CDP
anuncia el reboot del equipo al vecino ?
Fecha: 6 al 8 de enero del 2021
Escenario
En este lab intentamos determinar por qué un switch “dispara” un paquete
CDP justo al momento de hacer un reload.
Esto surgió de manera accidental documentando justamente lo inverso: que se
transmite primero al levantar una interfaz.
Luego de configurar todo lo necesario y reiniciar el switch se capturó este
paquete malformado, lo que llevó a verificar
si fue casual o no repitiendo la prueba.
Buscando en un foro de Wireshark sobre paquetes malformados me encuentro
con que posiblemente sea un
“rudimentario” aviso al vecino de que va a dejar de estar en línea, y lo
cual hay que probar :-)
1.- Verificación de paquetes CDP
recibidos:
Switch#debug cdp packets
CDP packet info debugging is on
Switch#
Switch#
Jan 7 07:54:27.874: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1
Jan 7 07:55:19.677: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1
Jan 7 07:56:07.915: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1
Jan 7 07:56:59.054: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1
Jan 7 07:57:52.200: CDP-PA: version 2 packet sent out on GigabitEthernet1/0/1
Switch#
2.- Reinicio del switch:
Switch#reload
System
configuration has been modified. Save? [yes/no]: yes
Building configuration...
[OK]
Proceed with reload? [confirm] (enter)
Jan 7 07:58:06.265: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.
CPU rev: B
Image passed digital signature verification
Board rev: 24
Testing DataBus...
Testing AddressBus...
Testing Memory from 0x00000000 to 0x1fffffff...
---reboot omitido---
3.- Captura en el Wireshark:
4.- Comparación de tramas de CDP:
Se comparan las tramas 5 y 6 de la captura, en los logs del switch
observamos que se envían 5 tramas CDP.
La trama 6 se dispara una vez ejecutado el comando reload y ya no se
muestra en el debug de la consola.
Frame 5: 466 bytes on wire (3728 bits), 466 bytes captured (3728 bits) on interface id 0
IEEE 802.3 Ethernet
Logical-Link Control
Cisco Discovery Protocol
Version: 2
TTL: 180 seconds
Checksum: 0xe942 [correct]
[Checksum Status: Good]
Device ID: Switch
Type: Device ID (0x0001)
Length: 10
Device ID: Switch
Software Version (esto el paquete malformado no lo informa)
Type: Software
version (0x0005)
Length: 250
Software version: Cisco IOS Software,
C2960X Software (C2960X-UNIVERSALK9-M),
Version 15.2(2)E3,
RELEASE SOFTWARE (fc3)
Software version: Technical Support:
http://www.cisco.com/techsupport
Software version: Copyright (c)
1986-2015 by Cisco Systems, Inc.
Software version: Compiled Wed 26-Aug-15
07:12 by prod_rel_team
Platform: cisco WS-C2960X-24PS-L
Type: Platform (0x0006)
Length: 26
Platform: cisco WS-C2960X-24PS-L
Addresses
Type: Addresses (0x0002)
Length: 8
Number of addresses: 0
Port ID: GigabitEthernet1/0/1
Type: Port ID (0x0003)
Length: 24
Sent through Interface: GigabitEthernet1/0/1
Capabilities (el resto el paquete malformado no lo informa)
Type: Capabilities (0x0004)
Length: 8
Capabilities: 0x00000028
Protocol Hello: Cluster Management
Type: Protocol Hello (0x0008)
Length: 36
OUI: 00:00:0c (Cisco Systems, Inc)
Protocol ID: Cluster Management
(0x0112)
Cluster Master IP: 0.0.0.0
IP?: 255.255.255.255
Version?: 0x01
Sub Version?: 0x02
Status?: 0x21
UNKNOWN: 0xff
Cluster Commander MAC:
00:00:00:00:00:00
Switch's MAC: 00:5f:86:f8:b7:00
UNKNOWN: 0xff
Management VLAN: 0
VTP Management Domain:
Type: VTP Management Domain (0x0009)
Length: 4
VTP Management Domain:
Native VLAN: 100
Type: Native VLAN (0x000a)
Length: 6
Native VLAN: 100
Duplex: Full
Type: Duplex (0x000b)
Length: 5
Duplex: Full
Trust Bitmap: 0x00
Type: Trust Bitmap (0x0012)
Length: 5
Trust Bitmap: 0x00
Untrusted port CoS: 0x00
Type: Untrusted Port CoS (0x0013)
Length: 5
Untrusted port CoS: 0x00
Management Addresses
Type: Management Address (0x0016)
Length: 8
Number of addresses: 0
Power Available: 0 mW, 4294967295 mW
Type: Power Available (0x001a)
Length: 16
Request-ID: 0
Management-ID: 1
Power Available: 0mW
Power Available: 4294967295mW
Spare Pair PoE
Type: Spare PoE (0x001f)
Length: 5
Spare Pair PoE: 0x00
Type: Unknown (0x1004), length: 19
Type: Unknown (0x1004)
Length: 19
Data: 303035662e383666382e6237303000
Radio 1 channel: 1
Type: Radio1 channel (0x1003)
Length: 5
Platform: 1
Frame 6: 84 bytes on wire (672 bits), 84 bytes captured (672 bits) on interface id 0
IEEE 802.3 Ethernet
Logical-Link Control
Cisco Discovery Protocol
Version: 2
TTL: 0 seconds
Checksum: 0x9016 [correct]
[Checksum Status: Good]
Device ID: Switch
Type: Device ID (0x0001)
Length: 10
Device ID: Switch
Port ID: GigabitEthernet1/0/1\020\004\000
Type: Port ID (0x0003)
Length: 24
Sent through Interface: GigabitEthernet1/0/1\020\004
[Malformed Packet: CDP]
[Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
[Malformed Packet (Exception occurred)]
[Severity level: Error]
[Group: Malformed]
5.- Detalle encontrado en la web de
Wireshark:
It seems that Cisco uses CDP packet with capability 0 and Null platform string to force CDP
entry aging on neighboring device during reload.
Fuente: https://www.wireshark.org/lists/wireshark-bugs/201608/msg00434.html
6.- Por lo que nos lleva a verificar
mediante un vecino CDP:
7.- Verificamos vecino
CDP:
Switch-B#sh
cdp nei
Capability Codes: R - Router, T - Trans Bridge,
B - Source Route Bridge
S - Switch, H - Host, I -
IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M -
Two-port Mac Relay
Device ID
Local Intrfce Holdtme Capability
Platform Port ID
Switch-A
Gig 1/0/1 129 S I WS-C2960X Gig 1/0/1
Total cdp entries displayed : 2
Switch-B#
8.- Verificamos en
Switch-A:
Switch-A#sh
cdp nei
Capability Codes: R - Router, T - Trans Bridge,
B - Source Route Bridge
S - Switch, H - Host, I -
IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M -
Two-port Mac Relay
Device ID
Local Intrfce Holdtme Capability
Platform Port ID
Switch-B
Gig 1/0/1 168 S I WS-C2960X Gig 1/0/1
Total cdp entries displayed : 1
Switch-A#
9.- Reiniciamos en
Switch-A:
Switch-A#reload
Proceed with reload? [confirm] (enter)
10.- Verificamos en Switch-B:
Switch-B#
Jan 8
08:00:53.817: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet1/0/1, changed state to down (por el reinicio del
Switch-A)
Jan 8
08:00:54.820: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to
down
Switch-B#
11.- Verificamos vecino CDP:
Switch-B#sh
cdp nei
Capability Codes: R - Router, T - Trans Bridge,
B - Source Route Bridge
S - Switch, H - Host, I -
IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M -
Two-port Mac Relay
Device ID
Local Intrfce Holdtme Capability
Platform Port ID
Total cdp entries displayed : 0
Switch-B#
12.- Verificación si es por SHUT de
la interface o el CDP malformed:
Al reiniciar el switch A ambas interfaces entran en modo DOWN por lo que el
vecino CDP se retira de la tabla
debido a que la interface asociada “se cae”.
Switch-B#sh
cdp nei
Jan
8
08:06:13.297: CDP-PA: Packet received from Switch-A on interface
GigabitEthernet1/0/1
Jan
8
08:06:13.300: **Entry found in cache**
Capability Codes: R - Router, T - Trans Bridge,
B - Source Route Bridge
S - Switch, H - Host, I -
IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M -
Two-port Mac Relay
Device ID
Local Intrfce Holdtme Capability Platform Port ID
Switch-A
Gig 1/0/1 178 S I WS-C2960X Gig 1/0/1
Total cdp entries displayed :
1
Switch-B#
13.-
Sacamos patch-cord:
Switch-B#
Jan
8
08:06:23.772: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet1/0/1, changed state to down
Jan
8
08:06:24.772: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to
down
Switch-B#
14.- Verificamos vecino CDP:
Switch-B#sh
cdp nei
Capability Codes: R - Router, T - Trans Bridge,
B - Source Route Bridge
S - Switch, H - Host, I -
IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M -
Two-port Mac Relay
Device ID
Local Intrfce Holdtme Capability Platform Port ID
Total cdp entries displayed :
0
Switch-B#
15.- Pruebas manteniendo la
interface UP en el Switch-B:
De esta manera mantenemos arriba la interface del Switch-B, por lo que solo
deberia retirar de la tabla CDP
al vecino (Switch-A), o por el paquete malformado que indica retirar, o al
cumplirse el hold-time.
16.-
Verificamos vecino CDP:
Switch-B#sh
cdp nei
Capability Codes: R - Router, T - Trans Bridge,
B - Source Route Bridge
S - Switch, H - Host, I -
IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M -
Two-port Mac Relay
Device ID
Local Intrfce Holdtme Capability Platform Port ID
Switch-A
Gig 1/0/1 172 S I WS-C2960X Gig 1/0/1
Total cdp entries displayed :
1
Switch-B#
17.- Reiniciamos el Switch-A:
Switch-B#debug cdp events
CDP events debugging is on
Switch-B#
(último paquete normal recibido)
Jan
8
08:22:16.627: CDP-EV: Packet Received from Switch-A with capability = 28 and
Platform string = cisco WS-C2960X-24PS-L on interface GigabitEthernet1/0/1
Jan
8
08:22:16.627: CDP-EV: APP-TLV already enqueued: duplex = 3, native-vlan = 1
CDP-EV:
received_vtp_mgmt_domain = 1, vtp_mgmt_domain_length = 0
CDP-EV:
vtp-management-domain-name = '', type: 4099
Jan
8
08:22:30.213: CDP-PA: Packet received from Switch-A on interface
GigabitEthernet1/0/1
Jan
8
08:22:30.213: **Entry found in cache**
(paquete malformado)
Jan
8
08:22:30.213: CDP-EV: Packet Received from Switch-A with capability = 0 and Platform string = on interface GigabitEthernet1/0/1
Jan
8
08:22:30.220: CDP-EV: Notify registered clients about the entry deletion from CDP cache for GigabitEthernet1/0/1
Jan
8
08:22:30.220: CDP-EV: APP-TLV removed, neighbor:Switch-A, type: 4100
Jan
8
08:22:30.220: CDP-EV: APP-TLV removed, neighbor:Switch-A, type: 4099
Switch-B#
18.- Verificamos vecino CDP:
Switch-B#sh
cdp nei
Capability Codes: R - Router, T - Trans Bridge,
B - Source Route Bridge
S - Switch, H - Host, I -
IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M -
Two-port Mac Relay
Device ID
Local Intrfce Holdtme Capability Platform Port ID
Total cdp entries displayed :
0
Switch-B#
19.- Resumen:
Podemos afirmar que al momento del reinicio, el switch envía un paquete CDP
con parámetros que de alguna manera
indican que deben quitarlo como vecino de la tabla CDP, esto en ciertas
condiciones puede evitar un mal diagnóstico de
posibles problemas de conectividad asumiendo que un vecino existe cuando en
realidad está off-line mientras dure el
holdtime CDP (en la última prueba, punto 15 es de 172 segundos).
(2021) What will you say before you die?
Rosario, Argentina