In this article we will see how you can easilly configure and tune router CDP capabilities. If you are more interested in what CDP really means and how it works, visit “about CDP” article.[tab:Cisco config]
To see simple CD operation and use information that CDP can give you first thing to doo is learn how is possible to turn CDP on and off. If you, for example, want to list the summary information about what devices are connected to your router you can either selectively enable or disable Cisco Discovery Protocol on the entire router, or on individual interfaces. This is done by next couple of commands:
R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#cdp run R1(config)#interface Serial0/0 R1(config-if)#cdp enable R1(config-if)#exit R1(config)#interface FastEthernet0/0 R1(config-if)#no cdp enable R1(config-if)#exit R1(config)#interface FastEthernet1/0 R1(config-if)#cdp enable R1(config-if)#end R1#
Remember that CDP is enabled by default on all Cisco routers and Switches and on all interfaces. In the case that you don’t think CDP is enabled, you can enable it by typing:
Sometimes you don’t want that CDP is enabled on some particular interface because of security or some other reason. In that case, on that interface, you can turn CDP off by typing the following command:
R1(config)#interface Serial0/0 R1(config-if)#no cdp enable
Note that CDP works only with Cisco Routers and Switches and you will not be able tu use it on other equipment. This is because CDP is a Cisco proprietary protocol. If in your case your are using Cisco equipment then you are sure that you can use CDP for gathering different information from your network. First thing that CDP will help you to see is the list of devices in your network. This list will be a list of adjacent devices that also happen to be running CDP
show cdp neighbors command is the command to show this list:
R1#show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local Intrfce Holdtme Capability Platform Port ID Router2 Ser 0/0 179 R 2621 Ser 0/1 Switch1 Fas 1/0 152 T S WS-C2924 2/2 R1#
This list of neighboring devices contains the name, type and model number of each neighbor. It also includes interfaces on our router and neighboring router with which we are connected.
Last device on the list is Cisco switch. This maybe does not seem at first like a big deal but it points out the most useful features of CDP. While all other mechanisms can tell you who are your Layer 3 neighbors, CDP will gives you information about the Layer 2 neighbors. This will work even when the Layer 2 neighbor like switch does not have an IP addresses configured.
With “detail” keyword you can see more info about every neighboring device:
R1#show cdp neighbors detail ------------------------- Device ID: Router2 Entry address(es): IP address: 10.1.1.2 Platform: cisco 2621, Capabilities: Router Interface: Serial0/0, Port ID (outgoing port): Serial0/1 Holdtime : 136 sec Version : Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IK9O3S-M), Version 12.2(13), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 19-Nov-02 22:27 by pwade advertisement version: 2 Device ID: Switch1 Entry address(es): IP address: 172.25.1.4 Platform: WS-C2924, Capabilities: Trans-Bridge Switch Interface: FastEthernet1/0, Port ID (outgoing port): FastEthernet0/12 Holdtime : 116 sec Version : Cisco Internetwork Operating System Software IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Fri 15-Feb-02 10:14 by antonino advertisement version: 2 Duplex: full
CDP can tell you whole bunch of info about neighbors. It will show:
- IP addresses of the adjacent interfaces
- details about the Cisco IOS version
In the new version of CDP (Version 2) that is available from IOS Version 12.0(3)T it can show three new things that are useful on LANs:
- VTP Domain Name
- 802.1Q Native VLAN
Duplex option in CDP is now enabling routers and switches to automatically detect adn solve duplex mismatches.
CDP Version 2 is enabled by default. If you don’t like that, you can globally disable Version 2 support with this command:
R1(config)#no cdp advertise-v2
If you are not sure what Version of CDP is running and maybe you need some other info about CDP protocol on your device show cdp command will tell you all:
R1#show cdp Global CDP information: Sending CDP packets every 60 seconds Sending a holdtime value of 180 seconds Sending CDPv2 advertisements is enabled R1#
You can see some default timers value on the R1 router. CDP advertisement packets are sent every 60 seconds. The holdtime parameter is the length of time the router will wait to hear the next CDP advertisement from one of its neighbors before flushing the corresponding entry from its CDP neighbor table.
Of course, sometimes you want that CDP on your network to responds faster. You can tune these parameters globally for the entire router and in this way modify the ratio between more bandwidth for faster response of the networks CDP or less bandwidth with slower CDP response:
To clear this up. Faster CDP response means that CDP timer and holdtime is tuned to less seconds. This means more CDP advertisement in the same period of time that will take more bandwidth. More advertisements and less holdtime will make detection of missing neighbor faster.
R1(config)#cdp timer 30 R1(config)#cdp holdtime 240
The advertisement timer can have any value between 5 and 254 seconds, while the hold timer must be between 10 and 255 seconds.
Disabling the Cisco Discovery Protocol
The main reason for witch you don’t want to allow adjacent devices to gain information about this router and switches is for security reasons. If you are interested in different ways that CDP can be used as a security threat to your network visit our CDP protocol Layer 2 attacks article – CDP attacks.
You can disable CDP on a single interface by using the command:
R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#cdp run R1(config)#interface FastEthernet0/0 R1(config-if)#no cdp enable R1(config-if)#end R1#
Or you can disable CDP on the whole router:
R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#no cdp run R1(config)#end R1#
[tab:Juniper configuration] CDP – Cisco Discovery protocol is Cisco proprietary protocol that can’t be configured or activated on other vendors products. However, there is a solution in LLDP – Link Layer Discovery Protocol that is industry standard technology. It can be easily configured of Juniper devices and if you are interested how is this done just visit Configuring LLDP
Check other CDP and LLDP articles:
- How to configure CDP – Cisco Discovery Protocol
- CDP – Cisco Discovery Protocol
- CDP Attacks – Cisco Discovery Protocol Attack