS-1648T:1# config snmp-v3 group-member create Manager usm admin
 ERS-1648T:1# config snmp-v3 target-addr create HPOpenView 10.1.31.1:162 TparamV1 taglist trapTag
 ERS-1648T:1# config snmp-v3 target-addr create NortelNMS 10.1.31.2:162 TparamV1 taglist trapTag

 ERS-1648T:1# config snmp-v3 usm delete initial

That’s the ERS1600 series switch.

Nortel Ethernet Routing Switch 4500, 5500, 5600 Series

We need to create a new view so we’ll use the name snmpView;

 5520-48T-PWR(config)# snmp-server view snmpView +1.3

If you have the secure image loaded then you have access to SHA authentication, DES, 3DES and AES encryption.

 5520-48T-PWR(config)# snmp-server user Manager sha winnie2009 aes poobear2009 read-view snmpView write-view snmpView notify-view snmpView

If you receive an error using the command above (see below) you may not have the secure software image loaded on the switch. If you want to use SHA authentication, DES, 3DES or AES encryption you’ll need to load the secure image. Example SW:v6.1.0.006 will only allow you to use the md5 authentication with no encryption while SW:v6.1.0.007 will allow both MD5 and SHA authentication along with DES, 3DES or AES encryption.

 5520-48T-PWR(config)#snmp-server user Manager sha winnie2009 aes poobear2009 read-view snmpView write-view snmpView notify-view snmpView
snmp-server user Manager sha winnie2009 aes poobear2009 read-view snmpView writ
                         ^
% Invalid input detected at '^' marker.

You can use the following command to just use MD5 authentication with no encyrption;

 5520-48T-PWR(config)#snmp-server user Manager md5 winnie2009 read-view snmpView write-view snmpView notify-view snmpView

Java Device Manager

With all that done you can now use Nortel’s Java Device Manager to manage the switch using SNMP v3.

In the example to the left I’m going to connect to the ERS8600 switch at the management IP address of 10.1.50.1.

We are going to use the SNMP v3 user of Manager which we configured above.

We will also use the Authentication Protocol of SHA-96 using the Authentication Password of winnie2009 which we configured above.

We will use the Privacy Protocol of AES which we configured above along with the Privacy Password of poobear2009.

Cheers

Today I’ve a little challenge on my network: configure a permission to a specific IP for read the temperature of two ERS8600. This specific host don’t become part of my management network, so I can’t use the same snmp read community. I don’t like to free everything on the core to be read, so I start to liberate only the specific OID (temperature of chassis) on my two ERS8600, and only for the specific IP of the host, with a new read community.

After some study on Nortel documentation (2008_04_04_SNMP_on_ERS_8600_TCG_NN48500564.pdf) I present us my little todo for everone that needs some similar, because this document is not the mos objective guide of the world. My steps:

Step1: Create a MIB view, called “only_temp”, restricted for the temperature OID:

config snmp-v3 mib-view create only_temp 1.3.6.1.4.1.2272.1.100.1.2.0 type include

View the changes:

config snmp-v3 mib-view info

Step2: Create a access group called “group_temp”, with snmpv1 and v2c, no authentication, reading the “only_temp” mib-view:

config snmp-v3 group-access create group_temp "" snmpv1 noAuthNoPriv
config snmp-v3 group-access create group_temp "" snmpv2c noAuthNoPriv
config snmp-v3 group-access view group_temp "" snmpv1 noAuthNoPriv read only_temp write only_temp
config snmp-v3 group-access view group_temp "" snmpv2c noAuthNoPriv read only_temp write only_temp

View the changes:

config snmp-v3 group-access info

Step3: Create the user “user_temp” inside the group:

config snmp-v3 group-member create user_temp snmpv1 group_temp
config snmp-v3 group-member create user_temp snmpv2c group_temp

View the changes:

config snmp-v3 group-member info

Step4: Create a new community “ers8600″, index “third” (the first and second already exist, adapt for you scenario), for the user “user_temp”

config snmp-v3 community create third ers8600 user_temp

View the changes:

config snmp-v3 community info

Step5: Create a new access-policy (policy 6 in my case) for the specific IP 10.10.10.1 (where the temperature has been monitored):

config sys access-policy policy 6 create
config sys access-policy policy 6 name policy6
config sys access-policy policy 6 accesslevel ro
config sys access-policy policy 6 network 10.10.10.1/255.255.255.255
config sys access-policy policy 6 snmp-group-add group_temp snmpv1
config sys access-policy policy 6 snmp-group-add group_temp snmpv2c
config sys access-policy policy 6 service telnet disable
config sys access-policy policy 6 service ssh disable
config sys access-policy policy 6 service tftp disable
config sys access-policy policy 6 service ftp disable
config sys access-policy policy 6 service snmpv3 enable

I hope this can help someone. Bye!

I think this was a great post and appreciate Forrequi sharing this with everyone!

Cheers!

You can certainly do this from Nortel’s Java Device Manager, however, you need to be careful that you don’t saw off the branch you’re standing on when you change the SNMP community string. It’s best to configure the SNMP community strings from the CLI interface to avoid any potential issues.

Here are the CLI commands to configure the SNMP community strings on the ERS 8600 and 1600 switch. In the example below we’ll set the read-only string to open and the read-write string to lock.

ERS-8610:5# config snmp-v3 community commname first new-commname open
ERS-8610:5# config snmp-v3 community commname second new-commname lock

Here are the CLI commands to configure the SNMP community strings on the ERS 4500, ERS 5500 and ES460/470 switches. In the example below we’ll set the read-only string to open and the read-write string to lock.

5520-48T-PWR (config)# snmp-server community open ro
5520-48T-PWR (config)# snmp-server community lock rw

Cheers!

You can find the bulletin here.

Cheers!