Cisco Discovery Protocol CDP vs LLDP
Cisco Discovery Protocol CDP is a Cisco proprietary protocol for network detection at the data link layer. You can share information such as device names and IOS versions with other physically connected Cisco devices. LLDP is a neutral protocol in the data link layer for network detection. Network devices advertise information, such as identities and functionalities to their neighbors.Device Detection with CDP
Cisco Discovery Protocol (CDP) is a proprietary Cisco Layer 2 protocol that is used to collect information about Cisco devices that share the same data link. The CDP is independent of media and protocol and runs on all Cisco devices, such as routers, switches and access servers.The device sends periodic CDP announcements to the connected devices, as shown in Image 1. These messages share information about the type of device being discovered, the name of the devices, and the number and type of interfaces.
Because most network devices connect to other devices, the CDP can help make design decisions, solve problems, and make changes to the equipment. The CDP can be used as a network analysis tool to learn about neighboring devices. This information collected from the CDP can help create a logical topology of a network when documentation or details are missing.
CDP CONFIGURATION
For Cisco devices, CDP is enabled by default. For security reasons, it may be convenient to disable the CDP on a network device globally, or by interface. With the CDP, an attacker can collect valuable information about the network design, such as IP addresses, IOS versions, and device types.To verify the status of CDP and display information about CDP, enter the show cdp command , as follows:
Router # show cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
To enable CDP globally for all supported interfaces on the device, enter cdp run in global configuration mode. CDP can be disabled for all device interfaces with the no
cdp run command , in global configuration mode.
To disable CDP on a specific interface, such as the one that comes in contact with an ISP, enter no cdp enable in the interface configuration mode. The CDP is still enabled on the device; however, no more messages will be sent to the interface. To re-enable CDP on the specific interface, enter cdp enable , as shown:
Switch (config) # interface gigabitethernet 0/1
Switch (config-if) # cdp enable
Below is a globally disabled CDP using the no cdp run command and re-enabled with the cdp run command .
Router (config) # no cdp run
Router (config) # exit
Router # show cdp
% CDP is not enabled
Router # conf t
Router (config) # cdp run
CDP VERIFICATION
To verify the status of CDP and display a list of its adjacent components, use the show cdp neighbors command , in EXEC mode with privileges. The show cdp neighbors command shows important information about adjacent CDP components. Currently, this device has no adjacent component because it is not physically connected to any other device:Router # show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port IDUse the show cdp interface command to display the interfaces that are enabled in CDP on the device. The status of each interface is also shown. The following result shows that five interfaces are enabled for CDP on the router with only one active connection to another device.
Router # show cdp interface Embedded-Service-Engine0 / 0 is administratively down, line protocol is down ARPA encapsulation Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0 / 0 is administratively down, line protocol is down ARPA encapsulation Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0 / 1 is up, line protocol is up ARPA encapsulation Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0 / 0/0 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0 / 0/1 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds
DEVICE DETECTION WITH CDP
With the CDP enabled on the network, the show cdp neighbors command can be used to determine the design of the network.
For example, consider the lack of documentation in the topology of Image 2. There is no information available related to the rest of the network.
1 # show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac RelayThe show cdp neighbors command provides useful information about each adjacent CDP device, such as the following data:
- Device identifiers - The host name of the adjacent device (S1).
- Port Identifier - The name of the local and remote ports (Gig 0/1 and Fas 0/5, respectively).
- Function list - Indicates whether the device is a router or a switch (S for switch; I for IGMP is beyond the scope of this course).
- Platform - The device hardware platform (WS-C2960 for the Cisco 2960 switch).
VIEW DETAILED INFORMATION ABOUT CDP
If more information is needed, the detailed show cdp neighbors command can also provide information, such as the IOS version and IPv4 addresses of adjacent components, as follows:
R1 # show cdp neighbors detail ------------------------- Device ID: S1 Entry address (s): IP address: 192.168.1.2 Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP Interface: GigabitEthernet0 / 1, Port ID (outgoing port): FastEthernet0 / 5 Holdtime: 136 sec Version: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0 (2) SE7 , RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Thu 23-Oct-14 14:49 by prod_rel_team advertisement version: 2 Protocol Hello: OUI = 0x00000C, Protocol ID = 0x0112; payload len = 27, value = 00000000FFFFFFFF010221FF000000000000002291210380FF0000 VTP Management Domain: '' Native VLAN: 1 Duplex: full Management address (s): IP address: 192.168.1.2 Total cdp entries displayed: 1
S2 DETECTION
By accessing S1 either remotely via SSH or physically through the console port, a network administrator can determine which other devices are connected to S1, as indicated in the show cdp command output neighbors.S1 # show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
S2 Fas 0/4 158 SI WS-C2960- Fas 0/4
R1 Fas 0/5 136 RBSI CISCO1941 Gig 0/1
TOPOLOGY COMPLETION
Another switch, S2, is revealed in the result. The network administrator then has access to S2 and displays the adjacent CDP components, as indicated in Image 5. The only device connected to S2 is S1. Therefore, there are no more devices to discover in the topology. The network administrator can now update the documentation to reflect the detected devices.
S2 # show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
S1 Fas 0/4 173 SI WS-C2960- Fas 0/4
DEVICE DETECTION WITH LLDP
Cisco devices also support the Link Layer Detection Protocol (LLDP), which is a neutral protocol for adjacent component detection similar to CDP. The LLDP works with network devices, such as routers, switches, and wireless LAN access points. This protocol informs your identity and capabilities to other devices and receives information from a physically connected Layer 2 device.
LLDP CONFIGURATION
On some devices, LLDP may be enabled by default. To enable LLDP globally on a Cisco network device, enter the lldp run command in global configuration mode. To disable LLDP, enter the no lldp run command in global configuration mode.Like the CDP, the LLDP can be configured on specific interfaces. However, LLDP must be individually configured to transmit and receive LLDP packets, as indicated:
Switch # conf t Enter configuration commands, one per line. End with CNTL / Z. Switch (config) # lldp run Switch (config) # interface gigabitethernet 0/1 Switch (config-if) # lldp transmit Switch (config-if) # lldp receive Switch # show lldp Global LLDP Information: Status: ACTIVE LLDP advertisements are sent every 30 seconds LLDP hold time advertised is 120 seconds LLDP interface reinitialisation delay is 2 seconds
LLDP VERIFICATION
To verify that LLDP has already been enabled on the device, enter the show lldp command in privileged EXEC mode.Show the status of LLDP on R1.
R1 # show lldp
% LLDP is not enabled
R1 #
Enter global configuration mode to configure the following:
- Activate LLDP globally on R1.
- Disable LLDP on the S0 / 0/0 interface.
- Use the end command to exit global configuration mode.
R1 # configure terminal
R1 (config) # lldp run
R1 (config) # interface s0 / 0/0
R1 (config-if) # no lldp run
R1 (config-if) # end
R1 #
Display the list of neighbors with LLDP on S1.
S1 # show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
R1 Fa0 / 5 99 R Gi0 / 1
Show more details of the list of neighbors with LLDP on R1.
S1 # show lldp neighbors detail ------------------------------------------------ Chassis id: c471.fe45.73a0 Port id: Gi0 / 1 Port Description: GigabitEthernet0 / 1 System Name: R1 System Description: Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4 (3) M2, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Fri 06-Feb-15 17:01 by prod_rel_team Time remaining: 106 seconds System Capabilities: B, R Enabled Capabilities: R Management Addresses - not advertised Auto Negotiation - not supported Physical media capabilities - not advertised Media Attachment Unit type - not advertised Vlan ID: - not advertised Total entries displayed: 1
DEVICE DETECTION WITH LLDP
With LLDP enabled, components adjacent to the device can be detected using the show lldp neighbors command . For example, consider the lack of documentation in the topology of Image 7. The network administrator only knows that S1 is connected to two devices. If you use the show lldp neighbors command , the network administrator detects that S1 has a router and a switch as adjacent components.
S1 # show lldp neighbors Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold-time Capability Port ID R1 Fa0 / 5 99 R Gi0 / 1 S2 Fa0 / 4 120 B Fa0 / 4 Total entries displayed: 2From the results of show lldp neighbors , a topology of switch S1 can be constructed as illustrated in Image 8. When more details are needed on adjacent components, the show lldp neighbors detail command can provide information such as the IOS version , the IP address and functionality of adjacent devices.
S1 # show lldp neighbors detail ------------------------------------------------ Chassis id: fc99.4775.c3e0 Port id: Gi0 / 1 Port Description: GigabitEthernet0 / 1 System Name: R1 System Description: Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4 (3) M2, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Fri 06-Feb-15 17:01 by prod_rel_team Time remaining: 101 seconds System Capabilities: B, R Enabled Capabilities: R Management Addresses: IP: 192.168.1.1 Auto Negotiation - not supported Physical media capabilities - not advertised Media Attachment Unit type - not advertised Vlan ID: - not advertised ------------------------------------------------ Chassis id: 0cd9.96d2.3f80 Port id: Fa0 / 4 Port Description: FastEthernet0 / 4 System Name: S2 <the result was omitted>
No comments:
Post a Comment