Re: CDP problem between router and switch

santipongv · ‎03-24-2006

I enabled CDP globally and on the interfaces on both router and switch. Both router and switch are using CDP V2. I can see CDP information from the switch side but not from the router side. Keepalive is enabled only on the switch side.

I did debugging on both router and switch. On the switch side, I see cdp packets from router coming in, but I don't see the same thing happen on the router side. Input counters on the router side confirm this result. Can anyone help?

Switch#sh cdp traffic

CDP counters :

Total packets output: 104775, Input: 73896

Hdr syntax: 0, Chksum error: 0, Encaps failed: 0

No memory: 0, Invalid packet: 1, Fragmented: 0

CDP version 1 advertisements output: 0, Input: 0

CDP version 2 advertisements output: 104775, Input: 73896

Switch#sh cdp

Global CDP information:

Sending CDP packets every 60 seconds

Sending a holdtime value of 180 seconds

Sending CDPv2 advertisements is enabled

Switch#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

Router Gig 1/0/19 125 R 3640 Fas 3/0

Router Gig 1/0/21 125 R 3640 Fas 1/1

Router Gig 1/0/5 124 R 3640 Fas 1/0

Router#sh cdp traffic

CDP counters :

Total packets output: 142722, Input: 0

Hdr syntax: 0, Chksum error: 0, Encaps failed: 1

No memory: 0, Invalid packet: 0, Fragmented: 0

CDP version 1 advertisements output: 0, Input: 0

CDP version 2 advertisements output: 142722, Input: 0

Router#sh cdp

Global CDP information:

Sending CDP packets every 60 seconds

Sending a holdtime value of 180 seconds

Sending CDPv2 advertisements is enabled

Router#sh cdp nei

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

Regards,

Santi

amit-singh · ‎03-24-2006

Hi,

It shows router is sending the CDP info but not receving the CDP info. Do you have any ACL on the router interface.

Config of the router and switch ports will help.

regards,

-amit singh

santipongv · ‎03-24-2006

Router#

!

interface FastEthernet1/0

description Interface to Gecko

ip address 208.4.61.129 255.255.255.192

ip access-group in-from-corp in

ip access-group out-to-corp out

no ip redirects

no ip unreachables

no ip proxy-arp

service-policy input drop-inbound-http-hacks

ip route-cache flow

load-interval 30

no keepalive

speed 100

full-duplex

interface FastEthernet1/1

description VPN Network

ip address 208.4.63.1 255.255.255.240

ip access-group in-from-vpn in

ip access-group out-to-vpn out

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

load-interval 30

no keepalive

speed 100

full-duplex

end

interface FastEthernet3/0

description HATS/HOD, Fedline and PSCU

ip address 208.4.63.129 255.255.255.192 secondary

ip address 208.4.63.33 255.255.255.240

ip access-group in-from-hod in

ip access-group out-to-hod out

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no keepalive

speed 100

full-duplex

end

Switch#

!

interface GigabitEthernet1/0/5

description C-Gate (208.4.61.129)

switchport access vlan 61

switchport mode access

switchport nonegotiate

duplex full

speed 100

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

spanning-tree link-type point-to-point

spanning-tree guard root

end

interface GigabitEthernet1/0/19

description C-GATE HOD-HATS/Fedline/PSCU (208.4.63.33)

switchport access vlan 63

switchport mode access

switchport nonegotiate

duplex full

speed 100

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

spanning-tree link-type point-to-point

spanning-tree guard root

end

interface GigabitEthernet1/0/21

description C-Gate VPN Interface - Fa1/1 (208.4.63.1)

switchport access vlan 25

switchport mode access

switchport nonegotiate

duplex full

speed 100

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

spanning-tree link-type point-to-point

spanning-tree guard root

end

santipongv · ‎03-24-2006

Router#

!

interface FastEthernet1/0

description Interface to Gecko

ip address 208.4.61.129 255.255.255.192

ip access-group in-from-corp in

ip access-group out-to-corp out

no ip redirects

no ip unreachables

no ip proxy-arp

service-policy input drop-inbound-http-hacks

ip route-cache flow

load-interval 30

no keepalive

speed 100

full-duplex

interface FastEthernet1/1

description VPN Network

ip address 208.4.63.1 255.255.255.240

ip access-group in-from-vpn in

ip access-group out-to-vpn out

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

load-interval 30

no keepalive

speed 100

full-duplex

end

interface FastEthernet3/0

description HATS/HOD, Fedline and PSCU

ip address 208.4.63.129 255.255.255.192 secondary

ip address 208.4.63.33 255.255.255.240

ip access-group in-from-hod in

ip access-group out-to-hod out

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no keepalive

speed 100

full-duplex

end

Switch#

!

interface GigabitEthernet1/0/5

description C-Gate (208.4.61.129)

switchport access vlan 61

switchport mode access

switchport nonegotiate

duplex full

speed 100

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

spanning-tree link-type point-to-point

spanning-tree guard root

end

interface GigabitEthernet1/0/19

description C-GATE HOD-HATS/Fedline/PSCU (208.4.63.33)

switchport access vlan 63

switchport mode access

switchport nonegotiate

duplex full

speed 100

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

spanning-tree link-type point-to-point

spanning-tree guard root

end

interface GigabitEthernet1/0/21

description C-Gate VPN Interface - Fa1/1 (208.4.63.1)

switchport access vlan 25

switchport mode access

switchport nonegotiate

duplex full

speed 100

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

spanning-tree link-type point-to-point

spanning-tree guard root

end

santipongv · ‎03-24-2006

Hi Amit:

What type of ACL statement should I be looking for?

Regards,

Santi

santipongv · ‎03-24-2006

Amit,

From sylog messages, I am not seeing any specific deny messages regarding CDP message in both directions between router and switch.

Regards,

Santi

tekha · ‎03-24-2006

Do a sh cdp interface on both devices and verify tha all 6 interfaces/ports have cdp enabled.

That is Giga 1/0/5, 1/0/19 and 1/0/21 on the switch and Fast 1/0, 1/1 and 3/0 on the router.

santipongv · ‎03-24-2006

Router#sh cdp interface

FastEthernet1/0 is up, line protocol is up

Encapsulation ARPA

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

FastEthernet1/1 is up, line protocol is up

Encapsulation ARPA

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

FastEthernet3/0 is up, line protocol is up

Encapsulation ARPA

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

Switch#sh cdp interface

GigabitEthernet1/0/5 is up, line protocol is up

Encapsulation ARPA

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

GigabitEthernet1/0/19 is up, line protocol is up

Encapsulation ARPA

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

GigabitEthernet1/0/21 is up, line protocol is up

Encapsulation ARPA

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

tekha · ‎03-24-2006

Well that looks OK.

What do you get when debugging cdp adjacency, events, ip and packets?

Remember to do a "clear cdp table" after turning the debug on.

You should see something like this on the router.

"CDP-PA: version 2 packet sent out on FastEthernet1/0"

And.

"CDP-PA: Packet received from Switch on interface FastEthernet1/0

**Entry NOT found in cache**"

santipongv · ‎03-24-2006

I am not seeing any received packets from the switch side.

Router#sh debug

CDP:

CDP packet info debugging is on

CDP events debugging is on

CDP neighbor info debugging is on

CDP IP info debugging is on

Router#

Mar 24 15:38:07.821: CDP-PA: version 2 packet sent out on FastEthernet1/0

Mar 24 15:38:07.821: CDP-PA: version 2 packet sent out on FastEthernet1/1

Mar 24 15:38:07.821: CDP-PA: version 2 packet sent out on FastEthernet3/0CDP

Router#sh cdp traffic

counters :

Total packets output: 9, Input: 0

Hdr syntax: 0, Chksum error: 0, Encaps failed: 0

No memory: 0, Invalid packet: 0, Fragmented: 0

CDP version 1 advertisements output: 0, Input: 0

CDP version 2 advertisements output: 9, Input: 0

tekha · ‎03-24-2006

Sounds like a bug in the software in either the router or Switch.

What IOS are you using?

santipongv · ‎03-24-2006

Router#

IOS (tm) 3600 Software (C3640-I-M), Version 12.2(24a), RELEASE SOFTWARE (fc3)

Switch#

Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEB4, RELEASE SOFTWARE (fc1)

tekha · ‎03-25-2006

OK, I would start by upgrading the router IOS, it's fairly old, and there is a ton of bugs in it. I don't see any about CDP though.

Another thing you could try out, if you have the time. Is to install CDP on a laptop, and try and plug it into the switch and then try the router. The device that is able to see the laptop through CDP, is the one working, so the other one must have a defect.

http://www.tallsoft.com/CDPMonitor.htm

santipongv · ‎03-27-2006

I installed CDP monitor on my laptop and Switch is the only device that was able to see the laptop.

Other than upgrading IOS on the router, do you have other possible solutions?

Regards,

Santi

tekha · ‎03-28-2006

No, I think its fairly safe to say that there is a CDP bug in the current IOS on the 3640 router.