SWITCH 300-115 1.2 Configure and verify Layer 2 protocols

1.2.b UDLD



UDLD means Unidirectional Link Detection. it is mostly used on fiber links, but it is can also used on copper, to monitor the physical configuration of the cables and detect when a unidirectional condition exists,otherwise known as one way traffic.

Both sides of a connection must support udld for the protocol to effectively detect when a link goes unidirectional. when found to be unidirectional by aggressive mode the port is disabled and an alert is sent. in normal mode it is considered undetermined:

unless, for both types of media, one of the ports cannot send or receive
or one port is down and the other is up,
and in the case of fiber alone, one of the strands is disconnected

udld will disable the port

firstly, udld is globally disabled.

if enabled globally with udld enable (normal mode) or udld aggressive it is enabled on all fiber ports.  for copper ports, use the interface configuration command “udld port for normal mode and udld port aggressive, you guessed it, for aggressive mode.


2.1 Configure and verify switch security features

2.1.d Port security

802.1x config example:

Switch(config)# aaa new-model
Switch(config)# radius-server host key SECRET
Switch(config)# radius-server host key SECRET2
Switch(config)# aaa authentication dot1x default group radius
Switch(config)# dot1x system-auth-control
Switch(config)# interface range gigabitethernet1/0/1 – 40
Switch(config-if)# switchport access vlan 10
Switch(config-if)# switchport mode access
Switch(config-if)# dot1x port-control auto

see: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_55_se/configuration/guide/3750xscg/sw8021x.html


SWITCH 300-115 1.2 Configure and verify Layer 2 protocols

1.2.a CDP, LLDP


Typically, LLDP uses Ethernet as its “transport” protocol. The Ethernet type for LLDP is 0x88cc.

LLDP Data Units (LLDPDUs) are sent to the destination MAC address 01:80:c2:00:00:0e. This address is defined as the “LLDP_Multicast” address.

There are both mandatory and optional LLDP TLVs defined. All compliant LLDP Data Units (LLDPDUs) must contain at a minimum the following four mandated TLVs in the following order :

  • Chassis ID TLV (Type = 1)
  • Port ID TLV (Type = 2)
  • Time To Live TLV (Type = 3)
  • End of LLDPDU TLV (Type = 0)


If the LLDPDU includes optional TLVs they will be inserted between the Time To Live TLV and End of LLDPDU TLV.

Optional TLVs include the Basic set of TLVS and the Organizationally Specific TLVS.

Besides the four mandated TLVs listed above the Basic set of LLDP TLVs also includes:

  • Port Description TLV (Type = 4)
  • System Name TLV (Type = 5)
  • System Description TLV (Type = 6)
  • System Capabilities TLV (Type = 7)
  • Management Address TLV (Type = 8)


if you are as saddened as i am about the chameleon from GNS3 mucking up your network topologies, then kill the damn thing…

here’s how:


 in your /home/user/.config/GNS3 directory run sudo gedit gns3_gui.conf and terminate the little bastard by setting hide_the_damn_lizard to “true”.

for windows it’s gns3_gui.ini…