Solved

CDP traffic across multi vendor devices

Posted on 2014-02-25
3
1,512 Views
Last Modified: 2014-02-26
Hello, I have a very interesting question regarding CDP traffic.

First I would like to confirm a few things.
CDP advertisements are done via multicast. Also, CDP traffic ALWAYS travels on VLAN 1.

So here are a few scenarios with accompanying questions.

Scenario 1.
Sw1 (cisco) --- Sw2 (cisco)
Switch 1 connects to Switch 2. A trunk link is configured between the 2, only allowing VLAN 10 and native VLAN 90.
I believe the CDP traffic will still traverse the link on VLAN 1.


Scenario 2.
Sw1 (cisco) --- Sw2 (cisco)
Switch 1 connects to Switch 2. A access port is configured between the 2 switches. Both access ports are configured on VLAN 2.
I believe the CDP traffic will still traverse the link on VLAN 1.


Secnario 3.
Sw1 (cisco) --- Sw2 (Juniper) --- Sw3 (cisco)

I believe that non-cisco switches such as Juniper/Foundry (to name a few) pass through CDP advertisements by default.

Sw1 and Sw2 have a trunk link configured.
Sw2 and Sw3 have a trunk link configured.

Sw1 will be able to see Sw3 as a CDP neighbor even though it is 2 layer2 hops away.


Scenario 4. (Ok this is the one that is confusing me.)
Sw1 (cisco) --- sw2 (juniper) --- sw3 (cisco)
                                            --- Router1 (cisco)


Sw1 connects to Sw2. Both ports are access ports on VLAN 10.

Sw2 has 2 connections, one to sw3 and another to Router1.
Connection to sw3 is access port on VLAN 20 (on both sw2 and sw3).
Connection to Router1 is a trunk that permits VLAN 10, 20.

So in this case.
(1) Sw1 will see Router1 as a CDP neighbor because Sw2 will pass through the CDP advertisement. CDP advertisements are on VLAN 1, which cannot be pruned (it can but control traffic such as CDP will still use it).
(2) Sw1 will also see Sw3 as a CDP neighbor. The Sw2 (juniper) will forward (pass through) the CDP advertisement. And even though Sw2 and Sw3 are connected via access VLAN 20 while Sw1 and Sw2 are connected via access VLAN 10, Sw1 will see Sw3 as a CDP neighbor? (this one i'm not sure about, can anyone clarify?)

Thanks.
0
Comment
Question by:inoc
  • 2
3 Comments
 
LVL 20

Accepted Solution

by:
rauenpc earned 500 total points
ID: 39885713
When it comes to CDP, it doesn't really care about what vlans are configured or allowed on a given port. All that matters is layer 2 connectivity. Yes, it technically uses vlan 1 because Cisco uses vlan 1 on the back end to process these packets, but it all still comes down to layer 2. If a non-Cisco device passes CDP through as if it is a regular multicast packet, then all Cisco devices that can receive the packets will view each other as directly connected (from a CDP standpoint - spanning tree will not and does not need to match up to CDP neighbor relationships).

Scenarios 1-3 you are correct, assuming that Juniper passes these packets through.

For scenario 4, I believe you are correct that all three Cisco devices will see each other as if directly connected. The only situation that might not allow CDP through would be if the non-Cisco switch is configured as a trunk with all vlans tagged - this might cause CDP packets to be dropped as they will never have a vlan tag.

Bear in mind that my answers come based on other vendor switches. I have not used Juniper, but have used other switches to experience the odd CDP neighbor relationships. The tough part about CDP and non-Cisco switches are that if you have different trunk configs (different native vlans), you will get a bunch of log errors about native vlan mismatch even if the difference is on purpose. In those cases, I've ended up disabling CDP.
0
 

Author Comment

by:inoc
ID: 39886877
Hmm so technically in scenario 4.
Sw2 could be a provider switch with customers hanging off it (I.e. Sw1 and sw3).
Sw1 could see Sw3 as a cdp neighbor (one customer seeing another customer's switch)?
0
 
LVL 20

Expert Comment

by:rauenpc
ID: 39886965
Correct, all devices will see all other devices if the cdp packets are passed through, almost as if they were connected to a dumb hub even though they are not.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't ping New Linux Servers 40 99
Web Fraud scenarios to PoC F5  web fraud prevention 7 64
ospf neighbors not coming up 6 69
Another machine has a duplicate ip? 11 39
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question