Re: ISDN & "no cdp enable" command

From: Larry Roberts (groupstudy@american-hero.com)
Date: Tue Mar 08 2005 - 14:56:40 GMT-3

I found an entry in ACS. Its from Dec 26th, so I wouldn't have even a
remote clue what my configuration looked like at the time.

Date Time Message-Type User-Name Group-Name Caller-ID
Authen-Failure-Code Author-Failure-Code Author-Data NAS-Port NAS-IP-Address

12/26/2004 20:48:22 Author failed LAB1R3 TACACS CALL-BACK GROUP
99281766/99281764 .. Service denied service=ppp protocol=cdp BRI0/0:1
10.50.13.1

 From what I could remember I was doing authen/authorization via TACACS.
The link would attempt to come up, but the service was denied because
CDP wasn't permitted.

I would get the link trying to come up every few minutes with this error
( maybe every minute. As I said it was in December) I disabled CDP and
the link stopped being initiated because of CDP. At that point permitted
traffic would be able to bring the link up, authorization would occur
and all was well.

I can only assume I'm running the same code now that I had on the router
then.
"flash:c2600-ik9o3s3-mz.122-15.T12.bin

Its quite possible that I have 2 different things at work in my scenario
that only appear to be related. I really didn't dig into much deeper at
the time as I was fighting another issue.

I agree that it doesn't make sense. IIRC CDP is a layer 2 protocol,
which should not caused what I was seeing. All I know is that I would
get this message repeating if I forgot to disable CDP on the interface.

( for the record I know when and why to use no peer neighbor route, as
well as OSPF cost on a ISDN interface . :) Humor for those listening in
on the call that internetworkexpert gave yesterday )

Richard Dumoulin wrote:
> We won't be able unless you show us your config.
> Here is a quick test:
>
> ROUTER#sh cdp int
> Dialer1 is up, line protocol is up
> Encapsulation PPP
> Sending CDP packets every 60 seconds
> Holdtime is 180 seconds
> !
> ROUTER#sh run int d 1
> Building configuration...
>
> Current configuration : 404 bytes
> !
> interface Dialer1
>
> ip address 172.21.99.1 255.255.255.252
> encapsulation ppp
> dialer pool 1
> dialer remote-name BACKDOORaccess
> dialer idle-timeout 36600 either
> dialer string xxxxx
> dialer-group 1
> ppp authentication chap
> ppp chap hostname xxxxxx
> ppp chap password 7 xxxxx
> end
>
> ROUTER#
> *Mar 19 00:26:53: Di1 DDR: cdp, 439 bytes, outgoing uninteresting (no list
> matched)
> ROUTER#sh run | in dialer-list
> dialer-list 1 protocol ip permit
> !
>
> As Brian said, CDP would match the interesting traffic if it was configured
> on the dialer-list but then there is no option :)
>
> Still not convinced???
>
> -- Richard
>
>
> -----Original Message-----
> From: Larry Roberts [mailto:groupstudy@american-hero.com]
> Sent: Tuesday, March 08, 2005 6:24 PM
> To: Brian McGahan
> Cc: Richard Dumoulin; Jonathan ZD; CCIE - GS
> Subject: Re: ISDN & "no cdp enable" command
>
> OK,
>
> Can you then please explain why I see CDP being denied in ACS when I'm
> doing TACACS callback?
>
>
> I'm only going on what I see in ACS. I have called my wife to have here
> turn stuff on so I can get a copy. We will see how that goes...
>
>
>
>
>
>
> Brian McGahan wrote:
>
>> CDP can *never* bring up the link, as it's not a protocol option
>>under the dialer-list:
>>
>>Rack3R4(config)#dialer-list 1 protocol ?
>> bridge Bridging
>> clns OSI Connectionless Network Service
>> decnet DECnet
>> ip IP
>> ipv6 IPv6
>> ipx Novell IPX
>> llc2 LLC2
>> netbios NETBIOS
>>
>>Rack3R4(config)#dialer-list 1 protocol cdp permit
>> ^
>>% Invalid input detected at '^' marker.
>>
>>Rack3R4(config)#
>>
>>
>>
>>HTH,
>>
>>Brian McGahan, CCIE #8593
>>bmcgahan@internetworkexpert.com
>>
>>Internetwork Expert, Inc.
>>http://www.InternetworkExpert.com
>>Toll Free: 877-224-8987 x 705
>>Outside US: 775-826-4344 x 705
>>24/7 Support: http://forum.internetworkexpert.com
>>Live Chat: http://www.internetworkexpert.com/chat/
>>
>>
>>
>>
>>>-----Original Message-----
>>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>>
>>Of
>>
>>
>>>Richard Dumoulin
>>>Sent: Tuesday, March 08, 2005 9:21 AM
>>>To: Larry Roberts; Jonathan ZD
>>>Cc: CCIE - GS
>>>Subject: RE: ISDN & "no cdp enable" command
>>>
>>>I believe in the past CDP would bring up the isdn line by default. It
>>
>>is
>>
>>
>>>not
>>>true anymore. You can verify by ennabling cdp on the isdn and type
>>
>>debug
>>
>>
>>>dialer packets. You'll see that cdp is not interesting,
>>>
>>>-- Richard
>>>
>>>-----Original Message-----
>>>From: Larry Roberts [mailto:groupstudy@american-hero.com]
>>>Sent: Tuesday, March 08, 2005 4:18 PM
>>>To: Jonathan ZD
>>>Cc: CCIE - GS
>>>Subject: Re: ISDN & "no cdp enable" command
>>>
>>>Its to prevent CDP from bringing up the link.
>>>
>>>Depending on how your circuit is brought up you may or may not need to
>>>have this command.
>>>
>>>it never hurts to have CDP disabled, its just not always needed.
>>>
>>>Larry
>>>
>>>
>>>Jonathan ZD wrote:
>>>
>>>
>>>>Dear group,
>>>>
>>>>Sometimes I found "no cdp enable" command under ISDN int, sometimes
>>
>>I
>>
>>
>>>don't.
>>>
>>>
>>>>I've tried to find document that would explain the relationship
>>
>>between
>>
>>
>>>this
>>>
>>>
>>>>command and ISDN, but found none. Anyone knows what this command got
>>
>>to
>>
>>
>>>do
>>>
>>>
>>>>with ISDN?
>>>>
>>>>Thanks,
>>>>
>>>>Jonathan
>>>>
>>>>
>>
>>_______________________________________________________________________
>>
>>
>>>>Subscription information may be found at:
>>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>--
>>>Thanks,
>>>
>>>Larry
>>>
>>>
>>
>>_______________________________________________________________________
>>
>>
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>**********************************************************************
>>>Any opinions expressed in the email are those of the individual and
>>
>>not
>>
>>
>>>necessarily the company. This email and any files transmitted with it
>>
>>are
>>
>>
>>>confidential and solely for the use of the intended recipient. If you
>>
>>are
>>
>>
>>>not the intended recipient or the person responsible for delivering it
>>
>>to
>>
>>
>>>the intended recipient, be advised that you have received this email
>>
>>in
>>
>>
>>>error and that any dissemination, distribution, copying or use is
>>
>>strictly
>>
>>
>>>prohibited.
>>>
>>>If you have received this email in error, or if you are concerned with
>>
>>the
>>
>>
>>>content of this email please e-mail to: e-security.support@vanco.info
>>>
>>>The contents of an attachment to this e-mail may contain software
>>
>>viruses
>>
>>
>>>which could damage your own computer system. While the sender has
>>
>>taken
>>
>>
>>>every reasonable precaution to minimise this risk, we cannot accept
>>>liability for any damage which you sustain as a result of software
>>>viruses. You should carry out your own virus checks before opening any
>>>attachments to this e-mail.
>>>**********************************************************************
>>>
>>>
>>
>>_______________________________________________________________________
>>
>>
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>
> 

-- 
Thanks,

Larry

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:43 GMT-3