LLDP
CCENT5

LLDP

(The Link Layer Discovery Protocol)

For every Cisco-proprietary protocol or service, there is an industry standard, an equivalent service that can be run on non-Cisco devices. For CDP, that industry standard is the Link Layer Discovery Protocol (LLDP).

LLDP is going to give you information on directly connected devices. They don’t have to be directly connected Cisco devices.

LLDP runs at L2, just as CDP does.

Check LLDP status with show lldp:

I’ve run it on both of these switches and as you can see this message looks somewhat familiar because when we ran ‘show cdp’ earlier and it was not enabled, we got “CDP is not

Enabled” so same thing here with LLDP… So it’s not enabled on either of our switches and we will take care of that right now ( with ‘lldp run’ )

I did put it on the other switch too.

We’ll see the holdtime in a moment (it’s a little bit different than CDP but you can change that) and you already know about the ‘run’… Don’t worry about the rest of the options.

Let’s go to the other which and do ‘show LLDP neighbor’

Looks the same especially that row of information there on our one neighbor but there’s one important difference I want to point out to you. With  ‘show LLDP neighbor’ the letter “S” stands for station. It does not stand for a switch!! That’s what a “B” stands for it, using the legacy term for switch which is “bridge”.

Now Let’s take a look at some details about our neighbor. How we’re going to do that?  ‘show lldp neighbor detail’…

And some interesting info that you didn’t get with CDP…  Look at that “system capabilities” as compared to “enabled capabilities” and that “B,R” of course would indicate that this is capable of being a bridge (switch) and a router. But “enabled capabilities” are just “B”.  Because on a layer 3 switch, we have to turn IP routing on, and I don’t have an on on that switch right now.

I also added a management address without telling you so we’d have a management address to look at.

But I did put 30.1.1.1 on interface vlan 1 on that switch. And you can see that was picked up as well.

Now let’s work with LLDP globally and in an interface level…

And this output again looks pretty familiar we’ve got a new line there (status active)

But if you change things at an interface level again that’s not going to show up here and that’s what I want to show you before we do a chart comparison of these two protocols.

With the interface, the options are a little bit different.

There is no equivalent here to “CDP enable”, and even if I put ‘no lldp’ I get the same choices

With LLDP you have a little more control because you might want to receive the updates without transmitting them, so you could do ‘no LLDP transmit’ here and you wouldn’t be sending LLDP packets on that interface but you would continue to receive them.

So a little extra fine tuning there you might want to do once in a blue moon. I did want to show you that, but again with LLDP, the important thing is we know if it’s off at a client site when you go up there, turn it off when you leave.

Let’s compare these two:

Password “Recovery”

From Wikipedia:

“A catch-22 is a paradoxical situation from which an individual cannot escape because of contradictory rules. The term was coined by Joseph Heller, who used it in his 1961 novel Catch-22.”

Every once in a while you may run into a catch 22 when it comes to your passwords.

Let’s say you telnet to a router that you’ve telnetted to many, many times before, and suddenly you’re prompted for an enable password rather than just being put straight into enable mode… It could be even worse, it could be the telnet password and you don’t know what it is.

… You call Lachlan The Network Admin, who doesn’t know what it is either. He calls Daniel and he calls Jenna and … No one knows the password!

Maybe they can even look at the config. But if we’ve run a service password encryption, they’re not going to be able to read it, and maybe they don’t have permissions to change it.

( We will get into it to it during your CCNA studies).

Even worse, a direct connection shows the router’s in user exec mode, so we can’t change the enable password until we know the enable password.

Time for password recovery, Cisco style!

It’s a little bit different in the password recovery on any membership site on the Internet, because you get a log in, and most of them will even have a link for “did you forget your username” but they’ll definitely have one for “forget your password” and they’ll have a little something set up you give them a little information or sometimes it’s chase a lot of information and then they email something to an e-mail account you would set up with them in advance and then you can reset your password and just go for it.

It is not that straightforward in Cisco land!

I should say “processes”, since there is no one-size-fits-all-Cisco-device password recovery process.

Regardless of hardware or age of the router, we need to get the router into ROMMON (ROM Monitor) mode. Sometimes referred to as the boot software, ROMMON is separate from the Cisco IOS we’re used to working with. ROMMON commands are limited, but one thing we can do there is change the configuration register, and doing so correctly is the key to Cisco password recovery.

The config register is beyond powerful  and should be changed only when absolutely necessary, and even then, quadruple-check your change before reloading the router. The config register controls how the router will boot and whether the startup-configuration will be acknowledged during boot.

To view the current setting for the config register, run show version. You may have to hit the spacebar to view the register; it’s at the very bottom of the output. Near the top, though, you can see how long the device has been up along with other helpful information.

So it’s a very small one but we do have a startup config file on this router and you’ll see why that’s important in a moment.

But some good information here : you know what’s the uptime of the device, when was it rebooted, why was it rebooted, then we have the usual cryptographic feature warning.

And at the very bottom (actually have hit the spacebar twice)…

That’s where you spot the configuration register. 0x2102 (the one we’re seeing here) is the default configuration register settings for many Cisco platforms, and one of the things this value does, is it says when you’re booting, look in the NVRAM (the nonvolatile RAM) and that’s where our startup configuration file is.  Part of the entire process of password recovery is getting it to ignore the NVRAM.

We’re going to have to tell the router to ignore the NVRAM and we do that by changing the configuration register.

To get into ROMMON mode and change the config register, we need to bypass the IOS during the boot process. Most modern routers, including the ones we’re using in this course, have removable flash. By removing that, you force the router into ROMMON (ROM monitor), since there is no IOS for the router to load.

Always make sure you’re properly grounded and the hardware is off before removing anything from a Cisco router.

So having done password recoveries with this kind of router (with removable flash) it’s much simpler than it used to be.

With older models you’ll need to reload the router and send a break sequemce to the router during the boot process. Sending a break is tricky, and the sequence depends on the hardware and software you’re using. This is a handy URL in case you need to send a break, and it is not required reading for the exam.

So you also have to be physically present at the device. They have something built into the password recovery process that would make you have to be there.

Watch out for the config register commands:

IOS:   config-register

ROMMON:  confreg

Changing Config Register

I’ve got two really good real world tips for you in case you ever have to do any of these at a client’s site.  

The command would be ‘config register’ and let’s say I’m sending it to 0x2142

You might have noticed it took like a split second longer to drop down to the next line.

 Now we’ve got this conflict register change to ignore the NVRAM, and in many password recovery procedures we would now reload the router and either have to send a break sequence off if it is an older one, or take that ios out, and then reload it from there and force it to go in a ROM monitor mode.

The thing is we didn’t really get a message about the config register being changed there.

let’s run show version and see what’s going on there.

And at the very bottom again config register is still 2102 and we are here informed that it will be 2142 at the next reload.

So again the register value will not change until we reload the router.

So wrapping this up the one more real world tip I wanted to give you here was that at the very end of a password recovery procedure you’re going to be asked to set the config register back to its default of look in the NVRAM for the start config file. Change that and reload it again. Because usually you’ve got more than one reload involved in a password recovery procedure depends on the hardware.

Thing is though people tend to skip that last step and it doesn’t hurt anything until someone reloads it. Because if you reload a router and it’s set to ignore the NVRAM, you know what happens.

Now let’s go ahead and do a reload and you’ll see exactly what happens if this config register value was 2142 and then reloaded.

and we’re back and this is what happens with that setting of 0x2142, reload the router and you are prompted to go into setup mode, because the NVRAM contents were ignored, and that includes the startup config file.

So just something to be aware of because again that config register could have been left at 2142 for a year (or however long it was) since the password recovery nobody changed it back to 2102 at the end, and then finally a year later the client reloads the router and it comes up in setup mode and you get a panicked call! I would go in and just simply run show version and see what that config register is.

And again you’ll have to look at the particular hardware version. But if that Config Register is saying “hey ignore the NVRAM