Cisco: Layer 1 link failure detection

It has been a while since I didn’t post anything here, but it was holidays and I used that time to relax and rest after a year of work. Following this idea I wish you all “Happy New Year” and all the best in 2009.

Today I planned to write about something easy to implement (just to get in shape), but ignored by some network engineer. For me, Layer 1 issues are very annoying, and here I’m talking mostly about the cases when everything look perfect on your side, cable is plugged in, you have green light for the link, but nothing is working.

Luckily some smart engineers think to develop and implement a feature called Unidirectional Link Detection (UDLD). UDLD is used to detect when the send channel (Tx) of a cable is down, but not the receive channel (Rx) and vice versa. This situation typically can occur in a fiber optic cable when there is a break on one side of the cable run or in copper cable when Rx or Tx pair is broken. When UDLD detects this situation the interface is brought down to prevent spanning-tree loops and black holes due to  unidirectional links.Remember, UDLD is a Layer 2 protocol that with Layer 1 mechanisms to determine the physical status of a link.

Please have a look below for a configuration example:


Cisco: Spoof detection

Spoofing is a kind of network attack to compromise your network security with the intention of traffic capture which will enable an attacker to get access to confidential data. Usually a spoof attach is associated with IP spoofing, which means that the source IP of the packet which arrive to your device has been changed with intention. For example, let’s assume that you are having a plain http communication with mail server and you want to login to your mail account. You sent the intial TCP connection to the real IP of the mail server. If in this moment an attacker can spoof the traffic and reply to your machine with a fake source IP (pretending that it’s the IP address of the mail server), then the next packets (including packets which contain login/password) will be sent to the attacker machine.

The spoof detection configuration on Cisco is very simple (at least the methods that I know), but I said to put it here maybe somebody need it. We have 2 routers connected with a crosslink cable, as we need IP address on interface and interface to be UP in order to do the “show…” verification.

Please see the tutorial below: