a las 18:30

Duplex Mismatch Discovered

Cuando los dispositivos Cisco están conectados entre si y el CDP se activa (por defecto esta habilitado), si un puerto esta configurado como full duplex y el otro puerto esta configurado como half duplex, los dos dispositivos registran en pantalla los mensajes "duplex mismatch"

*Mar  1 00:16:31.371: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R2 FastEthernet0/0 (half duplex).
R1#
*Mar  1 00:17:31.355: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R2 FastEthernet0/0 (half duplex).
R1#
*Mar  1 00:18:31.355: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R2 FastEthernet0/0 (half duplex).
R1#
*Mar  1 00:19:31.363: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R2 FastEthernet0/0 (half duplex).
R1#
*Mar  1 00:20:31.367: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R2 FastEthernet0/0 (half duplex).
R1#
*Mar  1 00:21:31.355: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R2 FastEthernet0/0 (half duplex).
R1#
*Mar  1 00:22:31.355: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R2 FastEthernet0/0 (half duplex).
R1#
*Mar  1 00:23:31.355: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R2 FastEthernet0/0 (half duplex).

Podemos ver que cada 60 segundos los paquetes CDP reciben una advertencia de que hay un desajuste "duplex mismatch".

Para comprobar rápidamente los puertos utilizamos el comando show interfaces status.

R1#show interfaces status

Port    Name               Status       Vlan       Duplex Speed Type
Fa1/0                      connected    1          a-full   a-100 10/100BaseTX
Fa1/1                      notconnect   1            auto    auto 10/100BaseTX
Fa1/2                      notconnect   1            auto    auto 10/100BaseTX
Fa1/3                      notconnect   1            auto    auto 10/100BaseTX
Fa1/4                      notconnect   1            auto    auto 10/100BaseTX
Fa1/5                      notconnect   1            auto    auto 10/100BaseTX
Fa1/6                      notconnect   1            auto    auto 10/100BaseTX
Fa1/7                      notconnect   1            auto    auto 10/100BaseTX
Fa1/8                      notconnect   1            auto    auto 10/100BaseTX
Fa1/9                      notconnect   1            auto    auto 10/100BaseTX
Fa1/10                     notconnect   1            auto    auto 10/100BaseTX
Fa1/11                     notconnect   1            auto    auto 10/100BaseTX
Fa1/12                     notconnect   1            auto    auto 10/100BaseTX
Fa1/13                     notconnect   1            auto    auto 10/100BaseTX
Fa1/14                     notconnect   1            auto    auto 10/100BaseTX
Fa1/15                     notconnect   1            auto    auto 10/100BaseTX

Desde la consola podemos ver que la mayoría de los puertos están en modo auto, algunos están configurados con una velocidad especifica y en modo duplex. La interface Fa0/1 esta configurado en modo auto para la velocidad (speed) y el modo Duplex, pero hemos detectado que el dispositivo estableció una conexión en full duplex y de velocidad de 100 Mb.

*Mar  1 00:45:31.355: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet1/0 (not half duplex), with R2 FastEthernet0/0 (half duplex).

En el mensaje de error se puede ver que el router conectado R2 esta configurado como half duplex en la interface Fa0/0 (with R2 FastEthernet0/0 (half duplex).

Así que en el equipo R2 echamos un vistazo a la configuración de la interfaces Fa0/0.

R2#show interface fa0/0
FastEthernet0/0 is up, line protocol is up
Hardware is Gt96k FE, address is c201.1f40.0000 (bia c201.1f40.0000)
Internet address is 192.168.1.2/24
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
  reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 10Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:09, output 00:00:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
  1 packets input, 366 bytes
  Received 1 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog
  0 input packets with dribble condition detected
  12 packets output, 1610 bytes, 0 underruns
  0 output errors, 0 collisions, 1 interface resets
  0 babbles, 0 late collision, 0 deferred
  0 lost carrier, 0 no carrier
  0 output buffer failures, 0 output buffers swapped out

En la salida podemos ver que la interface esta configurado como half duplex y velocidad de 10Mb/s. Podemos cambiar la interface en modo full duplex para que coincida con la infertace el otro equipo (R1).

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#interf
R2(config)#interface fa0/0
R2(config-if)#duplex full
R2(config-if)#speed 100
R2(config-if)#end
R2#

Siempre es buena idea configurar las interfaces en ambos equipos para que coincidan en lugar de dejarlos en modo auto.

a las 20:54

Configuración de PPP y CHAP

En este post veremos como configurar PPP (Point-to-Point Protocol) y CHAP (Challenge Handshake Authentication Protocol), en primer lugar debemos de comprender que tipo de conexión estamos haciendo. Un diagrama de red nos podría ayudar, tal como se muestra en la siguiente imagen donde se muestra una conexión básica de PPP y CHAP.

Configuración de PPP y CHAP en el Router2

Router#configure terminal
Router(config)#hostname Router1
Router1(config)#username Router2 password cisco
Router1(config)#interface serial1/0
Router1(config-if)#clockrate 64000
Router1(config-if)#ip address 192.168.1.130 255.255.255.252
Router1(config-if)#encapsulation ppp
Router1(config-if)#ppp authentication chap
Router1(config-if)#no shut
Router1(config-if)#end
Router1#ping 192.168.1.129

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.129, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/72/156 ms

Configuración de PPP y CHAP en el Router2

Router#configure terminal
Router(config)#hostname Router2
Router2(config)#username Router1 password cisco
Router2(config)#interface serial1/0
Router2(config-if)#ip address 192.168.1.129 255.255.255.252
Router2(config-if)#encapsulation ppp
Router2(config-if)#ppp authentication chap
Router2(config-if)#no shut
Router2(config-if)#end
Router2#ping 192.168.1.130

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.130, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/46/92 ms

Troubleshooting PPP y CHAP

Ahora que tenemos configurado PPP + CHAP, verificaremos la configuración de PPP en las interfaces configurada con el comando show interface, como se muestra a continuación.

Verificacion de la interface serial1/0 en el Router1

Router1#show interface serial1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.130/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:25, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:04:19
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations  0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
31 packets input, 1988 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
33 packets output, 1419 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

Verificación de la interface serial1/0 en el Router2

Router2#show interface serial1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 192.168.1.129/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, CDPCP, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
Last input 00:00:07, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:03:09
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations  0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
34 packets input, 1727 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
35 packets output, 2052 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
1 carrier transitions     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

Comandos debug de PPP

Estos comandos nos puedes ser utilices para mostrar el proceso de PPP en las interfaces. También sirven de gran ayuda para administrar la red y así resolver problemas de enlace. Los comandos mas útiles son los siguientes.

Debugging PPP Authentication

El comando debug ppp authentication nos mostrara el proceso de autenticación de CHAP. Si la encapsulacion PPP y la autención estan configurados correctamente en los routers, asi como los nombres de usuario con sus respectivas contraseñas, se mostrara en la salida algo similar a lo siguiente.

Router1#debug ppp authentication
PPP authentication debugging is on
Router1#
*Mar  1 00:16:42.699: Se1/0 PPP: Authorization required
*Mar  1 00:16:42.707: Se1/0 CHAP: O CHALLENGE id 3 len 28 from "Router1"
*Mar  1 00:16:42.707: Se1/0 CHAP: I CHALLENGE id 3 len 28 from "Router2"
*Mar  1 00:16:42.711: Se1/0 CHAP: I RESPONSE id 3 len 28 from "Router2"
*Mar  1 00:16:42.723: Se1/0 PPP: Sent CHAP LOGIN Request
*Mar  1 00:16:42.723: Se1/0 CHAP: Using hostname from unknown source
*Mar  1 00:16:42.727: Se1/0 CHAP: Using password from AAA
*Mar  1 00:16:42.727: Se1/0 CHAP: O RESPONSE id 3 len 28 from "Router1"
*Mar  1 00:16:42.731: Se1/0 PPP: Received LOGIN Response PASS
*Mar  1 00:16:42.735: Se1/0 PPP: Sent LCP AUTHOR Request
*Mar  1 00:16:42.739: Se1/0 PPP: Sent IPCP AUTHOR Request
*Mar  1 00:16:42.743: Se1/0 LCP: Received AAA AUTHOR Response PASS
*Mar  1 00:16:42.747: Se1/0 IPCP: Received AAA AUTHOR Response PASS
*Mar  1 00:16:42.747: Se1/0 CHAP: O SUCCESS id 3 len 4
*Mar  1 00:16:42.935: Se1/0 CHAP: I SUCCESS id 3 len 4
*Mar  1 00:16:42.939: Se1/0 PPP: Sent CDPCP AUTHOR Request
*Mar  1 00:16:42.943: Se1/0 PPP: Sent IPCP AUTHOR Request
*Mar  1 00:16:42.955: Se1/0 CDPCP: Received AAA AUTHOR Response PASS
Router1#

Debug PPP Negotiation

Este comando nos muestra los procesos de negociacion de PPP, aqui un ejemplo.

Router1#debug ppp negotiation
PPP protocol negotiation debugging is on
Router1#
*Mar  1 00:20:47.199: Se1/0 LCP: I CONFREQ [Open] id 5 len 15
*Mar  1 00:20:47.199: Se1/0 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.199: Se1/0 LCP:    MagicNumber 0x011C567B (0x0506011C567B)
*Mar  1 00:20:47.203: Se1/0 CDPCP: State is Closed
*Mar  1 00:20:47.203: Se1/0 IPCP: State is Closed
*Mar  1 00:20:47.207: Se1/0 PPP: Phase is TERMINATING
*Mar  1 00:20:47.211: Se1/0 PPP: Phase is ESTABLISHING
*Mar  1 00:20:47.211: Se1/0 LCP: O CONFREQ [Open] id 8 len 15
*Mar  1 00:20:47.211: Se1/0 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.215: Se1/0 LCP:    MagicNumber 0x001D100F (0x0506001D100F)
*Mar  1 00:20:47.215: Se1/0 LCP: O CONFACK [Open] id 5 len 15
*Mar  1 00:20:47.215: Se1/0 LCP:    AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.215: Se1/0 LCP:    MagicNumber 0x011C567B (0x0506011C567B)
*Mar  1 00:20:47.219: Se1/0 IPCP: Remove route to 192.168.1.129
*Mar  1 00:20:47.223: Se1/0 LCP: I CONFACK [ACKsent] id 8 len 15
*Mar  1 00:20:47.227: Se1/0 LCP: AuthProto CHAP (0x0305C22305)
*Mar  1 00:20:47.227: Se1/0 LCP:  MagicNumber 0x001D100F (0x0506001D100F)
*Mar  1 00:20:47.227: Se1/0 LCP: State is Open
*Mar  1 00:20:47.227: Se1/0 PPP: Phase is AUTHENTICATING, by both
*Mar  1 00:20:47.231: Se1/0 CHAP: O CHALLENGE id 5 len 28 from "Router1"
*Mar  1 00:20:47.231: Se1/0 CHAP: I CHALLENGE id 5 len 28 from "Router2"
*Mar  1 00:20:47.235: Se1/0 CHAP: I RESPONSE id 5 len 28 from "Router2"
*Mar  1 00:20:47.235: Se1/0 PPP: Phase is FORWARDING, Attempting Forward
*Mar  1 00:20:47.243: Se1/0 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Mar  1 00:20:47.247: Se1/0 CHAP: Using hostname from unknown source
*Mar  1 00:20:47.247: Se1/0 CHAP: Using password from AAA
*Mar  1 00:20:47.247: Se1/0 CHAP: O RESPONSE id 5 len 28 from "Router1"
*Mar  1 00:20:47.251: Se1/0 PPP: Phase is FORWARDING, Attempting Forward
*Mar  1 00:20:47.255: Se1/0 PPP: Phase is AUTHENTICATING, Authenticated User
*Mar  1 00:20:47.263: Se1/0 CHAP: O SUCCESS id 5 len 4
*Mar  1 00:20:47.455: Se1/0 CHAP: I SUCCESS id 5 len 4
*Mar  1 00:20:47.459: Se1/0 PPP: Phase is UP
*Mar  1 00:20:47.459: Se1/0 IPCP: O CONFREQ [Closed] id 1 len 10
*Mar  1 00:20:47.459: Se1/0 IPCP:    Address 192.168.1.130 (0x0306C0A80182)
*Mar  1 00:20:47.463: Se1/0 PPP: Process pending ncp packets
*Mar  1 00:20:47.463: Se1/0 IPCP: I CONFREQ [REQsent] id 1 len 10
*Mar  1 00:20:47.467: Se1/0 IPCP:    Address 192.168.1.129 (0x0306C0A80181)
*Mar  1 00:20:47.467: Se1/0 AAA/AUTHOR/IPCP: Start.  Her address 192.168.1.129, we want 0.0.0.0
*Mar  1 00:20:47.471: Se1/0 CDPCP: I CONFREQ [Closed] id 1 len 4
*Mar  1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Reject 192.168.1.129, using 0.0.0.0
*Mar  1 00:20:47.479: Se1/0 AAA/AUTHOR/IPCP: Done.  Her address 192.168.1.129, we want 0.0.0.0
*Mar  1 00:20:47.483: Se1/0 IPCP: O CONFACK [REQsent] id 1 len 10
*Mar  1 00:20:47.483: Se1/0 IPCP:    Address 192.168.1.129 (0x0306C0A80181)
*Mar  1 00:20:47.483: Se1/0 IPCP: I CONFACK [ACKsent] id 1 len 10
*Mar  1 00:20:47.483: Se1/0 IPCP:    Address 192.168.1.130 (0x0306C0A80182)
*Mar  1 00:20:47.487: Se1/0 IPCP: State is Open
*Mar  1 00:20:47.487: Se1/0 CDPCP: O CONFREQ [Closed] id 1 len 4
*Mar  1 00:20:47.499: Se1/0 IPCP: Install route to 192.168.1.129
*Mar  1 00:20:47.547: Se1/0 CDPCP: I CONFACK [REQsent] id 1 len 4
*Mar  1 00:20:49.463: Se1/0 CDPCP: Timeout: State ACKrcvd
*Mar  1 00:20:49.463: Se1/0 CDPCP: O CONFREQ [ACKrcvd] id 2 len 4
*Mar  1 00:20:49.503: Se1/0 CDPCP: I CONFACK [REQsent] id 2 len 4
*Mar  1 00:20:49.527: Se1/0 CDPCP: I CONFREQ [ACKrcvd] id 2 len 4
*Mar  1 00:20:49.527: Se1/0 CDPCP: O CONFACK [ACKrcvd] id 2 len 4
*Mar  1 00:20:49.527: Se1/0 CDPCP: State is Open

Los otros comandos utiles son los siguientes:

debug ppp packet
debug ppp error
debug ppp chap

a las 21:41

Usando Cisco Discovery Protocol (CDP)

El Cisco Discovery Protocol (CDP) es muy útil cuando se configura una amplia variedad de equipos cisco. Nos permite ver los protocolos configurados en los routers, las direcciones que tienen, así como las versiones de IOS corriendo en los routers o switches y todo esto sin necesidad de conocer las contraseñas de los dispositivos conectados. En resumen, la información que descubre CDP es la siguiente.

• Nombre del Dispositivo
• El Puerto o interface en la que esta recibiendo el paquete CDP
• Tipo de Puerto
• El modelo del dispositivo Cisco
• Versión del IOS
• Lista de direcciones
• Información sobre VLANs

CDP esta habilitado por defecto en la mayoría de las interfaces, hay algunas excepciones como en las interfaces ATM. Este protocolo detecta automáticamente los dispositivos Cisco vecinos que están conectados directamente. El siguiente comando se utiliza para habilitar CDP a nivel global.

Router1(config)#cdp run

Ejemplo de la utilización de CDP en una red pequeña.

Red Pequeña.

Ejemplo de comandos CDP en el SW2.

SW2#show cdp ?
entry      Information for specific neighbor entry
interface  CDP interface status and configuration
neighbors  CDP neighbor entries
traffic    CDP statistics
|          Output modifiers

Con el comando show cdp neighbors podemos obtener un resumen de la información sobre los dispositivos vecinos que están ejecutando CDP.

SW2#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Router1          Fas 1/1            167           R       7206VXR   Fas 0/0
SW1              Fas 1/0            153         R S I     3725      Fas 1/1

Como podemos ver este comando nos muestra el nombre y el tipo de dispositivo de los equipos conectados, incluyendo el modelo. También muestra que puertos por las cuales estamos recibiendo los paquetes CDP y los puertos de los dispositivos vecinos por los cuales se envían los paquetes.

Para obtener información mas datallada de los dispositivos conectados.

SW2#show cdp neighbors detail
-------------------------
Device ID: Router1
Entry address(es):
IP address: 192.168.1.3
Platform: Cisco 7206VXR,  Capabilities: Router
Interface: FastEthernet1/1,  Port ID (outgoing port): FastEthernet0/0
Holdtime : 130 sec

Version :
Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.4(17), RELEASE SOFTWARE (fc1)
Technical Support: https://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 08-Sep-07 01:37 by prod_rel_team

advertisement version: 2
Duplex: full

-------------------------
Device ID: SW1
Entry address(es):
IP address: 192.168.1.1
Platform: Cisco 3725,  Capabilities: Router Switch IGMP
Interface: FastEthernet1/0,  Port ID (outgoing port): FastEthernet1/1
Holdtime : 175 sec

Version :
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Wed 30-Apr-08 18:27 by prod_rel_team

advertisement version: 2
VTP Management Domain: ''
Native VLAN: 1
Duplex: full

Obtener información especifica del R1.

SW2#show cdp entry Router1
-------------------------
Device ID: Router1
Entry address(es):
IP address: 192.168.1.3
Platform: Cisco 7206VXR,  Capabilities: Router
Interface: FastEthernet1/1,  Port ID (outgoing port): FastEthernet0/0
Holdtime : 139 sec

Version :
Cisco IOS Software, 7200 Software (C7200-JK9O3S-M), Version 12.4(17), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 08-Sep-07 01:37 by prod_rel_team

advertisement version: 2
Duplex: full

El comando show cdp interface nos muestra el estado de las interfaces del Router o los puertos del Switch.

SW2#show cdp interface
FastEthernet0/0 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet0/1 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/0 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/1 is up, line protocol is up
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/2 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/3 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/4 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/5 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/6 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/7 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/8 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/9 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/10 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/11 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/12 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/13 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/14 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
FastEthernet1/15 is up, line protocol is down
Encapsulation ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds

Para obtener el trafico que esta generando CDP, como los paquetes CDP enviados y recibos.

SW2#show cdp traffic
CDP counters :
      Total packets output: 84, Input: 38
      Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
      No memory: 0, Invalid packet: 0, Fragmented: 0
      CDP version 1 advertisements output: 0, Input: 0
      CDP version 2 advertisements output: 84, Input: 38

Mediante el uso de CDP podemos recopilar toda esta información para solucionar problemas en la red pero también lo recomendable es deshabilitar CDP en aquellas interfaces donde están conectados otros dispositivos que no sean de nuestra confianza ya que algún usuario malintencionado podría extraer toda esta información y podría causar problemas en la red. Para deshabilitar CDP utilizar el siguiente comando.

Router1(config)#no cdp run

También podemos deshabilitar CDP en las interfaces mediante el comando "no cdp enable".

SW2(config)#interface FastEthernet0/1
SW2(config-if)#no cdp enable

Para ver la configuración global de CDP se utiliza el siguiente comando.

SW2#show cdp
Global CDP information:
       Sending CDP packets every 30 seconds
       Sending a holdtime value of 240 seconds
       Sending CDPv2 advertisements is not enabled

Como se puede ver aqui el router tiene la configuracion por defecto para enviar paquetes CDP cada 60 segundos y el holdtime cada 180 segundos. Para ajustar estos parametros en el router se realiza con los siguientes comandos.

SW2(config)#cdp timer 30
SW2(config)#cdp holdtime 240

Como he mencionado antes, lo recomendable es deshabilitar CDP en aquellas interfaces en las cuales están conectadas directamente a internet o cualquier otro sitio en la cual no confiamos. En otro post veremos mas temas sobre configuraciones en los equipos cisco.