What is CDP in Networking?
The Cisco Discovery Protocol (CDP) is a network protocol developed by Cisco Systems, which operates at the data link layer (Layer 2) of the OSI model. It is a Cisco proprietary protocol. CDP is used to collect information about nearby Cisco devices within a local network. CDP is used for network management.
Cisco discovery protocol provides information about the following parameter: –
Topology Discovery
CDP helps Cisco devices to discover their directly connected neighbours and obtain information about adjacent devices. This helps the network administrator to map out the network topology i.e., to map the network.
Neighbour Information
CDP advertisements provide details about the neighbouring Cisco devices which include the information of the type of device connected i.e., switch, router, multilayer switch, etc., the software version of the connected device, VLAN information, IP Address, and even the interface it is using for the connectivity.
Network Monitoring
CDP helps in network monitoring and troubleshooting by providing real-time information about the status of the device.
Automatic Device Detection
CDP helps to automatically detect and recognize devices even when a new device is connected to the network.
All this information is helpful to create the network map, document the network, and troubleshoot in case of outages. Cisco Discovery protocol is enabled by default.
How does the Cisco discovery protocol work?
All Cisco devices transmit CDP Packets periodically. Receiving devices process the packet and make a cache of the information received. If receiving packet has information different from already cached information, the new information is cached and the older cache is removed. CDP uses various timers to control the CDP advertisements and the expiration of outdated information. This timer helps to manage the frequency of CDP packets.
Timers are as follows: –
Advertisement Timer
This timer controls how often a Cisco device sends out CDP advertisements to its directly connected neighbours. By default, the advertisement timer is set to 60 seconds on most Cisco devices. This means that every 60 seconds, the device will multicast a CDP advertisement packet to inform its neighbours about its presence and current status.
Hold Time Timer
The hold time timer is the duration of time that a receiving device considers CDP information valid before discarding it if no new updates are received. The default hold time is 180 seconds (3 times the advertisement timer). When a device receives a CDP advertisement, it sets its hold time to the received hold time value. If no new updates are received from the same neighbour before the hold time expires, the information about that neighbour is removed from the CDP table.
TTL (Time to Live) Timer
The TTL timer is used to control the maximum time that a CDP advertisement can live in the network before it expires. Each CDP advertisement packet contains a Time to Live (TTL) value, which is set to a default of 180 seconds (3 minutes). This TTL value is decremented by one as the packet is forwarded through each network hop. When the TTL reaches zero, the packet is discarded, preventing old CDP information from circulating indefinitely.
What are the drawbacks of CDP?
The drawbacks of CDP are as follows-
- CDP is a Cisco proprietary protocol, so it cannot be used to discover devices other than Cisco or devices of different vendors.
- In large networks, excessive CDP advertisement can create additional traffic and network congestion resulting in an impact on network performance.
CDP Spoofing
CDP is also prone to spoofing. In CDP spoofing, the attacker sends out a packet with a multicast address the same as that of the destination address of CDP i.e., 01:00:0C:CC:CC:CC, and fake MAC Address as source address. When devices receive these large number of frames, it will add CDP information to the table. The device may not be able to handle this large number of frames and eventually crashes.
Configuration
S1#show cdp neighbors
Capability Codes:
R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater, P – Phone
Device ID Local Interface Holdtime Capability Platform Port ID
R1 Fas 0/2 162 R ISR4300 Gig 0/0/0
S2 Fas 0/1 139 S 2960 Fas 0/1
As we can see that there are 2 directly connected devices with S1.
Device ID
The hostname of the directly connected devices
Local Interface
The interface of S1 on which CDP messages are received. In our case R1 is sending messages to Fas0/2 and S2 is sending messages to Fas0/1, which also tells about the interface on S1 through which R1 and S2 are connected.
Holdtime
Amount of time S1 holds the information if no more packets are received.
Capability
It shows the type of device connected. In our example, R1 is a router, hence capability is denoted as R. Similarly, S2 is a switch hence it is denoted as S.
Platform
It tells about the OS and the device model.
Port ID
It is the interface of the neighbouring device through which the CDP packet is sent. In our example, the Port ID of R1 is Gig 0/0/0, hence S1 is connected to R1 with Gig 0/0/0 interface.
To get further information on the connected devices we can use the following command-
S1#show cdp neighbors detail
Device ID: R1
Entry address(es):
IP address : 192.168.12.1
Platform: cisco ISR4300, Capabilities: Router
Interface: FastEthernet0/2, Port ID (outgoing port): GigabitEthernet0/0/0
Holdtime: 140
Version :
Cisco IOS Software [Everest], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.6.4,RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Sun 08-Jul-18 04:33 by mcpre
advertisement version: 2
Duplex: full
—————————
Device ID: S2
Entry address(es):
Platform: cisco 2960, Capabilities: Switch
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/1
Holdtime: 176
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 26-Jun-13 02:49 by mnguyen
advertisement version: 2
Duplex: full
What is LLDP?
LLDP (Link Layer Discovery Protocol) is an industry-standard network protocol defined by the IEEE 802.1AB standard. It operates at the data link layer (Layer 2) of the OSI model and is used for discovering information about neighbouring network devices.
The working mechanism of LLDP is similar to CDP but the major difference is that LLDP is an open-source protocol while CDP is Cisco Proprietary. Since LLDP is a vendor-neutral protocol, it allows devices from different vendors to exchange essential information. When a network device supports LLDP, it periodically sends out LLDP packets, known as LLDP advertisements, on each active network interface. These advertisements contain information about the sending device, such as its device type, capabilities, system name, management address, and port details. The receiving devices process these advertisements and store the information in their respective LLDP tables.
LLDP packets are sent as multicast frames, which implies that they are received only by devices interested in LLDP information, hence minimizing network overhead.
LLDP is used in cases where you have a network with devices from different vendors like Cisco, Juniper, HP, Aruba, etc. For example, if a Juniper switch is connected to an HP router, LLDP will allow the Juniper switch to discover the neighbour HP router and exchange essential information.
Let’s use the same topology as we used in the case of CDP-
To enable LLDP-
Switch#configure terminal
S2(config)#lldp run
S2(config)#exit
S2#show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Interface Hold-time Capability Port ID
Total entries displayed: 0
Since I have enabled LLDP only on S2, hence no other devices are transmitting LLDP packets, hence total entries are 0.
Let us enable LLDP on devices one at a time.
S2#show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Interface Hold-time Capability Port ID
S1 Fa0/1 120 B Fa0/1
Total entries displayed: 1
Enabled LLDP on S1 and S2, hence S1 started transmitting LLDP packets and S2 can locate details of it.
S2#show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Interface Hold-time Capability Port ID
S1 Fa0/1 120 B Fa0/1
R2 Fa0/3 120 R Gig0/0/0
Total entries displayed: 2
Similarly enabled LLDP on R2 as well.
To get further details of connected devices use: –
S2#show lldp neighbors detail
It is important to note that LLDP needs to be enabled on each Cisco device so that they start transmitting LLDP packets. Enabling LLDP becomes necessary when we have other vendor devices as well in our network. Else if we have only Cisco devices which are quite expensive, there is no need to enable LLDP and CDP can help us get the neighboring devices information.
