skip to Main Content

Avaya VSP 4000 Configuration Guide

I’ll attempt to give you enough information to get a relatively complex configuration of the VSP 4000 going.  We will of course start from the basics and then build on that.

The assumption here is that you are using the VSP as a traditional network switch and not in SPB mode.

In my opinion, the VSP 4000 is Avaya’s hidden little gem in their networking portfolio. It has features that can only be found in switches that cost 5-10 times more.

I am guessing you did not come here for the preaching, so lets get right to it.

The basics

The VSP 4000 comes in 2 basic flavors (as at the time of this writing)

  1. VSP 4450
  2. VSP 4850

The VSP 4450 is white, whereas the VSP 4850 is dark gray / black . You can get both switches with options such as AC or DC, POE or Non – POE.

They all have 50 Ethernet ports and run the same exact software.

If you have seen an ERS 4850, you’ll notice that it looks pretty similar to a VSP 4850. The hardware is pretty much the same, except for the VSP 4850 having a permanent usb drive which runs the VSP software.

The VSP 4850 is also NOT stackable.


Initial access to the VSP 4000 will be via the console port. A standard setting of 9600,8,N,1 should get you in.

If you have problems with consoling in, you may want to read the newest Avaya documentation at the time you are having the problem.


Once consoled in, you should be presented with a login screen.

The default username / password for the VSP 4000 is rwa/rwa . rwa stands for Read, Write, All. There are a few other defaults eg rw/rw , ro/ro

ro = Read Only

rw = Read, Write


There are some differences between the rw and the rwa accounts. One of them being that that the rw account will not allow you to perform software upgrades on the device.

You definitely want to use the rwa username for the initial configuration of your switch. Login with username rwa and password rwa.

Go ahead and type the command ‘enable’ . This should bring you to the  privilege exec prompt.


Before we get to configuring our switch , lets look around.


We can use a bunch of unix like commands for interacting with the file system on the VSP 4000.


Type ‘ls’ , and you should see something like the following:










This command can also be run before typing the ‘enable’ command and getting into privilege exec mode (That’s what we actually did above)

One of the files you don’t see in my abbreviated output is a file named config.cfg . This is the file that stores the configuration of the switch.

The first thing we want to do, is erase that file so we can start from scratch. By the way, if you have changed the username and password, erasing the config file does not have an effect on that.

To erase the configuration, type the command ‘delete config.cfg’ , then ‘boot’ .

Obviously, you want to answer yes to each question when asked if you are sure, except if the system asks whether you want to save the config.

Once the switch boots back up, we are ready to get to work.


We’ll configure 2 VLANs, assign ip addresses to both VLANS , assign around half the ports to one VLAN, and the remaining half to the other.

We will also assign a trunk port to both VLANs and configure a default route.


Log back in:

Set the prompt/hostname to read LabVSP thus:

‘prompt LabVSP”




The VSP 4000 has 64 spanning tree instances, and you have to create your VLANs in one of those. The default VLAN 1 uses instance 0, so we’ll avoid that and use instance 1.


‘vlan create 10 name red type port-mstprstp 1’

‘vlan create 20 name blue type port-mstprstp 1’




Lets add the VLANs to some ports:

‘vlan members add 10 1/1-1/5’

‘vlan members add 20 1/6-1/10’

We just added VLAN 10 to ports 1/1 to 1/5, and VLAN 20 to ports 1/6 to 1/10. You don’t have to do this as a range, you can add one port at a time

Let’s save our config:

‘save config’

Now, lets take a look at the ports we configured:

‘show interfaces gigabitEthernet vlan’










Now we need to configure a trunk port to carry both VLANS and connect to some other device on our network.

Let’s use port 1/11

‘interface gigabitEthernet 1/11’

‘encapsulation dot1q’

‘vlan members add 10 1/11’

‘vlan members add 20 1/11’

vlan members remove 1 1/11

We set port 1/11 as a trunk port, added VLANS 10 and 20 to it, and removed VLAN 1


Lets see what the ports look like now:












You may have noticed that the default VLAN is 0 (zero). It makes no difference, since the port only sends tagged traffic.

Now on to configuring the VLAN interfaces, and routing


‘int vlan 10’

‘ip address’


‘int vlan 20’

‘ip add’

Add a default route:

“ip route weight 1”

“ip route enable”


At this point, a ‘show ip route’ shows an empty routing table, since I have nothing connected to VLANs 10 and 20, and the default gateway is not reachable.








Once we connect a few devices as well as the default gateway. we get different results:










That’s it. We have configured 2 VLANs , assigned ip addresses to the VLAN interfaces, set up inter vlan routing and also configured a trunk (tagged) port to carry both VLANs to another device.


Some Extras

Obviously, there are many more things you may want to do, and I will touch on a few of them very briefly.

One thing I find that trips up a lot of Cisco Engineers when setting up the VSP is trunking (or tagging). On a Cisco switch, when you set up a trunk, it traditionally allows all VLANS through the port, and has a default untagged VLAN (VLAN 1).

On the VSP, you have to explicitly add every single VLAN you need each trunk port to carry. In addition, trunk ports do NOT carry any untagged traffic by default. To have a tagged VSP port carry untagged traffic, you would have to explicitly configure that port to do it.

Here’s how:

“untag-port-default-vlan enable”

Then assign the default VLAN:

“default-vlan-id xx” , where xx is the VLAN you want to be untagged.


Enabling SSH , Telnet and Web Access

The following command will enable ssh, telnet and web access.

“boot config flags sshd”


“boot config flags telnetd”

“web-server enable”

The Console passwords by default , will apply to ssh and telnet access. The web server can by default be accessed with the username/password  admin/password .


This Post Has One Comment

Leave a Reply

Back To Top