Networking, Security & Cloud Knowledge

Friday, November 27, 2009

004 - STP UDLD | LOOP GUARD

UDLD (Unidirectional Link Detection)
• Detects physical broken physical link in absence of layer 1 electrical keepalives (Ethernet calls this a link beat).However, sometimes a cable is intact enough to maintain keepalives, but no to pass data in both directions. This is unidirectional link.
• UDLD detects a unidirectional link by sending periodic hellos out to the interface. It also uses porbes, which must be acknowledged by the devices on the other end of the link. UDLD operates at Layer 2. The port is shutdown if a unidirectional link is found.

• UDLD will not consider a link eligible for disabling until it has seen a neighbor on the interface already.This prevents it from disabling an interface when only one end of the link has been configured to support UDLD.

• The default UDLD message timer is 7 or 15 seconds (depending on the platform), allowing it to detect a unidirectional link before STP has time to transition the interface to forwarding mode
•UDLD has two modes of operation:
* Normal mode – UDLD will notice and log a unidirectional link condition, but the interface is allowed to continue operating.
* Aggressive mode – UDLD will transmit 8 additional messages (1 per second); if none of these are echoed back the interface is placed in the error-disabled state.
UDLD can be enabled globally for all fiber interfaces, or per-interface


Global command but it applies only to fiber ports
Switch(config)# udld { enable | aggressive | message time }

*** The UDLD message time can be from 7 to 90 seconds

To enable udld for non fiber port enable same command on interface mode
Switch(config-if)# udld { enable | aggressive | disable }

To disable UDLD on a specific fiber port, use the following command:
Switch(config-if)# udld disable

To disable UDLD on a specific non-fiber port, use the following command:
Switch(config-if)#no udld enable

To re-enable all interfaces shut by UDLD, use the following: Switch#udld reset

To verify UDLD status, use the following: Switch#show udld interface

##################################################################

Loop guard
Loop guard prevents form loop which occurs as result of blocking port transiting to forwarding state
• If no Bpdu are received on a blocked port for a specific length of time. Loop guard puts that port into “loop inconsistent” blocking state
• Loop Guard automatically re-enables the port if it starts receiving BPDUs again.
• It is most effective when enabled in the entire switched network in conjunction with UDLD.

To enable Loop Guard for all point-to-point links on the switch, use the following command:
Switch(config)# spanning-tree loopguard default

To enable Loop Guard on a specific interface, use the following:
Switch(config-if)# spanning-tree guard loop