TB - GNS3 Lab: UDLD
by C. Casquatch
Simulating UDLD Failure in GNS3 Without MAC ACL Support
You can find the lab here: (https://gns3vault.com/switching/switch-svi-interface-and-routing)
๐ Objective
In this lab, we simulate a unidirectional link failure using UDLD (Unidirectional Link Detection) in Cisco switches within GNS3. Our goal is to:
- Configure UDLD in aggressive mode on both ends of a link.
- Simulate a unidirectional communication failure.
- Observe how UDLD detects the failure and shuts down the interface.
๐งช Lab Topology
- SW1 and SW2 connected via
GigabitEthernet0/0 - Testing UDLD on interface
GigabitEthernet0/0between the two switches
๐ง Step 1: Enable UDLD in Aggressive Mode
On both SW1 and SW2:
SW1(config)# udld enable
SW1(config)# interface gi0/0
SW1(config-if)# udld port aggressive
SW1(config-if)# no shutdown
SW2(config)# udld enable
SW2(config)# interface gi0/0
SW2(config-if)# udld port aggressive
SW2(config-if)# no shutdown
๐ง Step 2: Attempt MAC ACL Filtering (And Why It Failed)
I originally tried to simulate a unidirectional failure by filtering UDLD packets using a MAC access-list:
SW2(config)# mac access-list extended BLOCK_UDLD
SW2(config-mac-acl)# deny host 0100.0ccc.cccc any
SW2(config-mac-acl)# permit any any
SW2(config)# interface gi0/0
SW2(config-if)# mac access-group BLOCK_UDLD in
However, when we tried to verify it with:
SW2# show mac access-list BLOCK_UDLD
We got:
% Invalid input detected at '^' marker.
๐ก Conclusion: The IOSvL2 switch image in GNS3 does not support MAC ACLs properly.
๐ Step 3: Simulate the Link Failure Another Way
Since MAC filtering failed, we used a more reliable method: manually disabling one side of the link.
โ Method: Shut Down the Port on SW2
SW2(config)# interface gi0/0
SW2(config-if)# shutdown
Leave SW1โs port up. After a few seconds, SW1 (running UDLD in aggressive mode) detects the failure:
%UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface gi0/0, unidirectional link detected
Verify with:
SW1# show udld interface gi0/0
SW1# show interface status err-disabled
๐ Optional: Enable Auto-Recovery
To automatically recover from UDLD err-disable state:
SW1(config)# errdisable recovery cause udld
SW1(config)# errdisable recovery interval 30
At the bottom of this screenshot we can see there are no more status updates for the err-disabled state:
๐ Summary
| Step | Description |
|---|---|
| 1 | Enable UDLD aggressive mode on both switches |
| 2 | Attempted MAC ACL filtering โ unsupported in IOSvL2 |
| 3 | Used port shutdown to simulate unidirectional failure |
| 4 | Observed UDLD detecting failure and err-disabling the port |
So easy, a caveman can do it.
- GNS3 switch images like IOSvL2 may not support all IOS features (e.g.,
mac access-group). - When simulating network behavior, understanding platform limitations is crucial.
- Always have a fallback method โ in this case, interface shutdown did the trick.
Happy labbing ๐ง
tags: GNS3 - udld - Networking - switching