Device Management Protocols

2.0 Network Access

2.3 Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP)

4.0 IP Services

4.2 Configure and verify NTP operating in a client and server mode

4.5 Describe the use of syslog features including facilities and levels

System Message Logging (Syslog)

Sending Messages in Real Time to Current Users

Telnet and SSH users, the device requires a two-step process before the user sees the messages.
global configuration setting—logging monitor—tells IOS to enable the sending of log messages to all logged users.
must also issue the terminal monitor EXEC command during the login session, which tells IOS that this terminal session would like to receive log messages. ogging console
Console
logging monitor
IOS -
terminal monitor
(NO Messages)
Figure 9-1 IOS Processing for Log Messages to Current Users “>

Storing Log Messages for Later Review

two primary means to keep a copy

can store copies of the log messages in RAM by virtue of the logging buffered global configuration command.

any user can come back later and see the old log messages by using the show logging EXEC command.

store log messages centrally to a syslog server.

syslog protocol - a UDP protocol to send messages to a syslog server for storage

To configure a router or switch to send log messages to a syslog server, add the logging host {address | hostname } global command

Log Message Format

*Dec 18 17:10:15.079: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

A timestamp: *Dec 18 17:10:15.079

The facility on the router that generated the message: %LINEPROTO

The severity level: 5

A mnemonic for the message: UPDOWN

The description of the message: Line protocol on Interface FastEthernet0/0, changed state to down

you can at least toggle on and off the use of the timestamp (which is included by default) and a log message sequence number (which is not enabled by default). Example 9-1 reverses those defaults by turning off timestamps and turning on sequence numbers.

Example 9-1 Disabling Timestamps and Enabling Sequence Numbers in Log Wessages Click here to view code image Rl(config)# no service timestamps Rl(config)# service sequence-numbers Rl(config)# end 000011: %SYS-5-CONFIG I: Configured from console by console

Log Message Severity Levels

the lower the number, the more severe the event that caused the message.

$Keyword\nEmergency\nAlert\nCritical\nError\nWarning\nNotification\nInformational\nDebug\nNumeral\n2\n3\n4\n5\n6\n7\nDescription\nSystem unusable\nImmediate action required\nCritical Event (Highest Of 3)\nError Event (Middle Of 3)\nWarning Event (Lowest Of 3)\nNormal, More Important\nNormal, Less Important\nRequested by User Debug\nImpactful\nNormal\nDebug\nFigure 9-3 Syslog Message Severity Levels by Keyword and Numeral$ $Keyword\nEmergency\nAlert\nCritical\nError\nWarning\nNotification\nInformational\nDebug\nNumeral\n2\n3\n4\n5\n6\n7\nDescription\nSystem unusable\nImmediate action required\nCritical Event (Highest Of 3)\nError Event (Middle Of 3)\nWarning Event (Lowest Of 3)\nNormal, More Important\nNormal, Less Important\nRequested by User Debug\nImpactful\nNormal\nDebug\nFigure 9-3 Syslog Message Severity Levels by Keyword and Numeral$

last level in the figure is used for messages requested by the debug command

Table 9-2 summarizes the configuration commands used to enable logging and to set the severity level for each type.

For example, the command logging console 4 causes IOS to send severity level 0–4 messages to the console

$Table 9-2 How to Configure Logging Message Levels for Each Log Service\nKey\nTopic\nService\nConsole\nMonitor\nBuffered\nSyslog\nTo Enable Logging\nlogging console\nlogging monitor\nlogging buffered\nlogging host address I\nhostname\nTo Set Message Levels\nlogging console level-name I level-\nnumber\nlogging monitor level-name I\nlevel-number\nlogging buffered level-name I\nlevel-number\nlogging trap level-name I level-\nnumber$ $Table 9-2 How to Configure Logging Message Levels for Each Log Service\nKey\nTopic\nService\nConsole\nMonitor\nBuffered\nSyslog\nTo Enable Logging\nlogging console\nlogging monitor\nlogging buffered\nlogging host address I\nhostname\nTo Set Message Levels\nlogging console level-name I level-\nnumber\nlogging monitor level-name I\nlevel-number\nlogging buffered level-name I\nlevel-number\nlogging trap level-name I level-\nnumber$

Configuring and Verifying System Logging

$172.16.1.0/24\n172.16.1.1\nGO/I\nRI\n17216.21\nGO/2\n172.162.2\n172.16.3.0/24\nSW2\n172.16.3.9\nFigure 9-4 Sample Network Used in Logging Examples$ $172.16.1.0/24\n172.16.1.1\nGO/I\nRI\n17216.21\nGO/2\n172.162.2\n172.16.3.0/24\nSW2\n172.16.3.9\nFigure 9-4 Sample Network Used in Logging Examples$

$Example 9-2 Syslog Configuration on RI\nClick here to view code image\nlogging\nlogging\nlogging\nlogging\nlogging\nconsole 7\nmonitor debug\nbuffered 4\nhost 172.16.3.9\ntrap warning$ $Example 9-2 Syslog Configuration on RI\nClick here to view code image\nlogging\nlogging\nlogging\nlogging\nlogging\nconsole 7\nmonitor debug\nbuffered 4\nhost 172.16.3.9\ntrap warning$

the example configures the same message level at the console and for terminal monitoring (level 7, or debug), and the same level for both buffered and logging to the syslog server (level 4, or warning). The levels may be set using the numeric severity level or the name as shown earlier in Figure 9-3.

show logging command confirms those same configuration settings and also lists the log messages per the logging buffered configuration.

$Example 9-3 Viewing the Configured Log Settings per the Earlier Example\nClick here to view code image\nRl# show logging\nSyslog logging: enabled (0 messages dropped,\nNo Active Message Discriminator.\nNo Inactive Message Discriminator.\n3 messages rate-limited\nConsole logging: level debugging, 45 messages logged, xml disabl\nfiltering disabled\nMonitor logging: level debugging, 0 messages logged, xml disable\nfiltering disabled\nBuffer logging: level warnings, e messages logged, xml disabled,\nfiltering disabled\nException Logging: size (8192 bytes)\nCount and timestamp logging messages:\nPersistent logging: disabled\ndisabled$ $Example 9-3 Viewing the Configured Log Settings per the Earlier Example\nClick here to view code image\nRl# show logging\nSyslog logging: enabled (0 messages dropped,\nNo Active Message Discriminator.\nNo Inactive Message Discriminator.\n3 messages rate-limited\nConsole logging: level debugging, 45 messages logged, xml disabl\nfiltering disabled\nMonitor logging: level debugging, 0 messages logged, xml disable\nfiltering disabled\nBuffer logging: level warnings, e messages logged, xml disabled,\nfiltering disabled\nException Logging: size (8192 bytes)\nCount and timestamp logging messages:\nPersistent logging: disabled\ndisabled$

$No active filter modules.\nTrap logging: level warnings, e message lines logged\nLogging to 172.16.3.9 (udp port 514, audit disabled,\nlink up),\n0 message lines logged,\n0 message lines rate-limited,\n0 message lines dropped-by-MD,\nxml disabled, sequence number disabled\nfiltering disabled\nLogging Source-Interface:\nLog Buffer (8192 bytes):\nVRF Name:$ $No active filter modules.\nTrap logging: level warnings, e message lines logged\nLogging to 172.16.3.9 (udp port 514, audit disabled,\nlink up),\n0 message lines logged,\n0 message lines rate-limited,\n0 message lines dropped-by-MD,\nxml disabled, sequence number disabled\nfiltering disabled\nLogging Source-Interface:\nLog Buffer (8192 bytes):\nVRF Name:$

If any log messages had been buffered, the actual log messages would be listed at the end of the command

clear out the old messages from the log with the clear logging EXEC command.

![Rl# configure terminal
Enter configuration commands,
RI (config)# interface gø/l
RI (config-if)# shutdown
RI
one per line.
End with CNTL/Z.
*Oct 21 %LINK-5-CHANGED: Interface GigabitEthernetO/1,
*Oct 21 %LINEPROTO-5-UPDOWN: Line protocol on Interfac
RI (config-if)# no shutdown
RI
*Oct 21: %LINK-3-UPDOWN: Interface GigabitEthernetØ/1, *Oct 21 %LINEPROTO-5-UPDOWN: Line protocol on Interfac RI (config-if)# AZ *Oct 21; %SYS-5-CONFIG I: Configured from console by co Rl# show logging ! Skipping about 20 lines, the same lines in Example 9-3, until the Log Buffer (8192 bytes) : *Oct 21 %LINK-3-UPDOWN: Interface GigabitEthernetØ/1,](blob:file:///50a65acc-0691-4338-a954-5e888ca303e9)

The debug Command and Log Messages

debug EXEC command gives the network engineer a way to ask IOS to monitor for certain internal events, with that monitoring process continuing over time, so that IOS can issue log messages when those events occur

debug remains active until some user issues the no debug command with the same parameters, disabling the debug.

$Example 9-5 Using debug ip ospf hello from RI’s Console\nClick here to view code image\nRl# debug ip ospf hello\nOSPF\n*Aug\n*Aug\n*Aug\nhello\nIS on\n10 OSPF-I HELLO GiØ/1:\n10 OSPF-I HELLO GiØ/2:\n10 OSPF-I HELLO GiØ/2:\ndebuggi ng\nSend hello to 224.Ø.Ø.5 area\nRcv hello from 2.2.2.2 area\nSend hello to 224.0.0.5 area$ $Example 9-5 Using debug ip ospf hello from RI’s Console\nClick here to view code image\nRl# debug ip ospf hello\nOSPF\n*Aug\n*Aug\n*Aug\nhello\nIS on\n10 OSPF-I HELLO GiØ/1:\n10 OSPF-I HELLO GiØ/2:\n10 OSPF-I HELLO GiØ/2:\ndebuggi ng\nSend hello to 224.Ø.Ø.5 area\nRcv hello from 2.2.2.2 area\nSend hello to 224.0.0.5 area$

anyone logged in with SSH at the time Example 9-4’s output was gathered would not have seen the output, even with the logging monitor debug command configured on router R1, without first issuing a terminal monitor command.

all enabled debug options use router CPU, which can cause problems for the router. You can monitor CPU use with the show process cpu command

use caution when using debug commands carefully on production devices.

the more CLI users that receive debug messages, the more CPU that is consumed.

Network Time Protocol (NTP)

Devices send timestamps to each other with NTP messages, continually exchanging messages, with one device changing its clock to match the other, eventually synchronizing the clocks.

How NTP defines the sources of time data (reference clocks) and how good each time source is (stratum).

Setting the Time and Timezone

NTP works best if you set the device clock to a reasonably close time before enabling the NTP client function with the ntp server command

I should set the time to 8:52 p.m., set the correct date and timezone, and even tell the device to adjust for daylight savings time—and then enable NTP

Example 9-7 shows how to set the date, time, timezone, and daylight savings time.

$Example 9-7 Setting the Date/Time with clock set, Plus Timezone/DST\nClick here to view code image\nRl# configure terminal\nEnter configuration commands, one per line. End with CNTL/Z.\nRI (config)# clock timezone EST -5\nRI clock summer-time EDT recurring\nRI (config)# AZ\nclock set 21 October 2ø15\n*Oct 21 me: %SYS-6-CLOCKUPDATE:\nSystem clock has been upda\nRl# show clock\nEDT Wed\nOct 21 2015$ $Example 9-7 Setting the Date/Time with clock set, Plus Timezone/DST\nClick here to view code image\nRl# configure terminal\nEnter configuration commands, one per line. End with CNTL/Z.\nRI (config)# clock timezone EST -5\nRI clock summer-time EDT recurring\nRI (config)# AZ\nclock set 21 October 2ø15\n*Oct 21 me: %SYS-6-CLOCKUPDATE:\nSystem clock has been upda\nRl# show clock\nEDT Wed\nOct 21 2015$

You should set the first two commands before setting the time of day with the clock set EXEC command because the two configuration commands impact the time that is set.

chose EDT because it is the acronym for daylight savings time in that same EST time zone. Finally, the recurring keyword tells the router to spring forward an hour and fall back an hour automatically over the years.

clock set EXEC command

uses a time syntax with a 24-hour format, not with a 12-hour format plus a.m./p.m.).

The show clock command (issued seconds later) lists that time, but also notes the time as EDT, rather than UTC time.

Basic NTP Configuration

two ntp configuration commands

ntp master {stratum-level}: NTP server mode—the device acts only as an NTP server, and not as an NTP client. The device gets its time information from the internal clock on the device.

ntp server {address | hostname} : NTP client/server mode—the device acts as both client and server. First, it acts as an NTP client, to synchronize time with a server. Once synchronized, the device can then act as an NTP server, to supply time to other NTP clients.

$ntp server 172.162.2\nNTP Client/ server\nStratum 4\nntp server 172.16.3.3\nNTP Client / server\nStratum 3\n172.16.3_3\nGOII\nMp master\nGO,‘2\nNTP server\nStratum 2\nFigure 9-5 RI as NTP Client, R2 as Client/Server, R3 as Server$ $ntp server 172.162.2\nNTP Client/ server\nStratum 4\nntp server 172.16.3.3\nNTP Client / server\nStratum 3\n172.16.3_3\nGOII\nMp master\nGO,‘2\nNTP server\nStratum 2\nFigure 9-5 RI as NTP Client, R2 as Client/Server, R3 as Server$

$Example 9-8 NTP Client/Server Configuration\nClick here to view code image\n! Configuration on RI:\nntp server 172.16.2.2\nClick here to view code image\n! Configuration on R2:\nntp server 172.16.3.3\nClick here to view code image\n! Configuration on R3:\nntp master 2$ $Example 9-8 NTP Client/Server Configuration\nClick here to view code image\n! Configuration on RI:\nntp server 172.16.2.2\nClick here to view code image\n! Configuration on R2:\nntp server 172.16.3.3\nClick here to view code image\n! Configuration on R3:\nntp master 2$

show ntp status command

lists a status of synchronized, which confirms the NTP client has completed the process of changing its time to match the server’s time. Any router acting as an NTP client will list “unsynchronized” in that first line until the NTP synchronization process completes with at least one server. It also confirms the IP address of the server—this device’s reference clock—with the IP address configured in Example 9-8 (172.16.2.2).

$Example 9-9 Verifying NTP Client Status on RI\nClick here to view code image\nRl# show ntp status\nClock is synchronized, stratum 4, reference is 172.16.2.2\nnominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is\nntp uptime is 1553800 (1/100 of seconds), resolution is 4000\nreference time is DA5E7147.56CADEA7 (19:54:31.339 EST Thu Feb 4 2016)\nclock offset is 0.0986 msec, root delay is 2.46 msec\nroot dispersion is 22.19 msec, peer dispersion is 5.33 msec\nloopfilter state is ‘CTRL ’\nsystem poll interval is 64,\n(Normal Controlled Loop), drift is e. 000000G\nlast update was 530 sec ago.$ $Example 9-9 Verifying NTP Client Status on RI\nClick here to view code image\nRl# show ntp status\nClock is synchronized, stratum 4, reference is 172.16.2.2\nnominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is\nntp uptime is 1553800 (1/100 of seconds), resolution is 4000\nreference time is DA5E7147.56CADEA7 (19:54:31.339 EST Thu Feb 4 2016)\nclock offset is 0.0986 msec, root delay is 2.46 msec\nroot dispersion is 22.19 msec, peer dispersion is 5.33 msec\nloopfilter state is ‘CTRL ’\nsystem poll interval is 64,\n(Normal Controlled Loop), drift is e. 000000G\nlast update was 530 sec ago.$

show ntp associations

lists all the NTP servers that the local device can attempt to use, with status information about the association between the local device (client) and the various NTP servers.

Status on RI and R2
Click here to view code image
RI# show ntp associations
! This output is
taken from router RI, acting in client/server mode
address
sys . peer ,
ref
clock
172.16. 3.3

selected,

st
3
when poll
50
64

candidate,
reach
377
outlyer ,
delay offset
1.223 0.090
x falseticker,
disp
4.46f
cor
Click here to view code image
R2# show ntp associations
! This output is taken from router R2, acting in
client/server mode
address
ref clock
1
st
2
when poll
49
64
reach
377
outlyer,
delay
1.220
offset
-7.758
disp
3.69
*A-172.16.3.3 127.127.1.
sys .peer, # selected,
candidate,
x
falseticker, “>

NTP Reference Clock and Stratum

Devices that act solely as an NTP server get their time from either internal device hardware or from some external clock using mechanisms other than NTP.

NTP servers and clients use a number to show the perceived accuracy of their reference clock data based on stratum level. The lower the stratum level, the more accurate the reference clock is considered to be. An NTP server that uses its internal hardware or external reference clock sets its own stratum level. Then, an NTP client adds 1 to the stratum level it learns from its NTP server, so that the stratum level increases the more hops away from the original clock source.

For instance, back in Figure 9-5, you can see the NTP primary server (R3) with a stratum of 2. R2, which references R3, adds 1 so it has a stratum of 3. R1 uses R2 as its NTP server, so R1 adds 1 to have a stratum of 4. These increasing stratum levels allow devices to refer to several NTP servers and then use time information from the best NTP server, best being the server with the lowest stratum level.

Routers and switches use the default stratum level of 8 for their internal reference clock based on the default setting of 8 for the stratum level in the ntp master [stratum-level] command. The command allows you to set a value from 1 through 15; in Example 9-8, the ntp master 2 command set router R3’s stratum level to 2.

Note

NTP considers 15 to be the highest useful stratum level, so any devices that calculate their stratum as 16 consider the time data unusable and do not trust the time. So, avoid setting higher stratum values on the ntp master command.

$Example 9-11 Examining NTP Server, Reference Clock, and Stratum Data\nClick here to view code image\nR3# show ntp status\nClock is synchronized, stratum 2, reference is 127.127.1.1\nnominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision i\nntp uptime is 595300 (1/100 of seconds), resolution is 4000\nreference time is EOF9174C.87277EBB (16:13:32.527 daylight sat Aug 1\nclock offset is 0.0000 msec, root delay is 0.00 msec\nroot dispersion is 0.33 msec, peer dispersion is 0.23 msec\nloopfilter state is ‘CTRL’ (Normal Controlled Loop), drift is e. 00001\nsystem poll interval is 16, last update was 8 sec ago.\nR3# show ntp associations\naddress\n*n.127 • 127 • 1.1\nref clock\n. LOCL\nst\n1\nwhen\n15\npoll\n16\nreach delay\n377 0.øoe\nfalseticker,\noff\no.\nsys .peer, # selected, + candidate,\noutlyer, x$ $Example 9-11 Examining NTP Server, Reference Clock, and Stratum Data\nClick here to view code image\nR3# show ntp status\nClock is synchronized, stratum 2, reference is 127.127.1.1\nnominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision i\nntp uptime is 595300 (1/100 of seconds), resolution is 4000\nreference time is EOF9174C.87277EBB (16:13:32.527 daylight sat Aug 1\nclock offset is 0.0000 msec, root delay is 0.00 msec\nroot dispersion is 0.33 msec, peer dispersion is 0.23 msec\nloopfilter state is ‘CTRL’ (Normal Controlled Loop), drift is e. 00001\nsystem poll interval is 16, last update was 8 sec ago.\nR3# show ntp associations\naddress\n*n.127 • 127 • 1.1\nref clock\n. LOCL\nst\n1\nwhen\n15\npoll\n16\nreach delay\n377 0.øoe\nfalseticker,\noff\no.\nsys .peer, # selected, + candidate,\noutlyer, x$

Redundant NTP Configuration

an enterprise could use NTP to reference NTP servers that use an atomic clock as their reference source, like the NTP primary servers in Figure 9-6, which happen to be run by the US National Institute of Standards and Technology (NIST) (see tf.nist.gov).

$Stratum 1\nStratum 2\nNTP Primary\nservers (MST)\nInternet\nNTP Clienvserver\nStratum 3\n9-6 Stratum Levels VVhen Using an Internet-based Stratum 1 NTP Server$ $Stratum 1\nStratum 2\nNTP Primary\nservers (MST)\nInternet\nNTP Clienvserver\nStratum 3\n9-6 Stratum Levels VVhen Using an Internet-based Stratum 1 NTP Server$

NTP primary server and NTP secondary server.

An NTP primary server acts only as a server, with a reference clock external to the device, and has a stratum level of 1, like the two NTP primary servers shown in Figure 9-6. NTP secondary servers are servers that use client/server mode as described throughout this section, relying on synchronization with some other NTP server.

$Example 9-12 NTP Configuration on RI, R2 per Eigure 9-6\nClick here to view code image\nntp server time-a-b-nist .gov\nntp server time-a-g.nist.gov$ $Example 9-12 NTP Configuration on RI, R2 per Eigure 9-6\nClick here to view code image\nntp server time-a-b-nist .gov\nntp server time-a-g.nist.gov$

After losing their reference clock, R1 and R2 could no longer be useful NTP servers to the rest of the enterprise.

To overcome this potential issue, the routers can also be configured with the ntp master command, resulting in this logic:

Establish an association with the NTP servers per the ntp server command.

Establish an association with your internal clock using the ntp master stratum command.

Set the stratum level of the internal clock (per the ntp master {stratum-level} command) to a higher (worse) stratum level than the Internet-based NTP servers.

Synchronize with the best (lowest) known time source, which will be one of the Internet NTP servers in this scenario

ntp master 7 command, with a much higher stratum,

$Example 9-13 NTP Configuration on RI and R2 to Protect Against Internet\nFailures\nClick here to view code image\nntp server time-a-b-nist .gov\nntp server time-a-g.nist.gov\nntp master 7$ $Example 9-13 NTP Configuration on RI and R2 to Protect Against Internet\nFailures\nClick here to view code image\nntp server time-a-b-nist .gov\nntp server time-a-g.nist.gov\nntp master 7$

NTP Using a Loopback Interface for Better Availability

what happens when one interface on R4 fails

for any NTP clients that had referred to that specific IP address

There would likely still be a route to reach R4 itself.

The NTP client would not be able to send packets to the configured address because that interface is down.

$R2\nNTP server\nFigure 9-7 The Availability Issue ofReferencing an NTP Server’s Physical Interface IP Address$ $R2\nNTP server\nFigure 9-7 The Availability Issue ofReferencing an NTP Server’s Physical Interface IP Address$

loopback interface to meet that exact need

once configured, it remains in an up/up state as long as

Key Topic.

The router remains up.

You do not issue a shutdown command on that loopback interface.

$Example 9-14 NTP Client/Server Configuration on RI and R2 Using a Loopback\nInterface\nClick here to view code image\n! Configuration on RI,\nntp server 172.16.9.9\nClick here to view code image\na client\n! Configuration on R2 for its server function\ninterface loopback ø\nL\nip address 172.16.9.9 255.255.255.ø\nntp master 4\nntp source loopback\n! Verification on router R2\nR2# show interfaces loopback ø\nLoopback0 is up, line protocol is up\nHardware is Loopback$ $Example 9-14 NTP Client/Server Configuration on RI and R2 Using a Loopback\nInterface\nClick here to view code image\n! Configuration on RI,\nntp server 172.16.9.9\nClick here to view code image\na client\n! Configuration on R2 for its server function\ninterface loopback ø\nL\nip address 172.16.9.9 255.255.255.ø\nntp master 4\nntp source loopback\n! Verification on router R2\nR2# show interfaces loopback ø\nLoopback0 is up, line protocol is up\nHardware is Loopback$

$Internet address is 172.16.9.9/24\n! lines omitted for brevity$ $Internet address is 172.16.9.9/24\n! lines omitted for brevity$

Analyzing Topology Using CDP and LLDP

Examining Information Learned by CDP

Cisco-proprietary

Layer 2 protocol

does not rely on a working Layer 3 protocol

Devices that support CDP learn information about others by listening for the advertisements sent by other devices.

CDP discovers several useful details from the neighboring Cisco devices:

Device identifier: Typically the host name

Address list: Network and data-link addresses

Port identifier: The interface on the remote router or switch on the other end of the link that sent the CDP advertisement

Capabilities list: Information on what type of device it is (for example, a router or a switch)

Platform: The model and OS level running on the device

Cisco IP Phones use CDP to learn the data and voice VLAN IDs as configured on the access switch.

$Table 9-3 show cdp Commands That List Information About Neighbors\nCommand\nshow cdp neigh-\nbors [type number]\nshow cdp neigh-\nbors detail\nshow cdp entry\nname\nDescription\nLists one summary line of information about each\nneighbor or just the neighbor found on a specific inter-\nface if an interface was listed\nLists one large set (approximately 15 lines) of informa-\ntion, one set for every neighbor\nLists the same information as the show cdp neighbors\ndetail command, but only for the named neighbor\n(case sensitive)$ $Table 9-3 show cdp Commands That List Information About Neighbors\nCommand\nshow cdp neigh-\nbors [type number]\nshow cdp neigh-\nbors detail\nshow cdp entry\nname\nDescription\nLists one summary line of information about each\nneighbor or just the neighbor found on a specific inter-\nface if an interface was listed\nLists one large set (approximately 15 lines) of informa-\ntion, one set for every neighbor\nLists the same information as the show cdp neighbors\ndetail command, but only for the named neighbor\n(case sensitive)$

routers and switches support the same CDP commands, with the same parameters and same types of output.

$Cisco 2960XR Switches (WS-2960XR-24TS-l)\nGil/0/1\nFred\nGilW24\nSWI\nGil /0/2\nBarney\n02002222.2222\nGil,W21\nGil/O'2\nGiO,W1 0200.5555.5555\nCisco ISRIK Router\nFigure 9-8 Small Network Used in CDP Examples$ $Cisco 2960XR Switches (WS-2960XR-24TS-l)\nGil/0/1\nFred\nGilW24\nSWI\nGil /0/2\nBarney\n02002222.2222\nGil,W21\nGil/O'2\nGiO,W1 0200.5555.5555\nCisco ISRIK Router\nFigure 9-8 Small Network Used in CDP Examples$

Example 9-15 show cdp neighbors Command Examples: SW2
Click here to view code image
SW2# show cdp neighbors
Capability Codes: R
S
D
Router,

Switch,
Remote,
T
c
Trans
Host,
CVTA,
Bridge, B
Source Route Bri
1
M
IGMP, r
Repeater, p
Two-port Mac Relay
Device ID
SWI
RI
Local Intrfce
Gig 1/0/21
Gig 1/0/2
Holdtme
155
131
Capability
Platform
ws-C296ex
Cili1-8P
Total cdp entries displayed
.2 “>

To ensure all devices receive a CDP message, the Ethernet header uses a multicast destination MAC address (0100.0CCC.CCCC).

the device processes the message and then discards it, rather than forwarding it

show cdp neighbors detail

lists the full name of the switch model (WS-2960XR-24TS-I) and the IP address configured on the neighboring device.

$SW2# show cdp neighbors detail\nDevice ID: SWI\nEntry address(es):\nIP address: 1.1.1.1\nPlatform: cisco WS-C2960XR-24TS-1,\nCapabilities: Switch IGMP\nInterface:\nHoldtime .\nVersion :\nGigabitEthernet1/0/21,\n144 sec\nPort ID (outgoing port):\nGigabitE\nVersion\nCisco IOS Software, Software (C2960X-UNIVERSALK9-M),\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2018 by Cisco Systems, Inc.\nCompiled Thu 13-Sep-18 03 by prod rel team$ $SW2# show cdp neighbors detail\nDevice ID: SWI\nEntry address(es):\nIP address: 1.1.1.1\nPlatform: cisco WS-C2960XR-24TS-1,\nCapabilities: Switch IGMP\nInterface:\nHoldtime .\nVersion :\nGigabitEthernet1/0/21,\n144 sec\nPort ID (outgoing port):\nGigabitE\nVersion\nCisco IOS Software, Software (C2960X-UNIVERSALK9-M),\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2018 by Cisco Systems, Inc.\nCompiled Thu 13-Sep-18 03 by prod rel team$

$advertisement version: 2\nProtocol Hello: OUI=oxoeoooc,\nVTP Management Domain: ‘fred’\nNative VLAN: 1\nDuplex: full\nManagement address(es) :\nIP address: 1.1.1.1\nDevice ID: RI\nEntry address(es):\nIP address: 10.12.25.5\nProtocol ID=oxØ112;\npayload len=27,\nInterface:\nHoldtime .\nCapabilities: Router Switch IGMP\nPort ID (outgoing port): GigabitEt\nGigabitEthernet1/0/2,\n151 sec$ $advertisement version: 2\nProtocol Hello: OUI=oxoeoooc,\nVTP Management Domain: ‘fred’\nNative VLAN: 1\nDuplex: full\nManagement address(es) :\nIP address: 1.1.1.1\nDevice ID: RI\nEntry address(es):\nIP address: 10.12.25.5\nProtocol ID=oxØ112;\npayload len=27,\nInterface:\nHoldtime .\nCapabilities: Router Switch IGMP\nPort ID (outgoing port): GigabitEt\nGigabitEthernet1/0/2,\n151 sec$

$Version :\nCisco IOS Software [Fuji], ISR Software (ARMV8EB LINUX IOSD-UNIVERSA\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2018 by Cisco Systems, Inc.\nCompiled Tue 27-Mar-18 10:56 by mcpre\nadvertisement version :\n2\nVTP Management Domain: ’ ’\nDuplex: full\nManagement address(es) :\nIP address: 10.12.25.5\nTotal cdp entries displayed\n.2$ $Version :\nCisco IOS Software [Fuji], ISR Software (ARMV8EB LINUX IOSD-UNIVERSA\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2018 by Cisco Systems, Inc.\nCompiled Tue 27-Mar-18 10:56 by mcpre\nadvertisement version :\n2\nVTP Management Domain: ’ ’\nDuplex: full\nManagement address(es) :\nIP address: 10.12.25.5\nTotal cdp entries displayed\n.2$

The show cdp entry name command lists the exact same details shown in the output of the show cdp neighbors detail command, but for only the one neighbor listed in the command.

Cisco recommends that CDP be disabled on any interface that might not have a need for CDP. For switches, any switch port connected to another switch, a router, or to an IP phone should use CDP.

Configuring and Verifying CDP

IOS typically enables CDP globally and on each interface by default. You can then disable CDP per interface with the no cdp enable interface subcommand

re-enable it with the cdp enable interface subcommand

disable and re-enable CDP globally on the device

no cdp run and cdp run global commands

$Table 9-4 Commands Used to Verify CDP Operations\nCommand\nshow cdp\nshow cdp inter-\nface [type\nnumber]\nshow cdp traffic\nDescription\nStates whether CDP is enabled globally and lists the de-\nfault update and holdtime timers\nStates whether CDP is enabled on each interface, or a\nsingle interface if the interface is listed, and states up-\ndate and holdtime timers on those interfaces\nLists global statistics for the number of CDP advertise-\nments sent and received$ $Table 9-4 Commands Used to Verify CDP Operations\nCommand\nshow cdp\nshow cdp inter-\nface [type\nnumber]\nshow cdp traffic\nDescription\nStates whether CDP is enabled globally and lists the de-\nfault update and holdtime timers\nStates whether CDP is enabled on each interface, or a\nsingle interface if the interface is listed, and states up-\ndate and holdtime timers on those interfaces\nLists global statistics for the number of CDP advertise-\nments sent and received$

$Example 9-17 show cdp Commands That Show CDP Status\nClick here to view code image\nSW2# show cdp\nGlobal CDP information:\nSending CDP packets every 60 seconds\nSending a holdtime value of 180 seconds\nSending CDPv2 advertisements is enabled\nSW2# show cdp interface GigabitEthernet1/0/2\nGigabitEthernet1/Ø/2 is up, line protocol is up\nEncapsulation ARPA\nSending CDP packets every 60 seconds\nHoldtime is 180 seconds\nSW2# show cdp traffic\nCDP counters :\nTotal packets\nHdr syntax: 0,\nNo memory: 0,\nCDP version 1\nCDP version 2\noutput: 304, Input: 305\nChksum error:\nInvalid packet\nadvertisements\nadvertisements\n0, Encaps failed\noutput :\noutput :\n0, Input\n304, Input: 305$ $Example 9-17 show cdp Commands That Show CDP Status\nClick here to view code image\nSW2# show cdp\nGlobal CDP information:\nSending CDP packets every 60 seconds\nSending a holdtime value of 180 seconds\nSending CDPv2 advertisements is enabled\nSW2# show cdp interface GigabitEthernet1/0/2\nGigabitEthernet1/Ø/2 is up, line protocol is up\nEncapsulation ARPA\nSending CDP packets every 60 seconds\nHoldtime is 180 seconds\nSW2# show cdp traffic\nCDP counters :\nTotal packets\nHdr syntax: 0,\nNo memory: 0,\nCDP version 1\nCDP version 2\noutput: 304, Input: 305\nChksum error:\nInvalid packet\nadvertisements\nadvertisements\n0, Encaps failed\noutput :\noutput :\n0, Input\n304, Input: 305$

send time and the hold time. CDP sends messages every 60 seconds by default, with a hold time of 180 seconds. The hold time tells the device how long to wait after no longer hearing from a device before removing those details from the CDP tables. You can override the defaults with the cdp timer seconds and cdp holdtime seconds global commands, respectively.

Examining Information Learned by LLDP

$SW2# show Ildp neighbors\nCapability codes:\n(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device\nHold-time\n(W) WLAN Access Point, (P) Repeater,\n(S)\nStation, (O) Other\nDevice ID\nRI\nSWI\nLocal Intf\nGil/O/2\nGil /0/21\nCapability\n120\n120\nTrans\nHost,\nCVTA,\nPort\nGiO/O/\nGil/Oj\nTotal entries displayed: 2\nSW2# show cdp neighbors\nCapability Codes: R\nS\nD\nRouter,\nSwitch,\nRemote,\nT\nc\nBridge, B\nSource Route Bri\n1\nIGMP, r\nRepeater, p\nM - Two-port Mac\nDevice ID\nLocal Intrfce\nGig 1/0/21\nGig 1/0/2\ndisplayed: 2\nHoldtme\n155\n131\nCapability\nSWI\nRI\nTotal\nRelay\nPlatform\nws-C296ex\nCili1-8P\nentries$ $SW2# show Ildp neighbors\nCapability codes:\n(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device\nHold-time\n(W) WLAN Access Point, (P) Repeater,\n(S)\nStation, (O) Other\nDevice ID\nRI\nSWI\nLocal Intf\nGil/O/2\nGil /0/21\nCapability\n120\n120\nTrans\nHost,\nCVTA,\nPort\nGiO/O/\nGil/Oj\nTotal entries displayed: 2\nSW2# show cdp neighbors\nCapability Codes: R\nS\nD\nRouter,\nSwitch,\nRemote,\nT\nc\nBridge, B\nSource Route Bri\n1\nIGMP, r\nRepeater, p\nM - Two-port Mac\nDevice ID\nLocal Intrfce\nGig 1/0/21\nGig 1/0/2\ndisplayed: 2\nHoldtme\n155\n131\nCapability\nSWI\nRI\nTotal\nRelay\nPlatform\nws-C296ex\nCili1-8P\nentries$

the LLDP output in the example does differ from CDP in a few important ways:

LLDP uses B as the capability code for switching, referring to bridge, a term for the device type that existed before switches that performed the same basic functions.

LLDP does not identify IGMP as a capability, while CDP does (I).

CDP lists the neighbor’s platform, a code that defines the device type, while LLDP does not.

LLDP lists capabilities with different conventions (see upcoming Example 9-19).

$SW2# show Ildp entry RI\nCapability codes:\n(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device\n(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other\nLocal Intf: Gil/0/2\nChassis id: 70ea .1a9a.d3Ø0\nPort id: GiØ/0/1\nPort Description: GigabitEthernet0/Ø/1\nSystem Name: RI\nSystem Description:\nCisco IOS Software [Fuji], ISR Software (ARMV8EB LINUX IOSD-UNIVERSA\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2018 by Cisco Systems, Inc.\nCompiled Tue 27-Mar-18 10:56 by mcpre\nTime remaining: 100 seconds\nSystem Capabilities: B,R\nEnabled Capabilities: R\nManagement Addresses :\nIP: 10.12.25.5\nAuto Negotiation\nnot supported\nPhysical media capabilities\nnot advertised\nMedia Attachment Unit type\nnot advertised\nVlan ID:\nnot advertised$ $SW2# show Ildp entry RI\nCapability codes:\n(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device\n(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other\nLocal Intf: Gil/0/2\nChassis id: 70ea .1a9a.d3Ø0\nPort id: GiØ/0/1\nPort Description: GigabitEthernet0/Ø/1\nSystem Name: RI\nSystem Description:\nCisco IOS Software [Fuji], ISR Software (ARMV8EB LINUX IOSD-UNIVERSA\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2018 by Cisco Systems, Inc.\nCompiled Tue 27-Mar-18 10:56 by mcpre\nTime remaining: 100 seconds\nSystem Capabilities: B,R\nEnabled Capabilities: R\nManagement Addresses :\nIP: 10.12.25.5\nAuto Negotiation\nnot supported\nPhysical media capabilities\nnot advertised\nMedia Attachment Unit type\nnot advertised\nVlan ID:\nnot advertised$

System Capabilities: What the device can do

Enabled Capabilities: What the device does now with its current configuration

LLDP uses the same messaging concepts as CDP, encapsulating messages directly in data-link headers. Devices do not forward LLDP messages so that LLDP learns only of directly connected neighbors. LLDP does use a different multicast MAC address (0180.C200.000E)

Configuring and Verifying LLDP

Cisco devices default to disable LLDP

LLDP separates the sending and receiving of LLDP messages as separate functions.

LLDP support processing receives LLDP messages on an interface so that the switch or router learns about the neighboring device while not transmitting LLDP messages to the neighboring device.

the commands include options to toggle on|off the transmission of LLDP messages separately from the processing of received messages.

[no] lldp run: A global configuration command that sets the default mode of LLDP operation for any interface that does not have more specific LLDP subcommands (lldp transmit, lldp receive). The lldp run global command enables LLDP in both directions on those interfaces, while no lldp run disables LLDP.

[no] lldp transmit: An interface sub-command that defines the operation of LLDP on the interface regardless of the global [no] lldp run command. The lldp transmit interface subcommand causes the device to transmit LLDP messages, while no lldp transmit causes it to not transmit LLDP messages.

[no] lldp receive: An interface subcommand that defines the operation of LLDP on the interface regardless of the global [no] lldp run command. The lldp receive interface subcommand causes the device to process received LLDP messages, while no lldp receive causes it to not process received LLDP messages.

$Example 9-20 Enabling LLDP on All Ports, Disabling on a Few Ports\nClick here to view code image\nlldp run\ninterface gigabitEthernet1/Ø/17\nno lldp transmit\nno lldp receive\ninterface gigabitEthernet1/Ø/18\nno lldp receive$ $Example 9-20 Enabling LLDP on All Ports, Disabling on a Few Ports\nClick here to view code image\nlldp run\ninterface gigabitEthernet1/Ø/17\nno lldp transmit\nno lldp receive\ninterface gigabitEthernet1/Ø/18\nno lldp receive$

$Example 9-21 Enabling LLDP on Limited Ports, Leaving Disabled on Most\nClick here to view code image\ninterface gigabitEthernet1/Ø/19\nlldp transmit\nlldp receive\ninterface gigabitEthernet1/0/20\nlldp receive$ $Example 9-21 Enabling LLDP on Limited Ports, Leaving Disabled on Most\nClick here to view code image\ninterface gigabitEthernet1/Ø/19\nlldp transmit\nlldp receive\ninterface gigabitEthernet1/0/20\nlldp receive$

show lldp interface lists the interfaces on which LLDP is enabled.

$SW2# show Ildp\nGlobal LLDP Information:\nstatus: ACTIVE\nLLDP advertisements are sent every 30 seconds\nLLDP hold time advertised is 120 seconds\nLLDP interface reinitialisation delay is 2 seconds\nSW2# show Ildp interface gl/Ø/2\nGigabitEthernet1/Ø/2:\nTx: enabled\nRx: enabled\nTx state: IDLE\nRx state: WAIT FOR FRAME\nSW2# show Ildp traffic\nLLDP traffic statistics:\nTotal\nTotal\nTotal\nTotal\nTotal\nTotal\nTotal\nframes out: 259\nentries aged: 0\nframes in: 257\nframes received in error\nframes discarded: 0\nTLVs discarded: 0\nTLVs unrecognized: 0$ $SW2# show Ildp\nGlobal LLDP Information:\nstatus: ACTIVE\nLLDP advertisements are sent every 30 seconds\nLLDP hold time advertised is 120 seconds\nLLDP interface reinitialisation delay is 2 seconds\nSW2# show Ildp interface gl/Ø/2\nGigabitEthernet1/Ø/2:\nTx: enabled\nRx: enabled\nTx state: IDLE\nRx state: WAIT FOR FRAME\nSW2# show Ildp traffic\nLLDP traffic statistics:\nTotal\nTotal\nTotal\nTotal\nTotal\nTotal\nTotal\nframes out: 259\nentries aged: 0\nframes in: 257\nframes received in error\nframes discarded: 0\nTLVs discarded: 0\nTLVs unrecognized: 0$

like CDP, LLDP uses a send timer and hold timer for the same purposes as CDP. The example shows the default settings of 30 seconds for the send timer and 120 seconds for the hold timer. You can override the defaults with the lldp timer seconds and lldp holdtime seconds global commands