Let’s look at: Cisco Discovery Protocol (CDP)
Yes, yes I know if you have ever worked or studied Cisco on any level you will already be aware of Cisco Discovery Protocol (CDP), and what it is and does. I just wanted to take the time and cover it for some of it’s finer points. While I know talking about CDP is a jump from previous articles, but I was using Wireshark recently and caught a glimpse of a few CDP frames crossing my network.
Now if you ever have to map out an all Cisco network then CDP in your road map, CDP will guide you to any neighboring Cisco devices providing you the below information:
Just look at that, the only thing it doesn’t give you is the amount the memory and flash in the neighboring device, so this also an easy way to inventory your network and see what devices are connected where and what IOS is running on that device.
To see this information from within a Cisco device you want to issue the sh cdp neighbors command
The output can easily be matched with the table posted above. Additionally you can issue the sh cdp neighbors detail command to go an addition step further and get the actual IOS version running the on the neighboring devices.
Along with the IOS version, addition details about the connected interfaces, and platform are displayed. So if you were in the process of mapping or auditing a network with only the tools available CDP is one that should never be overlooked.
Another thing to consider is which version of CDP is running on your Cisco devices, the screen shots above are both from devices running CDP versions 2. Obviously version 2 has a few additions that version 1 did not have, let’s compare the two shall we.
As you can see version 2 offers improvements with PoE negotiation, which is used with other Cisco devices (VoIP phones, and Cisco AP’s), as well as duplex settings, the native VLAN of the line, and the VTP management domain information.
The last thing I want to mention is the CDP packets I sniffed off my lab can be sniffed from any Cisco device if CDP is running on the interface, which can be security risk especially on edge devices. So on any edge devices or devices that do not have any other neighboring Cisco devices then you might as well disable CDP on the device, see my previous post concerning the 1-step router lockdown, concerning some basic security practices.