Cisco Discovery-Protokoll(CDP) is a Cisco proprietary protocol designed to facilitate network management of Cisco devices by discovering hardware and protocol information about neighboring devices. Using CDP, network engineers can gather information about neighboring network devices, identifying the hardware or device type, software version, the active interfaces (physical or VLAN) used by the device, their configuration, and other information. This is a lot of information useful for troubleshooting and documenting your network.
The Cisco Discovery Protocol performs functions similar to many other proprietary network protocols, such asFoundry Discovery Protocol(Pdf),Nortel Discovery Protocol(PND),Link layer topology detection(LLCTD) and manufacturer-neutralLink-Layer-Discovery-Protokoll(LLDP). CDP is a very useful protocol for Cisco network engineers. You may not realize the importance of this protocol until you are responsible for a network infrastructure about which you know little or nothing.
Imagine you have just been hired by an organization as a network administrator. His predecessor was recently fired, so there was little to no information about the network. They just told him that the organization has a local area network and a WAN (wide area network) in three locations, mainly consisting of Cisco equipment, and they provided him with the credentials for the main router at the head office. You are expected to keep the business running smoothly. What is your job? Well, this is where CDP comes in handy for a network engineer who wants to discover and map all network devices connected together. CDP is very useful for someone new to a network and trying to map it to learn about neighboring devices, their parameters and other configuration details.
In this guide, we'll show you how to use the Cisco Discovery Protocol to gather useful information about neighboring devices and trace a network. Here is a list of the tasks we will take on:
- How CDP works
- Enable/disable CDP on Cisco devices
- Configure the CDP timer and timeout
- Collection of neighbor information
- Collection of port and interface information
- Document a network topology using CDP
- CDP Security Issues
How the Cisco Discovery Protocol works
CDP is enabled by default on all supported devices such as routers, switches, etc. by Cisco. These devices can send and receive CDP messages or advertisements from their interfaces to neighboring directly connected devices. Because CDP is a supported Layer 2 (data link layer) protocol, the device does not forward or route these messages. This means that you can only get CDP information about directly connected devices, and if those neighboring directly connected devices are also Cisco devices running CDP, they can basically exchange information.
If a Cisco device, e.g. For example, when a router running CDP receives a CDP packet, it begins building a table listing neighboring devices. As devices are discovered, they temporarily send a packet of updated information to each other. These CDP packets contain a lot of useful information about network devices, such as:
- type of device
- hardware platform
- hardware skills
- IOS version number
- Hostname
- The interface that generates the CDP message
- IP address of the device
- Tür ID
- The number of seconds for the CDP advertisement is valid
By default, CDP messages are generated every 60 seconds and the waiting time (explained below) for missing neighbors is 180 seconds. CDP messages are distributed as a multicast using the SNAP (Subnetwork Access Protocol) frame type. SNAP only supports these media types: Ethernet, Token Ring, Fiber Distributed Data Interface (FDDI), Asynchronous Transfer Mode (ATM), Point-to-Point Protocol (PPP), High-Level Data Link Control (HDLC), and Frame Delay. CDP has been available in IOS since version 10.3 on Cisco routers, switches and other supported devices. CDPV1 is the initial software version that can only collect information from the device on the other end. CDPV2 is the latest version of the protocol and offers smarter device tracking capabilities.
Enable/disable CDP on Cisco devices
For this section, our router is hostnamed HQ_Router and has two serial connections to routers named LOS_Router and NYC_Router, and a FastEthernet connection to a switch hostnamed HQ_Switch, as shown in the diagram below:
As mentioned above, the Cisco Discovery Protocol is enabled by default on all supported devices. If for some reason it is not active, you can simply reactivate it. Use the following command to enable or disable CDP:
Description | Domain |
|---|---|
Enter privileged EXEC mode (enter your password when prompted) | HQ_Router>capable |
Enter global configuration mode | HQ_Router#config |
Enable CDP globally on a router | HQ_Router (config) # cdp ejecutar |
Disable CDP globally on a router | HQ_Router(config) )# without cdp execution |
enter interface configuration mode (e.g. int fa0/1) | HQ_Router(config)#intfa0/1 |
Enable CDP on an interface if CDP is enabled globally | HQ_Router (config-si) # cdp habilitar |
Disable CDP on an interface | HQ_Router (config-if) # sem habilitar cdp |
Configure Cisco Discovery Protocol timeout and timeout
By default, CDP Timer is the amount of time between CDP advertisements sent by all router interfaces. It basically describes how often CDP packets are transmitted from all active interfaces. The CDP timer is 90 seconds by default. The CDP retention time, on the other hand, is the time that a router stores the CDP information received from a neighboring router before discarding it if the neighbor does not update the information. The CDP hold time is set to 180 seconds by default.
You can use global commandsCDP-TimerjCDP timeoutto change the default time settings for CDP Timer and Holdtime on your router as shown below:
Description | Domain |
|---|---|
Configure the CDP timer | HQ_Router(config) # cdp-Timer 100 |
Configure the CDP timeout | HQ_Router(config)# cdp timeout 200 |
Collection of neighbor information
This section explains how to collect information about directly connected devices. Here are all the commands we will use for this section:
Description | Domain |
|---|---|
Enter privileged EXEC mode (enter your password when prompted) | HQ_Router>capable |
Show information about neighboring devices | Show HQ_Router#cdp neighbors |
View detailed information about neighboring devices | Show HQ_Router#CDP neighbor details |
View detailed information about neighboring devices | HQ_Router# shows cdp entry * |
Displays the IP addresses of each directly connected neighbor | HQ_Router#show cdp input *-Protokolle |
Displays the IOS version of each directly connected neighbor | HQ_Router# shows cdp * version entry |
The output of followsShow cdp neighborCommand used in our router:
Kapazitätscodes: R – Enrutador, T – Trans Bridge, B – Source Route Bridge S – Switch, H – Host, I – IGMP, r – Dispositiv repetidor IDLocal IntrfcHoldtimeCapabilityPlatformPort IDHQ_SwitchFas 0/1180T SCWS-C2950-12Fas 0/0LOS_RouterSer 0/ 1 /0190R S I2801Ser 0/2/0NYC_RouterSer 0/0/1200R S I1841Ser 0/0/1HQ_Router#
from the exit ofShow cdp neighborsAbove command you can get the neighbor devices (capacity i.e. router or switch), model number (platform), your port connected to this device (local interface) and neighbor port connected to you (port id), see. The following table is a summary of the information displayed byShow cdp neighborcommand for each device.
campo | Description |
|---|---|
Device ID | The hostname of the directly connected device. |
interface local | The port or interface on the host router (HQ_Router) |
waiting period | The time the router stores information before discarding it when no other CDP packets are received. |
Capability | The type of neighboring network devices, e.g. B. router, switch or repeater. Function codes are listed at the top of the command output. |
platform | The model number of the directly connected device. |
Tür ID | The port or interface of the neighboring device on which CDP is packaged. They are multicast. |
IsShow cdp neighbor detailsis another similar command that we can use to collect more detailed information about directly connected devices. It runs on routers and switches and displays detailed information about each device. Here is the output after running the command on our router:
Device ID: HQ_SwitchIngress Address(es): 10.1.1.1 Platform: Cisco WS-C2950-12, Capabilities: Sender Switch Interface: FastEthernet0/1, Port ID (egress port): FastEthernet0Timeout: 180 seconds --- --- - - -----------------Device ID: LOS_RouterInput Address(es): IP Address: 10.2.2.1Platform: Cisco 2801, Capabilities: Router-Switch IGMP- Interface: Serial0/1/0 , Port ID (Output port): Serial0/2/0 Timeout: 190 seconds Version: Cisco IOS Software, Software 2801 (C2801-ADVENTERPRISEK9-M), Trial Version 12.4 (20050525:193634) [jezhao- ani 145] ---- - -------------------- Device ID: NYC_Router Gateway Address(es): IP Address: 10.3.3.1 Platform: Cisco 1841, Functions: Router IGMP SwitchInterface: Serial0/ 0/1, Port ID (output port): Serial0/0/1Timeout: 200 secondsVersion: Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.4(1c),RELEASE SOFTWARE (fc1)----- -- ----- -------------[Cut]HQ_Router#
What additional information does the above result give us? As you can see, it shows us the IP addresses of all directly connected devices and their IOS versions, in addition to all the other information that theShow cdp neighborDomain.
There is not much difference between theshow cdp input *jShow cdp neighbor detailsCommands basically display the same information. However, theshow cdp input *The command has two unique options:View incoming cdp* logsjShow cdp version entry *.
IsView incoming cdp* logsThe command only displays the IP addresses of each directly connected neighbor, while theEnter cdp * show versionit only shows the IOS version of its directly connected neighbors.
Collection of port and interface information
To display port and interface information, we use thecdp interfacecommand as shown below.
Description | Domain |
|---|---|
Enter privileged EXEC mode (enter your password when prompted) | HQ_Router>capable |
Displays CDP status on router interfaces | Interfaz HQ_Router#show cdp |
This command displays the status of CDP on router interfaces or switch ports. On a router is theMostrar interface cdpThe command displays information about each interface used by CDP, including inline encapsulation, timers, and timeouts for each interface. Here is an example of the output of this command on our router:
HQ_Router#show cdp interfaceFastEthernet0/1 is active, line protocol is activeARPA encapsulationSend CDP packets every 100 seconds, timeout is 180 secondsSerial0/1/0 is active, line protocol is activeHDLC encapsulation, send CDP packets every 100 seconds, timeout timeout Serial timeout is 190 seconds Serial0/0/1 is active, line protocol is on HDLC encapsulation. Send CDP packets every 100 seconds Timeout is 200 seconds
The above output clearly shows us the status of CDP on the router interfaces. Of course, you can turn off CDP on any router interface at any time with theno cdp enabledcommand described above. If CDP is disabled, it will no longer show up in the router output when you run theMostrar interface cdpDomain.
The above output clearly shows us the status of CDP on the router interfaces. Of course, you can turn off CDP on any router interface at any time with theno cdp enabledcommand described above. If CDP is disabled, it will no longer show up in the router output when you run theMostrar interface cdpDomain.
Document a network topology using CDP
Let's say you've just been hired as a network administrator for a TV station that can't sit still. His predecessor left the company without notice, leaving little or no information about the organization's network topology to draw on. You only have access to the main router at the headquarters. How can the network topology be documented? CDP to the rescue! Now you can apply everything you've learned so far to document your network infrastructure. The basic parameters needed to document a network are the target device type, the port or interface type, and the IP address of various interfaces. This can easily be determined using only the Cisco Discovery Protocol commands andshow running configurationcommands.
- First, log into the main router to find the IP address of the interfaces using theshow running configurationDomain. Once this step is complete, you can document the IP addresses of the router's main interfaces.
- You then need to determine the device type at the other end of each of these interfaces using theShow cdp neighborsDomain. This will show the types of network devices connected to each of the router's main connections, as well as any interfaces, port IDs, etc. from the remote network device.
- Finally, you need to find the IP address for each of the remote network devices usingShow cdp neighbor detailsDomain. Of all information collected through theshow running configuration,Show cdp neighbors, OfShow cdp neighbors Detail,Now you can create and take ownership of your organization's network topology.
CDP Security Issues
Although the Cisco Discovery Protocol is a very valuable protocol for network engineers, cyber criminals often use it to conduct cyber attacks. Since this protocol does not implement authentication and packets are sent in the clear, anyone can eavesdrop and steal information about your network devices and use it to identify iOS versions with known vulnerabilities in order to exploit them or launch new cyberattacks. CDP phishing attack is one of the most common methods used by cyber criminals to attack networks.
CDP spoofing is the creation of fake packets to impersonate other network devices. This attack is a type of Denial of Service (DoS) attack used to flood CDP connected devices. An attacker could exploit this vulnerability by sending thousands of spoofed CDP packets to the multicast MAC address 01:00:0C:CC:CC:CC to create neighbor tables on any device on the network running CDP fill and flood. When this happens, legitimate network traffic can be disrupted because the device no longer has the resources to transport it. The device's command-line interface can also become unresponsive, making it difficult to disable CDP during an ongoing attack.
To fully mitigate the CDP spoofing threat, experts recommend disabling CDP on the entire network device when it is not needed. But of course this is at the expense of the CDP. The Secure CDP feature also provides security by allowing users to select the type, length, and value (TLV) fields sent to an interface to filter fields in CDP packets.
If unusual Cisco Discovery Protocol traffic or an unexpected CDP device is found on your network, investigate it immediately and verify what MAC address the frames are coming from and what type of information they contain. HeCDP monitoringThe application can be used to monitor CDP changes in Windows environments. Detects CDP changes on the network and notifies you by email or by opening a message box and playing an alert tone. You can also run a custom program to detect changes.
Frequently asked questions about the Cisco Discovery ProtocolS
What are Cisco Discovery Protocol vulnerabilities?
As of February 2020, five vulnerabilities were found in CDP. Four of the five vulnerabilities are Remote Code Execution (RCE) vulnerabilities, while one is a Denial of Service (DoS) vulnerability. Affected devices include: Cisco 7800/8800 series IP phones, Cisco 8000 series IP cameras, Cisco NX-OS switches, Cisco Firepower firewalls, Cisco NCS systems, and Cisco IOS XR routers. Cisco has released patches for all five vulnerabilities, but the most vulnerable devices are not automatically updated and must therefore be manually patched to receive protection.
Should I disable CDP?
It's generally good security practice to disable anything that isn't needed on a system, and CDP is no exception. This is especially important when you have considered that the risks in your network environment outweigh the benefits.
Can CDP and LLDP coexist?
Yes. CDP and LLDP can coexist or be used simultaneously, especially if your network environment consists of devices from different vendors. Most Cisco devices also support LLDP because it allows them to work with other vendors. However, on these devices, LLDP is disabled by default.
How often are CDP packets sent?
Standard CDP packets are typically sent every 60 seconds from all active interfaces. The length of time that a router keeps received CDP information before discarding it if the neighbor does not update it is set to 180 seconds by default. However, these default settings can be changed during setup.