Recently I needed to renew my Cisco CCNPs, that is both CCNP Routing and Switching as well as CCNP Security. While working with Cisco products (well now they own SourceFire, so exclude these) is not within my daily duties, I still thought it was important for me to maintain these two credentials. As a result, I've put together my notes below focusing on the key points I used to study. I believe that someone else may find them useful.
- Cisco proprietary
- Layer 2 Technology
- Not supported on ATM ports
- UDLD port cannot detect unidirectional link if it is connected to a UDLD-incapable port of another switch
- By default disabled globally and on all Ethernet and fiber-optic ports
- Can be enabled via:
SW2(config)#udld enable
OR
SW2(config)#udld aggressive
- Enable on the interface via:
SW1(config-if)#udld port
OR
SW1(config-if)#udld port aggressive
- Default message interval "15"
- Default timeout interval "5"
- Shows "CDP Device name"
- Can reset ports disabled by UDLD via:
SecurityNik#udld reset
- Enables devices connected through fiber-optic or twisted pair cable to monitor the cable's physical configuration
- Can recognize when a unidirectional link exists
- All connected devices must support UDLD for the protocol to successfully identify and disable unidirectional links
- When UDLD detects a unidirection link it disables the link and alerts you
- UDLD links can cause a variety of problems, including:
- spanning-tree topology loops caused by undirectional links
- Incorrect cabling of unbundled fiber strands
- Tranceiver or link hardware malfunctioning
- Incorrect or excessive flooding of packets
- Loss of traffic without notice (also known as black holing)
- UDLD supports two modes:
- Normal (Default)
- Can detect unidirectional links due to misconnected ports on fiber-optic connections
- Detects unidirectional link when fiber-optic links are misconnected
- Links are considered to be "undetermined" when the ports are connected correctly but the traffic is one way.
- UDLD does not disable ports in "undetermined"
- If one fiber strand in a pair is disconnected, once autonegotiation is active, the link will not stay up.
- Aggressive
- Aggressive mode disabled by default
- Can detect unidirectional links on both fiber-optic and ethernet as well as misconnected ports on fiber-optic links
- Can detect unidirectional link on point-to-point link
- can detect when one of the ports cannot send or receive traffic and disable the affected port
- One port is down while the other is up and disable the affected port
- One of the fiber strands in acable is disconnected and disable the affected port
- Works with Layer 1 mechanisms to learn the physical status of links
- UDLD performs tasks that auonegotiation cannot perform
- Can detect the identities of neighbors
- Can shutdown misconnected ports
- When UDLD is enabled both Layer 1 and Layer 2 detections work together to prevent physical and logical unidirectional connection and the malfunctioning of other pprotocols
- Unidirectional link is when traffic sent by one device is received by its neighbor but the traffic from the neighbor is not received by the original sender
- On point-to-point links UDLD hello packets as hearbeats which determines the health of the link
- The absence of heartbeat means the link must be down
Unidirectional links are detected via the following:
- Neighbor database maintenance
- Neighbors are learned via hello packets known as advertisements or probes
- Hello sent on every active port
- Whenever a switch receives a new hello before the old one expires, it replaces the old one with the new one
- UDLD clears all existing cache entries whenever the following occurs:
- port is disabled and UDLD is running
- UDLD is disabled on a port
- Switch reset
- Caches are kept synchronized via a message sent to the neighbor notifying them to flush the part of their cache affected by the status change
- Event-driven detection and echoing
- UDLD uses echoing for its detection mechanism
- Detection window is restarted whenever a new neigbor is learned or a resynchronization request is received from an out-of-sync neighbor
- When the detection windows ends and there is no valid reply messages, the link is shutdown depending on the mode:
- In normal mode, if the link is considered to be in "undetermined" mode, the link may not be shutdown
- When in agressive mode, the link is considered unidirectional and the port is disabled
- Verifying UDLD configuration can be done with:
SecurityNik#show udld neighbors
Port Device Name Device ID Port ID Neighbor State
---- ----------- --------- ------- --------------
Fa1/0/10 FDO1446K0S2 1 Gi1/0/10 Bidirectional
OR
SecurityNik#show udld fa1/0/10
Interface Fa1/0/10
---
Port enable administrative configuration setting: Enabled
Port enable operational state: Enabled
Current bidirectional state: Bidirectional
Current operational state: Advertisement - Single neighbor detected
Message interval: 15
Time out interval: 5
Entry 1
---
Expiration time: 38
Device ID: 1
Current neighbor state: Bidirectional
Device name: FDO1446K0S2
Port ID: Gi1/0/10
Neighbor echo 1 device: CAT0945R1HE
Neighbor echo 1 port: Fa1/0/10
Message interval: 15
Time out interval: 5
CDP Device name: SW2
-----------------------------------------------------------
References:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_52_se/configuration/guide/3750scg/swudld.html
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/udld.html
No comments:
Post a Comment