Professional Documents
Culture Documents
Eric Leahy
The World of Networking
HOME
DISCLAIMER
CONTACT US
FEED
EIGRP
EtherChannels
OSPFv2
802.1s
PAGES
Contact Us
Disclaimer
Eric Leahys guide to networking in
the CISCO World
CATEGORIES
CCIE
Implement IPv4
Implement IP version 4 (IPv4)
addressing, subnetting, and
variable-length subnet masking
(VLSM)
BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD Eric Leahy
Analyzer (SPAN), Remote SPAN
(RSPAN)
Implement VLANs
Implementing Spanning Tree
Protocol (STP)
802.1d
802.1s
802.1w
BPDU Guard, BPDU Filter,
Root Guard, Loop Guard &
UDLD
AUGUST 2012
M
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Dec
summary
Root bridge for: none.
BPDU Filter
When PortFast is enabled on a port, the port will send out BPDUs and will
accept and process received BPDUs. The BPDU Guard feature prevents
the port from receiving any BPDUs but does not prevent it from sending
them. If any BPDUs are received, the port will be errdisabled. The BPDU
Filter feature effectively disables STP on the selected ports by preventing
them from sending or receiving any BPDUs.
BPDU filtering supports the ability to prevent switches from sending
BPDUs on PortFast-enabled interfaces. Ports configured for the PortFast
feature typically connect to host devices. Hosts do not participate in STP
and hence drop the received BPDUs. As a result, BPDU filtering prevents
BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD Eric Leahy
BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD Eric Leahy
BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD Eric Leahy
BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD Eric Leahy
UDLD
A unidirectional link occurs when traffic is transmitted between neighbors
in one direction only. Unidirectional Link Detection is a Layer 2 protocol.
UDLD performs tasks that Layer 1
mechanisms, such as auto
negotiation, cannot perform. When UDLD and auto-negotiation are
enabled, both Layer 1 and Layer 2 detections work together to prevent
physical and logical unidirectional connections and the malfunctioning of
other protocols. Unidirectional links can cause spanning-tree topology
loops. UDLD enables devices to detect when a unidirectional link exists
and also to shut down the affected interface. UDLD is useful on a fiber
ports to prevent network issues resulting in miswiring at the patch panel
causing the link to be in up/up status but the BPDUs are lost.
With UDLD enabled, the switch periodically sends UDLD protocol packets
to its neighbor and expects the packets to be echoed back before a
predetermined timer expires. If the timer expires, the switch determines
the link to be unidirectional and shuts down the port. If messages are not
received within the timeout interval (45 seconds), the port is disabled. The
messages are sent out every default interval, which is 15 seconds.
The 45 seconds it takes to detect a unidirectional link and errdisable the
http://ericleahy.com/?p=560[8/30/2012 10:55:07 PM]
BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD Eric Leahy
port is less than the 50 seconds it would take for STP to transition the port
to a Forwarding state, which is based on 20 seconds for Max Age + 30
seconds for Listening and Learning. This prevents a loop that would
otherwise be caused if STP transitioned the port into the Forwarding state
because of a lack of received BPDUs.
UDLD is a Layer 2 protocol enabled between adjacent switches. It uses
MAC 01-00-0c-cc-cc-cc with Subnetwork Access Protocol (SNAP) HighLevel Data Link Control (HDLC) protocol type 00111. UDLD packets
contain information about sending the ports device ID and port ID and the
neighbors device ID and port ID. Neighbor devices with UDLD enabled
send the same hello message. The link is bidirectional if devices on both
sides receive each others UDLD packets. If the port does not see its own
device and port ID in the incoming UDLD packets for a specific duration of
time (timeout interval), the link is considered unidirectional and is
disabled.
This UDLD echo-algorithm allows for unidirectional link detection due to
the following:
When the link is up on both sides; however, packets are being
received by only one side
When receive and transmit Fibers are not connected to the same
port on the remote side
A UDLD frame is made up of the following fields;
Device ID This field contains the MAC address of the sending
device.
Port ID This field contains the module and port number of the
sending device.
Echo This field contains the module and port pair known by the
sending device.
Message Interval This field contains the transmit interval of the
sending device.
Timeout Interval This field contains the timeout interval of the
sending device.
Device Name This field contains the CDP Device ID string of the
sending device.
Sequence Number This field contains the number used to validate
discovery packets.
Reserved These fields are reserved for future use.
Once the unidirectional link is detected by UDLD, the respective port is
disabled and remains disabled until it is manually re-enabled, or until
errdisable timeout expires (if configured). UDLD can operate in either
normal or aggressive mode.
In Normal mode, UDLD simply changes the UDLD-enabled port to an
undetermined state if it stops receiving UDLD messages from its directly
connected neighbor. Aggressive mode UDLD is a variation of UDLD, and
when a port stops receiving UDLD packets, UDLD tries to reestablish the
BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD Eric Leahy
connection with the neighbor. After eight failed retries, the port state
changes to the err-disable state, which effectively disables the port.
In UDLD normal mode, when a unidirectional link condition is detected,
the port is allowed to continue its operation. UDLD merely marks the port
as having an undetermined state and generates a syslog message. In
other words, in normal mode, no action is taken by UDLD and the port is
allowed to continue behaving according to its Spanning Tree state.
UDLD aggressive mode is configured on point-to-point links. This mode
comes into play after a UDLD neighbor stops receiving UDLD updates
from its adjacent peer. In aggressive mode, the local device will attempt to
re-establish the UDLD connection eight times. If the switch is unable to
re-establish the connection within this timeframe, it will proceed and
errdisable the port.
Aggressive mode is the preferred method of configuring UDLD. By
preventing this one-way
communication, UDLD can be useful in spanning-tree networks. UDLD is
used when a link should be shut down because of a hardware failure that
is causing unidirectional communication. In an EtherChannel bundle,
UDLD shuts down only the physical link that has failed. UDLD aggressive
mode adds additional detection when the port is stuck (one side is neither
transmiting nor receives; however, the link is up on both ends) or when
the link is up on one side and down on the other side, which is typically
seen on Fiber connections only, as Copper ports are normally not
susceptible to this type of issue because they use Ethernet link pulses to
monitor the link.
To bring a port back up after it has been placed into error-disable state,
simply shut and then no shut the affect interface once the error has been
corrected.
BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD Eric Leahy
Expiration time: 38
Device ID: 1
Current neighbor state: Bidirectional
Device name: FOX01590RW1
Port ID: Gi1/1
Neighbor echo 1 device: FOX0872A001
Neighbor echo 1 port: Gi0/1
Message interval: 15
Time out interval: 5
CDP Device name: SwitchB
Comparison Between Aggressive Mode UDLD and Loop Guard
Loop Guard and aggressive mode UDLD functionality overlap insofar as
both protect against STP failures caused by unidirectional links. These two
features are different, however, in their approach to the problem and in
functionality.
Loop Guard
Aggr
Configuration
Per Port
Per
Action Granularity
Per Vlan
Per
Auto-Recovery
Yes
Yes
Yes,
links
Yes
No
No
Yes
BPDU Guard, BPDU Filter, Root Guard, Loop Guard & UDLD Eric Leahy
Tagged BPDU