I am constantly trying to add more protocols to the Ultimate PCAP. Hence I used some time in my (old) Cisco lab to configure and capture the following protocols: IS-IS, GLBP, and VRRP. And since Alexis La Goutte sent me some CAPWAP traffic, this protocol is also added. All packets are now found in another update of the Ultimate PCAP. Here are some details:
Lab
This was my lab for those captures:
IS-IS
Haha, to be honest, I have not worked with the Integrated Intermediate System to Intermediate System routing protocol anytime in my life. ;) I just used Google and some tutorials to configure it on routers R1, R4, and R5. The goal was to propagate the default route from R1 to R4 & R5, and the networks (IPv6 and legacy IP) from VLAN 42 to R1.
I captured between R1 and the switch. Right before the capture, I removed the cable from R4 gi0/0, while I plugged it in again during the capture. You can use “isis” as the display filter in Wireshark. This “Integrated IS-IS” is neither a TCP/UDP nor an IP protocol. Yep, no IP addresses here. Hence Wireshark displays the source/destination MAC addresses of the Ethernet frames:
Here are my configs from the three involved routers:
########## R1 ########## interface FastEthernet0/1 ip address 172.16.9.1 255.255.255.0 ip router isis ip nat inside ip virtual-reassembly in duplex auto speed auto ipv6 address 2001:470:1F15:F61::1/64 ipv6 router isis ! router isis net 49.0001.0000.0000.0001.00 log-adjacency-changes default-information originate ! address-family ipv6 default-information originate exit-address-family ! ########## R4 ########## interface GigabitEthernet0/0 ip address 172.16.9.4 255.255.255.0 ip router isis duplex auto speed auto ipv6 address 2001:470:1F15:F61::4/64 ipv6 router isis ! interface GigabitEthernet0/1 ip address 192.168.42.4 255.255.255.0 glbp 42 ip 192.168.42.1 duplex auto speed auto ipv6 address 2001:470:7FEB::4/64 ! router isis net 49.0001.0000.0000.0004.00 log-adjacency-changes passive-interface GigabitEthernet0/1 ! ########## R5 ########## interface GigabitEthernet0/0 ip address 172.16.9.5 255.255.255.0 ip router isis duplex auto speed auto ipv6 address 2001:470:1F15:F61::5/64 ipv6 router isis ! interface GigabitEthernet0/1 ip address 192.168.42.5 255.255.255.0 glbp 42 ip 192.168.42.1 duplex auto speed auto ipv6 address 2001:470:7FEB::5/64 ! router isis net 49.0001.0000.0000.0005.00 log-adjacency-changes passive-interface GigabitEthernet0/1 !
And some show commands from those three routers as well:
R1#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R4 L1 Fa0/1 172.16.9.4 UP 29 R5.01
R4 L2 Fa0/1 172.16.9.4 UP 22 R5.01
R5 L1 Fa0/1 172.16.9.5 UP 7 R5.01
R5 L2 Fa0/1 172.16.9.5 UP 7 R5.01
R1#
R1#
R1#show isis neighbors detail
System Id Type Interface IP Address State Holdtime Circuit Id
R4 L1 Fa0/1 172.16.9.4 UP 22 R5.01
Area Address(es): 49.0001
SNPA: 0015.626a.fef0
IPv6 Address(es): FE80::215:62FF:FE6A:FEF0
State Changed: 00:14:27
LAN Priority: 64
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: FastEthernet0/1
R4 L2 Fa0/1 172.16.9.4 UP 21 R5.01
Area Address(es): 49.0001
SNPA: 0015.626a.fef0
IPv6 Address(es): FE80::215:62FF:FE6A:FEF0
State Changed: 00:14:26
LAN Priority: 64
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: FastEthernet0/1
R5 L1 Fa0/1 172.16.9.5 UP 7 R5.01
Area Address(es): 49.0001
SNPA: 0025.4560.17c0
IPv6 Address(es): FE80::225:45FF:FE60:17C0
State Changed: 00:14:17
LAN Priority: 64
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: FastEthernet0/1
R5 L2 Fa0/1 172.16.9.5 UP 8 R5.01
Area Address(es): 49.0001
SNPA: 0025.4560.17c0
IPv6 Address(es): FE80::225:45FF:FE60:17C0
State Changed: 00:14:18
LAN Priority: 64
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: FastEthernet0/1
R1#
R1#
R1#show isis database
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 * 0x00000019 0xFB26 1078 0/0/0
R1.01-00 * 0x00000004 0xEB0B 0 (329) 0/0/0
R4.00-00 0x00000018 0xB859 1078 0/0/0
R5.00-00 0x00000014 0x1EF3 624 0/0/0
R5.01-00 0x00000015 0xA303 1095 0/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 * 0x00000019 0xB851 442 0/0/0
R1.01-00 * 0x00000003 0xED0A 0 (328) 0/0/0
R4.00-00 0x00000013 0x3BDB 1119 0/0/0
R5.00-00 0x0000000D 0x8A8E 624 0/0/0
R5.01-00 0x0000000F 0x61D3 1041 0/0/0
R1#
R1#
R1#show isis database detail
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 * 0x00000019 0xFB26 1070 0/0/0
Area Address: 49.0001
NLPID: 0xCC 0x8E
Hostname: R1
IP Address: 172.16.9.1
Metric: 10 IP 172.16.9.0 255.255.255.0
IPv6 Address: 2001:470:1F15:F61::1
Metric: 10 IPv6 2001:470:1F15:F61::/64
Metric: 10 IS R5.01
R1.01-00 * 0x00000004 0xEB0B 0 (321) 0/0/0
R4.00-00 0x00000018 0xB859 1070 0/0/0
Area Address: 49.0001
NLPID: 0xCC 0x8E
Hostname: R4
IP Address: 192.168.42.4
Metric: 10 IP 172.16.9.0 255.255.255.0
Metric: 0 IP 192.168.42.0 255.255.255.0
IPv6 Address: 2001:470:7FEB::4
Metric: 10 IPv6 2001:470:1F15:F61::/64
Metric: 0 IPv6 2001:470:7FEB::/64
Metric: 10 IS R5.01
R5.00-00 0x00000014 0x1EF3 616 0/0/0
Area Address: 49.0001
NLPID: 0xCC 0x8E
Hostname: R5
IP Address: 192.168.42.5
Metric: 10 IP 172.16.9.0 255.255.255.0
Metric: 0 IP 192.168.42.0 255.255.255.0
IPv6 Address: 2001:470:7FEB::5
Metric: 10 IPv6 2001:470:1F15:F61::/64
Metric: 0 IPv6 2001:470:7FEB::/64
Metric: 10 IS R5.01
R5.01-00 0x00000015 0xA303 1086 0/0/0
Metric: 0 IS R5.00
Metric: 0 IS R1.00
Metric: 0 IS R4.00
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 * 0x00000019 0xB851 433 0/0/0
Area Address: 49.0001
NLPID: 0xCC 0x8E
Hostname: R1
IP Address: 172.16.9.1
IPv6 Address: 2001:470:1F15:F61::1
Metric: 10 IS R5.01
Metric: 0 IP 0.0.0.0 0.0.0.0
Metric: 10 IP 172.16.9.0 255.255.255.0
Metric: 10 IP 192.168.42.0 255.255.255.0
Metric: 0 IPv6 ::/0
Metric: 10 IPv6 2001:470:1F15:F61::/64
Metric: 10 IPv6 2001:470:7FEB::/64
R1.01-00 * 0x00000003 0xED0A 0 (319) 0/0/0
R4.00-00 0x00000013 0x3BDB 1110 0/0/0
Area Address: 49.0001
NLPID: 0xCC 0x8E
Hostname: R4
IP Address: 192.168.42.4
IPv6 Address: 2001:470:7FEB::4
Metric: 10 IS R5.01
Metric: 10 IP 172.16.9.0 255.255.255.0
Metric: 0 IP 192.168.42.0 255.255.255.0
Metric: 10 IPv6 2001:470:1F15:F61::/64
Metric: 0 IPv6 2001:470:7FEB::/64
R5.00-00 0x0000000D 0x8A8E 616 0/0/0
Area Address: 49.0001
NLPID: 0xCC 0x8E
Hostname: R5
IP Address: 192.168.42.5
IPv6 Address: 2001:470:7FEB::5
Metric: 10 IS R5.01
Metric: 10 IP 172.16.9.0 255.255.255.0
Metric: 0 IP 192.168.42.0 255.255.255.0
Metric: 10 IPv6 2001:470:1F15:F61::/64
Metric: 0 IPv6 2001:470:7FEB::/64
R5.01-00 0x0000000F 0x61D3 1033 0/0/0
Metric: 0 IS R5.00
Metric: 0 IS R1.00
Metric: 0 IS R4.00
R1#
R1#
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 193.24.225.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 193.24.225.1, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.9.0/24 is directly connected, FastEthernet0/1
L 172.16.9.1/32 is directly connected, FastEthernet0/1
i L1 192.168.42.0/24 [115/10] via 172.16.9.5, 00:06:22, FastEthernet0/1
[115/10] via 172.16.9.4, 00:06:22, FastEthernet0/1
193.24.225.0/24 is variably subnetted, 2 subnets, 2 masks
C 193.24.225.0/24 is directly connected, FastEthernet0/0
L 193.24.225.54/32 is directly connected, FastEthernet0/0
R1#
R1#
R1#show ipv6 route
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S ::/0 [1/0]
via Tunnel0, directly connected
C 2001:470:1F14:F62::/64 [0/0]
via Tunnel0, directly connected
L 2001:470:1F14:F62::2/128 [0/0]
via Tunnel0, receive
C 2001:470:1F15:F61::/64 [0/0]
via FastEthernet0/1, directly connected
L 2001:470:1F15:F61::1/128 [0/0]
via FastEthernet0/1, receive
I1 2001:470:7FEB::/64 [115/10]
via FE80::225:45FF:FE60:17C0, FastEthernet0/1
via FE80::215:62FF:FE6A:FEF0, FastEthernet0/1
L FF00::/8 [0/0]
via Null0, receive
R1#
####################
R4#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R1 L1 Gi0/0 172.16.9.1 UP 29 R5.01
R1 L2 Gi0/0 172.16.9.1 UP 28 R5.01
R5 L1 Gi0/0 172.16.9.5 UP 9 R5.01
R5 L2 Gi0/0 172.16.9.5 UP 9 R5.01
R4#
R4#
R4#show isis neighbors detail
System Id Type Interface IP Address State Holdtime Circuit Id
R1 L1 Gi0/0 172.16.9.1 UP 24 R5.01
Area Address(es): 49.0001
SNPA: 001e.7a79.3f11
IPv6 Address(es): FE80::21E:7AFF:FE79:3F11
State Changed: 00:01:35
LAN Priority: 64
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: GigabitEthernet0/0
R1 L2 Gi0/0 172.16.9.1 UP 23 R5.01
Area Address(es): 49.0001
SNPA: 001e.7a79.3f11
IPv6 Address(es): FE80::21E:7AFF:FE79:3F11
State Changed: 00:01:34
LAN Priority: 64
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: GigabitEthernet0/0
R5 L1 Gi0/0 172.16.9.5 UP 9 R5.01
Area Address(es): 49.0001
SNPA: 0025.4560.17c0
IPv6 Address(es): FE80::225:45FF:FE60:17C0
State Changed: 00:01:35
LAN Priority: 64
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: GigabitEthernet0/0
R5 L2 Gi0/0 172.16.9.5 UP 8 R5.01
Area Address(es): 49.0001
SNPA: 0025.4560.17c0
IPv6 Address(es): FE80::225:45FF:FE60:17C0
State Changed: 00:01:34
LAN Priority: 64
Format: Phase V
Remote TID: 0
Local TID: 0
Interface name: GigabitEthernet0/0
R4#
R4#
R4#show isis topology
IS-IS TID 0 paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
R1 10 R1 Gi0/0 001e.7a79.3f11
R4 --
R5 10 R5 Gi0/0 0025.4560.17c0
IS-IS TID 0 paths to level-2 routers
System Id Metric Next-Hop Interface SNPA
R1 10 R1 Gi0/0 001e.7a79.3f11
R4 --
R5 10 R5 Gi0/0 0025.4560.17c0
R4#
R4#
R4#show isis rib
IPv4 local RIB for IS-IS process
IPV4 unicast topology base (TID 0, TOPOID 0x0) =================
172.16.9.0/24
[115/L1/20] via 172.16.9.1(GigabitEthernet0/0), from 172.16.9.1, tag 0, LSP[8/9]
[115/L1/20] via 172.16.9.5(GigabitEthernet0/0), from 192.168.42.5, tag 0, LSP[7/12]
[115/L2/20] via 172.16.9.1(GigabitEthernet0/0), from 172.16.9.1, tag 0, LSP[6/10]
[115/L2/20] via 172.16.9.5(GigabitEthernet0/0), from 192.168.42.5, tag 0, LSP[5/12]
192.168.42.0/24
[115/L1/10] via 172.16.9.5(GigabitEthernet0/0), from 192.168.42.5, tag 0, LSP[7/12]
[115/L2/10] via 172.16.9.5(GigabitEthernet0/0), from 192.168.42.5, tag 0, LSP[5/12]
[115/L2/20] via 172.16.9.1(GigabitEthernet0/0), from 172.16.9.1, tag 0, LSP[6/10]
0.0.0.0/0
[115/L2/10] via 172.16.9.1(GigabitEthernet0/0), from 172.16.9.1, tag 0, LSP[6/10]
R4#
R4#
R4#show isis ipv6 rib
IS-IS IPv6 process , local RIB
2001:470:1F15:F61::/64
via FE80::21E:7AFF:FE79:3F11/GigabitEthernet0/0, type L1 metric 20 LSP [8/9]
via FE80::225:45FF:FE60:17C0/GigabitEthernet0/0, type L1 metric 20 LSP [7/C]
via FE80::21E:7AFF:FE79:3F11/GigabitEthernet0/0, type L2 metric 20 LSP [6/A]
via FE80::225:45FF:FE60:17C0/GigabitEthernet0/0, type L2 metric 20 LSP [5/C]
2001:470:7FEB::/64
via FE80::225:45FF:FE60:17C0/GigabitEthernet0/0, type L1 metric 10 LSP [7/C]
via FE80::225:45FF:FE60:17C0/GigabitEthernet0/0, type L2 metric 10 LSP [5/C]
via FE80::21E:7AFF:FE79:3F11/GigabitEthernet0/0, type L2 metric 20 LSP [6/A]
* ::/0
via FE80::21E:7AFF:FE79:3F11/GigabitEthernet0/0, type L2 metric 10 LSP [6/A]
R4#
R4#
R4#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 172.16.9.1 to network 0.0.0.0
i*L2 0.0.0.0/0 [115/10] via 172.16.9.1, 00:05:56, GigabitEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.9.0/24 is directly connected, GigabitEthernet0/0
L 172.16.9.4/32 is directly connected, GigabitEthernet0/0
192.168.42.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.42.0/24 is directly connected, GigabitEthernet0/1
L 192.168.42.4/32 is directly connected, GigabitEthernet0/1
R4#
R4#
R4#show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
I2 ::/0 [115/10]
via FE80::21E:7AFF:FE79:3F11, GigabitEthernet0/0
C 2001:470:1F15:F61::/64 [0/0]
via GigabitEthernet0/0, directly connected
L 2001:470:1F15:F61::4/128 [0/0]
via GigabitEthernet0/0, receive
C 2001:470:7FEB::/64 [0/0]
via GigabitEthernet0/1, directly connected
L 2001:470:7FEB::4/128 [0/0]
via GigabitEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive
R4#
R4#
####################
R5#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R1 L1 Gi0/0 172.16.9.1 UP 23 R5.01
R1 L2 Gi0/0 172.16.9.1 UP 21 R5.01
R4 L1 Gi0/0 172.16.9.4 UP 29 R5.01
R4 L2 Gi0/0 172.16.9.4 UP 26 R5.01
R5#
R5#
R5#show isis database
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 0x00000019 0xFB26 509 0/0/0
R4.00-00 0x0000001B 0xB25C 785 0/0/0
R5.00-00 * 0x00000015 0x1CF4 931 0/0/0
R5.01-00 * 0x00000017 0x9F05 784 0/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 0x0000001A 0xB652 687 0/0/0
R4.00-00 0x00000017 0x33DF 785 0/0/0
R5.00-00 * 0x0000000E 0x888F 770 0/0/0
R5.01-00 * 0x00000011 0x5DD5 788 0/0/0
R5#
R5#
GLBP
I configured the Cisco proprietary first-hop redundancy protocol Gateway Load Balancing Protocol on routers R4 and R5 to have a redundant connection to the Internet from the network in which the Raspberry Pi resides. I captured right before the Raspberry Pi and performed the following steps:
- started the capture
- booted the Raspi
- started pinging “netsec.blog” via v6 and v4
- NOW I rebooted R4 in order to have some GLBP changes
Using “glbp” as the display filter you can see both sessions for each Internet protocol. (Don’t know why the red coloring rules from Wireshark for GLBP with IPv4 kicks in. To my mind, this shouldn’t be the case. Will discuss this later.)
These are the GLBP states before the reload of R4:
R4#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Gi0/1 42 - 100 Standby 192.168.42.1 192.168.42.5 local
Gi0/1 42 1 - Active 0007.b400.2a01 local -
Gi0/1 42 2 - Listen 0007.b400.2a02 192.168.42.5 -
Gi0/1 43 - 100 Standby FE80::7:B4FF:FE00:2B00
FE80::225:45FF:FE60:17C1
local
Gi0/1 43 1 - Active 0007.b400.2b01 local -
Gi0/1 43 2 - Listen 0007.b400.2b02 FE80::225:45FF:FE60:17C1
-
R5#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Gi0/1 42 - 100 Active 192.168.42.1 local 192.168.42.4
Gi0/1 42 1 - Listen 0007.b400.2a01 192.168.42.4 -
Gi0/1 42 2 - Active 0007.b400.2a02 local -
Gi0/1 43 - 100 Active FE80::7:B4FF:FE00:2B00
local FE80::215:62FF:FE6A:FEF1
Gi0/1 43 1 - Listen 0007.b400.2b01 FE80::215:62FF:FE6A:FEF1
-
Gi0/1 43 2 - Active 0007.b400.2b02 local -Log messages from R5 during the reload of R4:
Nov 25 2020 16:44:07.986 UTC: %GLBP-6-FWDSTATECHANGE: GigabitEthernet0/1 Grp 42 Fwd 1 state Listen -> Active Nov 25 2020 16:44:07.986 UTC: %GLBP-6-FWDSTATECHANGE: GigabitEthernet0/1 Grp 43 Fwd 1 state Listen -> Active
And after the reload:
Nov 25 2020 16:47:05.447 UTC: %GLBP-6-FWDSTATECHANGE: GigabitEthernet0/1 Grp 43 Fwd 1 state Active -> Listen Nov 25 2020 16:47:08.551 UTC: %GLBP-6-FWDSTATECHANGE: GigabitEthernet0/1 Grp 42 Fwd 1 state Active -> Listen
Configuration and some show commands of both routers:
########## R4 ##########
interface GigabitEthernet0/1
ip address 192.168.42.4 255.255.255.0
glbp 42 ip 192.168.42.1
glbp 43 ipv6 autoconfig
glbp 43 authentication md5 key-string 7 022C0B53055539245E5D0C4853
duplex auto
speed auto
ipv6 address 2001:470:7FEB::4/64
!
R4#show glbp
GigabitEthernet0/1 - Group 42
State is Standby
1 state change, last state change 00:06:00
Virtual IP address is 192.168.42.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.192 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Preemption disabled
Active is 192.168.42.5, priority 100 (expires in 11.072 sec)
Standby is local
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0015.626a.fef1 (192.168.42.4) local
0025.4560.17c1 (192.168.42.5)
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:05:42
MAC address is 0007.b400.2a01 (default)
Owner ID is 0015.626a.fef1
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Forwarder 2
State is Listen
MAC address is 0007.b400.2a02 (learnt)
Owner ID is 0025.4560.17c1
Time to live: 14399.456 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.42.5 (primary), weighting 100 (expires in 9.984 sec)
GigabitEthernet0/1 - Group 43
State is Standby
1 state change, last state change 00:06:00
Virtual IP address is FE80::7:B4FF:FE00:2B00 (auto-configured)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.160 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Authentication MD5, key-string
Preemption disabled
Active is FE80::225:45FF:FE60:17C1, priority 100 (expires in 9.280 sec)
Standby is local
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0015.626a.fef1 (FE80::215:62FF:FE6A:FEF1) local
0025.4560.17c1 (FE80::225:45FF:FE60:17C1) authenticated
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:05:45
MAC address is 0007.b400.2b01 (default)
Owner ID is 0015.626a.fef1
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Forwarder 2
State is Listen
MAC address is 0007.b400.2b02 (learnt)
Owner ID is 0025.4560.17c1
Time to live: 14398.912 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is FE80::225:45FF:FE60:17C1 (primary), weighting 100 (expires in 8.928 sec)
R4#
R4#
R4#show glbp detail
GigabitEthernet0/1 - Group 42
State is Standby
1 state change, last state change 00:06:24
Virtual IP address is 192.168.42.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.088 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Preemption disabled
Active is 192.168.42.5, priority 100 (expires in 10.208 sec)
Standby is local
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0015.626a.fef1 (192.168.42.4) local
0025.4560.17c1 (192.168.42.5)
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:06:05
MAC address is 0007.b400.2a01 (default)
Owner ID is 0015.626a.fef1
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Forwarder 2
State is Listen
MAC address is 0007.b400.2a02 (learnt)
Owner ID is 0025.4560.17c1
Time to live: 14398.464 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.42.5 (primary), weighting 100 (expires in 8.800 sec)
GigabitEthernet0/1 - Group 43
State is Standby
1 state change, last state change 00:06:24
Virtual IP address is FE80::7:B4FF:FE00:2B00 (auto-configured)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.120 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Authentication MD5, key-string
Preemption disabled
Active is FE80::225:45FF:FE60:17C1, priority 100 (expires in 9.824 sec)
Standby is local
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0015.626a.fef1 (FE80::215:62FF:FE6A:FEF1) local
0025.4560.17c1 (FE80::225:45FF:FE60:17C1) authenticated
There are 2 forwarders (1 active)
Forwarder 1
State is Active
1 state change, last state change 00:06:08
MAC address is 0007.b400.2b01 (default)
Owner ID is 0015.626a.fef1
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Forwarder 2
State is Listen
MAC address is 0007.b400.2b02 (learnt)
Owner ID is 0025.4560.17c1
Time to live: 14399.360 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is FE80::225:45FF:FE60:17C1 (primary), weighting 100 (expires in 10.624 sec)
R4#
R4#
R4#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Gi0/1 42 - 100 Standby 192.168.42.1 192.168.42.5 local
Gi0/1 42 1 - Active 0007.b400.2a01 local -
Gi0/1 42 2 - Listen 0007.b400.2a02 192.168.42.5 -
Gi0/1 43 - 100 Standby FE80::7:B4FF:FE00:2B00
FE80::225:45FF:FE60:17C1
local
Gi0/1 43 1 - Active 0007.b400.2b01 local -
Gi0/1 43 2 - Listen 0007.b400.2b02 FE80::225:45FF:FE60:17C1
-
R4#
R4#
########## R5 ##########
interface GigabitEthernet0/1
ip address 192.168.42.5 255.255.255.0
glbp 42 ip 192.168.42.1
glbp 43 ipv6 autoconfig
glbp 43 authentication md5 key-string 7 12330A1F1C583A013838217965
duplex auto
speed auto
ipv6 address 2001:470:7FEB::5/64
!
R5#show glbp
GigabitEthernet0/1 - Group 42
State is Active
5 state changes, last state change 00:14:57
Virtual IP address is 192.168.42.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.440 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Preemption disabled
Active is local
Standby is 192.168.42.4, priority 100 (expires in 9.408 sec)
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0015.626a.fef1 (192.168.42.4)
0025.4560.17c1 (192.168.42.5) local
There are 2 forwarders (1 active)
Forwarder 1
State is Listen
8 state changes, last state change 00:07:23
MAC address is 0007.b400.2a01 (learnt)
Owner ID is 0015.626a.fef1
Redirection enabled, 599.424 sec remaining (maximum 600 sec)
Time to live: 14399.424 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.42.4 (primary), weighting 100 (expires in 10.464 sec)
Client selection count: 24
Forwarder 2
State is Active
3 state changes, last state change 00:18:15
MAC address is 0007.b400.2a02 (default)
Owner ID is 0025.4560.17c1
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Client selection count: 24
GigabitEthernet0/1 - Group 43
State is Active
4 state changes, last state change 00:14:57
Virtual IP address is FE80::7:B4FF:FE00:2B00 (auto-configured)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.272 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Authentication MD5, key-string
Preemption disabled
Active is local
Standby is FE80::215:62FF:FE6A:FEF1, priority 100 (expires in 9.120 sec)
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0015.626a.fef1 (FE80::215:62FF:FE6A:FEF1) authenticated
0025.4560.17c1 (FE80::225:45FF:FE60:17C1) local
There are 2 forwarders (1 active)
Forwarder 1
State is Listen
4 state changes, last state change 00:07:26
MAC address is 0007.b400.2b01 (learnt)
Owner ID is 0015.626a.fef1
Redirection enabled, 599.136 sec remaining (maximum 600 sec)
Time to live: 14399.136 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is FE80::215:62FF:FE6A:FEF1 (primary), weighting 100 (expires in 10.272 sec)
Client selection count: 1
Forwarder 2
State is Active
3 state changes, last state change 00:18:10
MAC address is 0007.b400.2b02 (default)
Owner ID is 0025.4560.17c1
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Client selection count: 1
R5#
R5#
R5#show glbp detail
GigabitEthernet0/1 - Group 42
State is Active
5 state changes, last state change 00:15:11
Virtual IP address is 192.168.42.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.768 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Preemption disabled
Active is local
Standby is 192.168.42.4, priority 100 (expires in 8.704 sec)
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0015.626a.fef1 (192.168.42.4)
0025.4560.17c1 (192.168.42.5) local
There are 2 forwarders (1 active)
Forwarder 1
State is Listen
8 state changes, last state change 00:07:37
MAC address is 0007.b400.2a01 (learnt)
Owner ID is 0015.626a.fef1
Redirection enabled, 598.720 sec remaining (maximum 600 sec)
Time to live: 14398.720 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 192.168.42.4 (primary), weighting 100 (expires in 9.920 sec)
Client selection count: 24
Forwarder 2
State is Active
3 state changes, last state change 00:18:29
MAC address is 0007.b400.2a02 (default)
Owner ID is 0025.4560.17c1
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Client selection count: 24
GigabitEthernet0/1 - Group 43
State is Active
4 state changes, last state change 00:15:11
Virtual IP address is FE80::7:B4FF:FE00:2B00 (auto-configured)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.344 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Authentication MD5, key-string
Preemption disabled
Active is local
Standby is FE80::215:62FF:FE6A:FEF1, priority 100 (expires in 8.640 sec)
Priority 100 (default)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
0015.626a.fef1 (FE80::215:62FF:FE6A:FEF1) authenticated
0025.4560.17c1 (FE80::225:45FF:FE60:17C1) local
There are 2 forwarders (1 active)
Forwarder 1
State is Listen
4 state changes, last state change 00:07:41
MAC address is 0007.b400.2b01 (learnt)
Owner ID is 0015.626a.fef1
Redirection enabled, 598.656 sec remaining (maximum 600 sec)
Time to live: 14398.656 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is FE80::215:62FF:FE6A:FEF1 (primary), weighting 100 (expires in 9.056 sec)
Client selection count: 1
Forwarder 2
State is Active
3 state changes, last state change 00:18:25
MAC address is 0007.b400.2b02 (default)
Owner ID is 0025.4560.17c1
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Client selection count: 1
R5#
R5#
R5#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Gi0/1 42 - 100 Active 192.168.42.1 local 192.168.42.4
Gi0/1 42 1 - Listen 0007.b400.2a01 192.168.42.4 -
Gi0/1 42 2 - Active 0007.b400.2a02 local -
Gi0/1 43 - 100 Active FE80::7:B4FF:FE00:2B00
local FE80::215:62FF:FE6A:FEF1
Gi0/1 43 1 - Listen 0007.b400.2b01 FE80::215:62FF:FE6A:FEF1
-
Gi0/1 43 2 - Active 0007.b400.2b02 local -
R5#
R5#
VRRP
Instead of GLBP, I used the Virtual Router Redundancy Protocol this time. Unluckily it was only available for legacy IP on my routers. Hence I used HSRP for IPv6 as well. Following procedure:
- Start of the capture in front of the Raspi
- boot of the Raspi
- ping “netsec.blog” via v6 and v4
- now: R4 reload (R5 was active for both IPs)
- wait (R5 was still active for both IPs)
- R5 reload (R4 became active, of course)
- wait
- R5 was now again active for VRRP (preempt) while not for HSRP
Display filter “vrrp”. That’s how it looks like:
(Oh no, I am not quite sure whether or not I missed some VRRP packets which are possibly direct Ethernet traffic between the two routes, as I captured on the Raspi. Shit. Ok, at least I have VRRP traffic. ;))
Syslogs at R4 during the reload of R5:
R4# Dec 2 2020 16:11:52.872 UTC: %HSRP-5-STATECHANGE: GigabitEthernet0/1 Grp 6 state Standby -> Active R4# Dec 2 2020 16:12:00.456 UTC: %VRRP-6-STATECHANGE: Gi0/1 Grp 1 state Backup -> Master R4# Dec 2 2020 16:12:06.184 UTC: %CLNS-5-ADJCHANGE: ISIS: Adjacency to R5 (GigabitEthernet0/0) Down, hold time expired R4# Dec 2 2020 16:14:17.118 UTC: %CLNS-5-ADJCHANGE: ISIS: Adjacency to R5 (GigabitEthernet0/0) Up, new adjacency Dec 2 2020 16:14:17.122 UTC: %CLNS-5-ADJCHANGE: ISIS: Adjacency to R5 (GigabitEthernet0/0) Up, new adjacency R4# Dec 2 2020 16:14:29.722 UTC: %VRRP-6-STATECHANGE: Gi0/1 Grp 1 state Master -> Backup R4#
Final config and show commands:
########## R4 ##########
!
track 1 interface GigabitEthernet0/0 line-protocol
!
track 6 interface GigabitEthernet0/0 line-protocol
!
!
interface GigabitEthernet0/1
ip address 192.168.42.4 255.255.255.0
standby version 2
standby 6 ipv6 autoconfig
standby 6 preempt
standby 6 authentication password
standby 6 track 6 decrement 10
duplex auto
speed auto
ipv6 address 2001:470:7FEB::4/64
vrrp 1 ip 192.168.42.1
vrrp 1 authentication md5 key-string 7 106406110B44240E1E172F7A72
vrrp 1 track 1
!
R4#show standby
GigabitEthernet0/1 - Group 6 (version 2)
State is Active
2 state changes, last state change 00:09:32
Virtual IP address is FE80::5:73FF:FEA0:6
Active virtual MAC address is 0005.73a0.0006
Local virtual MAC address is 0005.73a0.0006 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.272 secs
Authentication text, string "password"
Preemption enabled
Active router is local
Standby router is FE80::225:45FF:FE60:17C1, priority 100 (expires in 11.552 sec)
Priority 100 (default 100)
Track object 6 state Up decrement 10
Group name is "hsrp-Gi0/1-6" (default)
R4#
R4#
R4#
R4#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/1 6 100 P Active local FE80::225:45FF:FE60:17C1
FE80::5:73FF:FEA0:6
R4#
R4#
R4#
R4#show vrrp
GigabitEthernet0/1 - Group 1
State is Backup
Virtual IP address is 192.168.42.1
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Track object 1 state Up decrement 10
Authentication MD5, key-string
Master Router is 192.168.42.5, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.949 sec)
R4#
R4#
R4#
R4#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Gi0/1 1 100 3609 Y Backup 192.168.42.5 192.168.42.1
R4#
R4#
R4#show track
Track 1
Interface GigabitEthernet0/0 line-protocol
Line protocol is Up
1 change, last change 00:12:00
Tracked by:
VRRP GigabitEthernet0/1 1
Track 6
Interface GigabitEthernet0/0 line-protocol
Line protocol is Up
1 change, last change 00:12:00
Tracked by:
HSRP GigabitEthernet0/1 6
R4#
R4#
########## R5 ##########
!
track 1 interface GigabitEthernet0/0 line-protocol
!
track 6 interface GigabitEthernet0/0 line-protocol
!
interface GigabitEthernet0/1
ip address 192.168.42.5 255.255.255.0
standby version 2
standby 6 ipv6 autoconfig
standby 6 preempt
standby 6 authentication password
standby 6 track 6 decrement 10
duplex auto
speed auto
ipv6 address 2001:470:7FEB::5/64
vrrp 1 ip 192.168.42.1
vrrp 1 authentication md5 key-string 7 0966410117562117191F017B7D
vrrp 1 track 1
!
R5#show standby
GigabitEthernet0/1 - Group 6 (version 2)
State is Standby
1 state change, last state change 00:07:47
Virtual IP address is FE80::5:73FF:FEA0:6
Active virtual MAC address is 0005.73a0.0006
Local virtual MAC address is 0005.73a0.0006 (v2 IPv6 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.376 secs
Authentication text, string "password"
Preemption enabled
Active router is FE80::215:62FF:FE6A:FEF1, priority 100 (expires in 10.016 sec)
MAC address is 0015.626a.fef1
Standby router is local
Priority 100 (default 100)
Track object 6 state Up decrement 10
Group name is "hsrp-Gi0/1-6" (default)
R5#
R5#
R5#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/1 6 100 P Standby FE80::215:62FF:FE6A:FEF1
local FE80::5:73FF:FEA0:6
R5#
R5#
R5#show vrrp
GigabitEthernet0/1 - Group 1
State is Master
Virtual IP address is 192.168.42.1
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Track object 1 state Up decrement 10
Authentication MD5, key-string
Master Router is 192.168.42.5 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
R5#
R5#
R5#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Gi0/1 1 100 3609 Y Master 192.168.42.5 192.168.42.1
R5#
R5#
R5#show track
Track 1
Interface GigabitEthernet0/0 line-protocol
Line protocol is Up
1 change, last change 00:08:47
Tracked by:
VRRP GigabitEthernet0/1 1
Track 6
Interface GigabitEthernet0/0 line-protocol
Line protocol is Up
1 change, last change 00:08:47
Tracked by:
HSRP GigabitEthernet0/1 6
R5#
R5#
CAPWAP
Again, thanks to Alexis for the packets. ;) Wireshark uses two different display filters for CAPWAP: “capwap” for the control channel on UDP port 5246 and “capwap.data” for the data on UDP port 5247:
Full Ethernet Frame Capturing
For the captures, I used my ProfiShark from Profitap. This time I enabled the “capture full frames” option which includes the Ethernet preamble, the SMD, and the CRC for each frame:
Photo by Mael BALLAND on Unsplash.