Cisco Discovery Protocol

In today’s post let’s talk about CDP the Cisco Discovery Protocol. This protocol helps us in two ways, it first helps us verify that a connection between router or switch is set up correctly  at least up to layer two in the OSI model. This also helps us discover Cisco devices that are in are network and which interfaces these devices are connected too and from are Cisco equipment. The Cisco discovery protocol is Cisco proprietary  and before I go any further let me mention that CDP is a security risk because of the detailed information CDP gives out which helps you has a network administrator build a current network infrastructure, this can also hurt you because this information can easily be sniffed by programs that are easily searched on the internet.

So what is the purpose of CDP? CDP can gather device information from neighboring switches and routers without the need for a password. Like mentioned before this is great for troubleshooting a problem, discovering new devices that are not documented in your network topology, and verifying that each device is physically connected to the correct interfaces according to network documentation.

CDP can discover the following details from neighboring devices that support CDP:

  • Device Identifier: The hostname of the device
  • Address List: Network and data-link addresses
  • Local Interface: The interface on the switch or router issuing the command Show CDP
  • Port Identifier: Identifies the port used by the device to send CDP messages
  • Capabilities List: Information on what the device is like a router or a switch
  • Platform: The model and the OS running on the device

Since CDP is enabled by default it does create a security risk, Cisco recommends that CDP be disabled on all interfaces that do not have need for it. You can disable CDP in two ways, by each interface with the sub-command no cdp enable under the interface you wish to disable CDP. Or you can also disable CDP globally within the router or switch with the command no cdp run under the configuration mode.

That’s just some general information about CDP and why CDP is useful. Although CDP could be a security risk it’s still a helpful protocol to get some detailed information about your Cisco devices for inventory or to update your network topology. It can also be useful to just verify that the physical layer and data-link layer are working correctly for troubleshooting purposes. Like always I hope this information is informative and if you have an idea on the next topic that deals with wither ICND1 or ICND2 let me know.

Advertisements