Tunneling CDP frames
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-28-2015 02:10 PM
Best solutions out there to tunnel CDP in a mixed Extreme network...
Edge is 150-460 summit running 12.6 to 15.6
Core is 670 or 8900 MSM 128 running 15.4 - 15.6
Some support L2PT and some do not. I think what I need to do is build a counter profile to see where the CDP are failing and then build the tunnel there for the vlans I need to forward cdp
Here is what I am using for this which when applied to specific vlan on edge uni port works or to trunk port on next hop works. Problem is this going to be a big tasks to go through 100 plus vlans one segment at a time to find the blocking points.
entry cdp_pdu {if {
ethernet-destination-address 01:00:0c??cc:cc ;
snap-type 0x2000 ;
} then {
count cdp_ingress ;
}
}
Another question is when did replace-ethernet-destination-add get added to the image and made active. I have not found a version of code that supports this statement yet. I guess it is not needed on switches that support L2PT profiles?
Problem started when we started updating code from 12.6 to 15.xx it seemed CDP started being blocked and not passing through the network.
Thanks ahead of time
Edge is 150-460 summit running 12.6 to 15.6
Core is 670 or 8900 MSM 128 running 15.4 - 15.6
Some support L2PT and some do not. I think what I need to do is build a counter profile to see where the CDP are failing and then build the tunnel there for the vlans I need to forward cdp
Here is what I am using for this which when applied to specific vlan on edge uni port works or to trunk port on next hop works. Problem is this going to be a big tasks to go through 100 plus vlans one segment at a time to find the blocking points.
entry cdp_pdu {if {
ethernet-destination-address 01:00:0c??cc:cc ;
snap-type 0x2000 ;
} then {
count cdp_ingress ;
}
}
Another question is when did replace-ethernet-destination-add get added to the image and made active. I have not found a version of code that supports this statement yet. I guess it is not needed on switches that support L2PT profiles?
Problem started when we started updating code from 12.6 to 15.xx it seemed CDP started being blocked and not passing through the network.
Thanks ahead of time
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-02-2015 11:10 AM
Thanks for the clarification... Now I have to figure out where the cdp frames are being blocked and setup the l2pt profiles... will report back in 2 weeks... heading to NANOG/ARIN for a week of meetings... I have successfully been able to set up cdp counter acls so now it is just a matter of going through a bunch of switches for about 150 vlans to see where in our systems they are being dropped..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-02-2015 07:39 AM
Hi Etherman,
We can configure the l2pt profiles for the VLAN as well. It does not matter if the port is tagged or untagged as these l2 protocol frames will not have a dot1q field.
The article below explains the procedure for configuring l2pt profile.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-l2pt-profile-in-Extreme-S...
Hope this helps!
We can configure the l2pt profiles for the VLAN as well. It does not matter if the port is tagged or untagged as these l2 protocol frames will not have a dot1q field.
The article below explains the procedure for configuring l2pt profile.
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-l2pt-profile-in-Extreme-S...
Hope this helps!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-02-2015 12:02 AM
Hi Andreas,
I tested with 15.6.3.1 in an X460-24x
I am able to configure the protocol filter.
X460-24x.12 # sh protocol filter cdp detailProtocol Name : cdp
Protocol Id Type : snap
Protocol Id Value : 0x2000
Destination Address: 01:00:0c??cc:cc
Field Offset :
Field Value :
Field Mask :
Current State: OPERATIONAL
Image Selected: secondary
Image Booted: secondary
Primary ver: 15.7.2.9
Secondary ver: 15.6.3.1
X460-24x.14 # conf l2pt profile "allowcdp" add protocol filter "cdp"
* X460-24x.15 # sh l2pt profile
Execute the command
| Filter the output of the command
Show only the specified profile
"allowcdp"
* X460-24x.15 # sh l2pt profile "allowcdp"
Profile Name Protocol Filter Name Action CoS
-------------------------------- -------------------------------- ------ ---
allowcdp cdp Tunnel
Please share the following output:
show configuration detail | include cdp
Have you modify the CDP protocol which was already defined? If so, what changes were made.
I think if we exclusively configure the destination-address to this protocol again, we can make it work.
Please try this and let us know!
I tested with 15.6.3.1 in an X460-24x
I am able to configure the protocol filter.
X460-24x.12 # sh protocol filter cdp detailProtocol Name : cdp
Protocol Id Type : snap
Protocol Id Value : 0x2000
Destination Address: 01:00:0c??cc:cc
Field Offset :
Field Value :
Field Mask :
Current State: OPERATIONAL
Image Selected: secondary
Image Booted: secondary
Primary ver: 15.7.2.9
Secondary ver: 15.6.3.1
X460-24x.14 # conf l2pt profile "allowcdp" add protocol filter "cdp"
* X460-24x.15 # sh l2pt profile
| Filter the output of the command
Show only the specified profile
"allowcdp"
* X460-24x.15 # sh l2pt profile "allowcdp"
Profile Name Protocol Filter Name Action CoS
-------------------------------- -------------------------------- ------ ---
allowcdp cdp Tunnel
Please share the following output:
show configuration detail | include cdp
Have you modify the CDP protocol which was already defined? If so, what changes were made.
I think if we exclusively configure the destination-address to this protocol again, we can make it work.
configure protocol filter "cdp" add dest-mac 01:00:0c??cc:cc snap 0x2000
Please try this and let us know!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-01-2015 04:18 PM
Same here I tested this on a x460-24x with version 15.6.3.1.
This is the response I get
configure l2pt profile allowcdp add protocol filter cdp
create l2pt profile allowcdp configure l2pt profile allowcdp add protocol filter cdp Error: The protocol filter "cdp" is incompatible with L2PT since the protocol filter entry "Protocol id 0x2000 (SNAP)" does not specify a destination address.show protocol "cdp" detail Protocol Name : cdp
Protocol Id Type : snap
Protocol Id Value : 0x2000
Destination Address:
Field Offset :
Field Value :
Field Mask : Not sure how this would work event though the example is updated ? Please test with 15.6.3.1
This is the response I get
configure l2pt profile allowcdp add protocol filter cdp
create l2pt profile allowcdp configure l2pt profile allowcdp add protocol filter cdp Error: The protocol filter "cdp" is incompatible with L2PT since the protocol filter entry "Protocol id 0x2000 (SNAP)" does not specify a destination address.show protocol "cdp" detail Protocol Name : cdp
Protocol Id Type : snap
Protocol Id Value : 0x2000
Destination Address:
Field Offset :
Field Value :
Field Mask : Not sure how this would work event though the example is updated ? Please test with 15.6.3.1
