Figure 10-1: Network Setup for Cisco Discovery Protocol
- Cisco Discovery Protocol (CDP) is a Cisco-proprietary data link layer device discovery protocol designed for gathering hardware and software information of neighboring devices. Such info is useful for troubleshooting and documenting a network.
- CDP updates are sent as multicasts. It is a L2 protocol and runs on all physical interfaces that support SNAP (Subnetwork Access Protocol), eg: all LAN protocols, HDLC, Frame Relay, and ATM. The only media type CDP cannot operate over is X.25, as it does not support SNAP.
- CDP is a L2 protocol, hence it is independent on any L3 protocol – Cisco devices are able to discover L3 addressing details of neighboring devices even without any network layer (L3) addressing configuration.
- The show cdp neighbors detail EXEC displays many useful information regarding all neighboring devices.
- CDP frames do not pass through switches, they are only sent to directly connected devices.
Ex: In Figure 10-1, c2500’s CDP neighbor is only Cat3550; Cat2900XL is not its CDP neighbor.
- Below interprets the fields of the output of the show cdp neighbors EXEC command:
Field Description
Device ID The hostname of the directly connected device.
Local Interface The interface of the local device that received the CDP packet from the directly connected device.
Holdtime The amount of time a device will hold (keep) the received CDP information before discarding it if no more CDP packets are received.
Capability The capabilities of the directly connected device, eg: router, switch, etc.
The device capability codes are listed at the top of the command output.
Platform The model of the directly connected device.
Port ID The interface of the neighboring device that transmitted the CDP packet.
c2500 Cat3550 Cat2900XL
192.168.0.1 192.168.0.2 192.168.0.3
192.168.0.11
E0 Fa0/1 Fa0/2 Fa0/1
- Below shows some CDP command outputs on Cat3550:
- CDP global parameters can be modified using the following global configuration commands:
cdp timer {sec} Used to define how often to send the periodical CDP updates out to all CDP enabled interfaces.
cdp holdtime {sec} Used to define how long a device will hold (keep) the received CDP information before discarding it if no more CDP update is received.
- CDP Version 2 (CDPv2) is the most recent release of the Cisco Discovery Protocol. It provides a reporting mechanism which can send error messages to the console or a Syslog logging server upon occurrences of unmatched 802.1Q native VLAN ID, unmatched port duplex states, etc.
Cat3550#sh cdp ?
entry Information for specific neighbor entry interface CDP interface status and configuration neighbors CDP neighbor entries
traffic CDP statistics | Output modifiers <cr>
Cat3550#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID Cat2900XL Fas 0/2 152 T S WS-C2924-X Fas0/1 c2500 Fas 0/1 137 R 2500 Eth0
Cat3550#sh cdp entry Cat2900XL --- Device ID: Cat2900XL Entry address(es):
IP address: 192.168.0.251
Platform: cisco WS-C2924-XL, Capabilities: Trans-Bridge Switch
Interface: FastEthernet0/2, Port ID (outgoing port): FastEthernet0/1 Holdtime : 142 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC10, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 28-May-04 09:52 by antonino
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=0000000
0FFFFFFFF010121FF000000000000000427C1D3C0FF0001 VTP Management Domain: ''
Native VLAN: 1 Duplex: full Cat3550#
- CDP is enabled by default.
The no cdp run global configuration command completely disables CDP on a device.
The no cdp enable interface subcommand disables CDP for an interface – stop sending out and ignore CDP packets on the interface.
Telnet
- Cisco IOS allows Telnet from a Cisco device to another Cisco device. An important feature of the telnet EXEC command is the suspend feature.
- Lab setup: Setup the sample network as in Figure 10-1. Configure the hostname and IP address on every device, and create a host table consisting static entries for all devices on every device.
- Below lists some Cisco IOS Telnet-related commands:
telnet {hostname | ip-addr} Used to Telnet from a device to another device.
show sessions or where Used to list the suspended telnet sessions.
resume {connection-id} Used to resume a suspended telnet session.
disconnect {connection-id} Used to terminate a suspended telnet session.
- A Telnet session can be suspended with the following key sequence:
Ctrl + Shift + 6, release, then x.
- In the show sessions or where EXEC commands output, an asterisk [*] will be shown at the left of the most recently suspended Telnet session, which can be resumed by using the resume
EXEC command, or by pressing Enter or Tab in EXEC or privileged mode. Connection ID is the identification for a Telnet session.
Cat3550#sh cdp int fa0/1
FastEthernet0/1 is up, line protocol is up Encapsulation ARPA
Sending CDP packets every 60 seconds Holdtime is 180 seconds
Cat3550#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cat3550(config)#cdp ?
advertise-v2 CDP sends version-2 advertisements
holdtime Specify the holdtime (in sec) to be sent in packets run Enable CDP
timer Specify the rate at which CDP packets are sent (in sec)
Cat3550(config)#int fa0/1
Cat3550(config-if)#no cdp enable Cat3550(config-if)#^Z
Cat3550#sh cdp int fa0/1 Cat3550#
- Below demonstrates the usage of Telnet suspension:
Cat3550>telnet Cat2900XL
Trying Cat2900XL (192.168.0.3)... Open
Cat2900XL>
Cat2900XL> [Ctrl+Shift+6, x]
Cat3550>telnet c2500
Trying c2500 (192.168.0.1)... Open
c2500>
c2500> [Ctrl+Shift+6, x]
Cat3550>sh sessions
Conn Host Address Byte Idle Conn Name 1 Cat2900XL 192.168.0.3 0 0 Cat2900XL
* 2 c2500 192.168.0.1 0 0 c2500 Cat3550> [Enter]
[Resuming connection 2 to c2500 ... ]
c2500> [Ctrl+Shift+6, x]
Cat3550>resume 1
[Resuming connection 1 to Cat2900XL ... ]
Cat2900XL> [Ctrl+Shift+6, x]
Cat3550>where
Conn Host Address Byte Idle Conn Name
* 1 Cat2900XL 192.168.0.3 0 0 Cat2900XL 2 c2500 192.168.0.1 0 0 c2500
Cat3550>disconnect 1
Closing connection to Cat2900XL [confirm] [Enter]
Cat3550> [Enter]
[Resuming connection 2 to c2500 ... ]
c2500> [Ctrl+Shift+6, x]
Cat3550>where
Conn Host Address Byte Idle Conn Name
* 2 c2500 192.168.0.1 0 0 c2500
Cat3550> [Enter]
[Resuming connection 2 to c2500 ... ]
c2500>
c2500>exit
[Connection to c2500 closed by foreign host]
Cat3550>
Cat3550>where
% No connections open Cat3550>
Troubleshooting IP
- Internet Control Message Protocol (ICMP) is a TCP/IP protocol that was designed specifically to help manage and control the operation of TCP/IP networks. It provides a wide variety of information about the operational status of a network.
- ICMP is considered as a part of the network layer. ICMP messages are encapsulated within IP packets and sent using the basic IP header only, with no transport layer header at all – it is really just an extension of the network layer.
- Below lists some ICMP message types and their usages:
Message Usage
Echo Request (Type 8) and Echo Reply (Type 0)
Used by the ping command when testing network connectivity.
Destination Unreachable
Used to notify a host when a packet sent by it has been discarded due the time for a packet to exist in a network (Time-to-Live, TTL) when being delivered to the destination has expired.
- ICMP Destination Unreachable messages are sent to notify the sender when a message cannot be delivered to the destination host. Packet delivery can fail with many reasons. Below lists the 5 common ICMP Unreachable codes that can be sent in ICMP Destination Unreachable messages:
Unreachable Code When it is being sent? Typically sent by Network Unreachable
(Code 0)
Unable to match a packet’s destination network in the routing table and therefore unable to forward the packet.
Routers
Host Unreachable (Code 1)
A packet can be routed to the router attached to the destination network, but the destination host is not responding to ARP Request sent by the but the router must fragment the packet in order to forward it. or running on that host. This is very unlikely to happen as most operating systems that support TCP/IP should have provided IP, TCP and UDP services.
- Below lists the Cisco IOS ping response codes:
Response Code Description
! ICMP Echo Reply message received.
. The ping command timed out while waiting for a reply.
N ICMP Network Unreachable message received.
U ICMP Destination Unreachable – Host Unreachable (ICMP Type 3 Code 1) message received.
M ICMP Can’t Fragment message received.
Q ICMP Source Quench message received, which normally indicates the destination host does not have sufficient processing buffer.
P ICMP Destination Unreachable – Port Unreachable (ICMP Type 3 Code 3) message received.
A Packet denied by access list.
& TTL of packet (packet lifetime) was exceeded.
? Unknown packet received.
- Troubleshooting scenario:
Q: A host is able to ping to other hosts in the same subnet, but is unable to ping to a server in another subnet. What are the potential causes of this problem?
A: Most likely due to subnet mask or default gateway misconfiguration on the host.
- ICMP Source Quench messages are used for congestion control. They are sent by a congested router to notify the sending host to reduce its transmission rate as packets were discarded due to insufficient packet queue buffer. It is seldom being used as congestion control is often being performed by TCP at the transport layer.
- ICMP Time Exceeded messages utilize the Time-to-Live (TTL) field in the IP header that indicates the period a packet can exist on a network when being delivered to the destination.
Routers decrement the TTL by 1 whenever they forward a packet. Packets with TTL = 0 will be discarded, which can prevent IP packets from being circulated forever when routing loops occur.
Upon decrementing the TTL value, a router must recalculate the Header Checksum of a packet.
- Figure 10-2 shows how the Traceroute program on PC1, a Windows workstation, utilizes the IP TTL field (in ICMP Echo Requests) and ICMP TTL Exceeded messages to find the path to PC2.
Figure 10-2: Traceroute and ICMP TTL Exceeded Messages
PC1 RT1 RT2 PC2
TTL = 1 ICMP Echo Request ICMP TTL Exceeded Message
ICMP TTL Exceeded Message
ICMP Echo Reply
TTL = 2 ICMP Echo Request
TTL = 3 ICMP Echo Request 10.10.10.2
10.10.10.1 11.11.11.1 12.12.12.1
12.12.12.2 .2
- Firstly, PC1 purposely sends out an ICMP Echo Request packet with TTL = 1. RT1 which receives the packet will discard it and send out a ICMP TTL Exceeded message to PC1 as the TTL of the packet is decremented to 0. PC1 continues to send out another ICMP packet with TTL
= 2, which causes RT2 to discard the packet and send out another ICMP TTL Exceeded message.
- Standard Traceroute program sends sets of 3 ICMP Echo Requests for each increased TTL value.
Hence the output provides 3 results for each TTL. Below shows the output of the tracert
command on PC1:
- Note: Cisco Standard and Extended Traceroute send out UDP packets instead of ICMP Echo Request messages to detect intermediate hops and destination host via ICMP TTL Exceeded messages and ICMP Destination Unreachable – Port Unreachable messages respectively.
- ICMP Redirect messages are used when a router (RT1) processes a packet sent by an endpoint host (PC1) and notices that there is another router (RT2) with better metric to the network of the destination host (PC3), it will send out an ICMP Redirect message to the sending host (PC1) to notify it to forward future packets destined to the destination host to the better router (RT2).
However, the host (PC1) can decide whether to accept or ignore the ICMP Redirect message.
Note: PC1, RT1, and RT2 reside on the same network. The default gateway of PC1 is RT1.
PC1 is sending packets to PC3 (via RT1).
Figure 10-3: Network Setup for ICMP Redirect C:\>tracert -d 12.12.12.2
Tracing route to 12.12.12.2 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.10.10.1 2 1 ms <1 ms <1 ms 11.11.11.2 3 2 ms <1 ms <1 ms 12.12.12.2
Trace complete.
C:\>
PC1
RT1 PC2
10.10.10.11
10.10.10.1 172.16.1.1
172.16.1.2
RT2 PC3
172.16.2.1
172.16.2.2 10.10.10.2