Layer3

Adventures in Networking, Routing, Switching, Virtualization, Storage, etc.

«
»

CDP, DTP, LOOP Reply and BPDU

Posted by Chris on October 24, 2009

A Cisco switch generates a small amount of network traffic as part of it’s normal housekeeping functions.
It’s important to be able to recognize normal “background noise” when looking at a packet capture.

Below is a packet capture from a Catalyst 3560.  The only device connected to the switch is  an Xp virtual machine running Wireshark.
Note the four types of packets that appear at regular intervals, STP, LOOP, DTP and CDP.  (click on the image for a larger view)

catcap

STP
A Spanning Tree Bridge Protocol Data Unit (BPDU) is sent every two seconds as part of the loop detection process.
This particular packet tells us that the root bridge is 00:22:be:21:3e:80, which also happens to be the switch we are connected to.

It is possible to prevent BPDU’s from being sent out an interface by enabling BPDU Filtering .

bpdufilter

BPDU Filtering can be enabled globally for every port that has PortFast enabled by using the spanning-tree portfast bpdufilter default command.

gcbpdufilter

Note this also disables loop detection on all access ports,  probably not a good idea under most circumstances.

LOOP
LOOP Reply is a Layer 2 keepalive packet that is sent every ten seconds by default.
The LOOP Reply verifies to IOS that the link is up.  The switch does not actually listen for a reply, it simply verifies that was able to send the packet out the interface.
Loss of three consecutive Layer 2 keepalives will cause the interface to transition to a down state.
It is possible to configure the interval between packets by using the keepalive interface configuration command.

keepalive

DTP
Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol used to negotiate a common trunking mode between two switches.
A trunk link differs from an access port in that a trunk can transport more than one VLAN.
DTP packets are sent every thirty seconds by default.
If the switch port is configured as an access port using the switchport mode access command, DTP packets will not be sent from that interface.

swportmodeaccess
When an access port is reconfigured as a trunk port, transmission of DTP packets will resume 30 seconds after the port is reconfigured.

CDP
Cisco Discovery Protocol (CDP) packets are sent every sixty seconds by default.
CDP provides information about the capabilities of a device to it’s connected neighbor.
CDP can be disabled and it’s not a bad idea to do so under certain circumstances especially if security is a concern.

CDP can be disabled globally with the no cdp run command.

cdpglobal

CDP can also be disabled on a particular interface with the no cdp enable command.



This entry was posted on October 24, 2009 at 8:23 pm and is filed under BCMSN, CCNP, Cisco, Switching. Tagged: , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “CDP, DTP, LOOP Reply and BPDU”

  1. CCIEStudyWiki.com Links of the Week: Autosecure, RITE, Troubleshooting said

    October 30, 2009 at 8:04 am

    [...] 3 uses Wireshark to examine “background” traffic being sent out from a Cisco 356o switch and does some experiments with STP and [...]

    Reply

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»