Cisco CDP and LLDP

In this Cisco CCNA tutorial, you’ll learn about Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP). Scroll down for the video and also text tutorial.

 

Cisco CDP and LLDP Video Tutorial

 

CDP Cisco Discovery Protocol

 

Cisco Discovery Protocol (CDP) is a Cisco proprietary Layer 2 protocol. It is used to share information with other directly connected Cisco equipment, like the operating system and the IP address. That information will be shared between connected devices. It aids in troubleshooting by allowing administrators to map out how Cisco devices are connected to each other.

 

 

For example, say that you're in New York and there is a problem in Sydney and you don't know about the network topology in Sydney. As long as you can jump on one device in Sydney, then you could use show CDP neighbors to map out how all the other Cisco devices are connected to each other.

 

It's a very useful troubleshooting tool. Even if you know what the typologies should look like, you can use show CDP neighbor to check that the device is there and detected at Layer 2.

 

CDP is enabled by default on most Cisco equipment. Not just on routers and switches, but also on the firewalls and even in software, like Cisco Unified Communications Manager which is used to control IP Phones, and even the IP Phones will run CDP.

 

If you go onto your switch, which has got the Cisco Unified Communications Manager server and IP Phones plugged in there, you'll be able to get information about those devices. CDP works at Layer 2, therefore, it's not necessary for the device to have an IP address on it for it to be detected by its neighbors.

 

CDP Cisco Discovery Protocol Configuration

 

Since CDP is enabled by default, if you want to disable it, you can do:

no cdp run

 

To turn it back on again, the command is:

cdp run

 

These commands are done at global configuration. A reason you would maybe want to disable CDP is it can be seen as a security concern. If you're in a highly secure environment, such as in a bank, you don't want people to be able to see what devices are plugged in there so you could disable CDP.

 

 

The ‘no cdp run’ command will disable it globally on the device. You can also disable at the interface level as well with the command:

no cdp enable

 

Let’s say you've got a switch on the edge of your network and you want CDP to be enabled on the internal facing interfaces. You want to disable it on the external facing interface, so you don't give up information to another organization. Therefore, you can do a ‘no cdp enable’ at the interface level.

 

CDP verification commands:

• show cdp – It shows if CDP is enabled or not, also the timers, etc.
• show cdp neighbors – It is used to verify the attached devices. It will give you a nice brief summary view.
• show cdp neighbors detail - It is used to verify the attached devices. It will give more detail, including the IP addresses of the neighbors.

 

CDP sends CDP packets every 60 seconds by default. If I do a ‘show cdp neighbor’, it will show all the Cisco devices that are plugged into the switch. It gives the hostname of the device. This is another reason why it's a good idea to set a hostname so that if you do a 'show cdp neighbor', it's going to give you a description of what that device actually is.

 

It will also show me the local interface that is connected on my side. Over on the right, the port ID is the interface that it is plugged into on the far side device. It also says what the platform of that device is.

 

To get more detail, I can do a ‘show cdp neighbor detail’ and this will give more verbose output. I can see here my router and its IP address. This again is very useful if you need to find out an IP address of a neighbor so that you can Telnet or SSH onto it for troubleshooting.

 

It also tells me the platform it's running on, the IOS version is running on there as well, and some other similar information. If I hit the space bar I can scroll through and I can see the information for the other devices as well.

 

With ‘no cdp enable’, the switch will now stop sending out CDP information on that particular interface. It's still going to do it on the other interfaces though, so usually, I would do that if this was facing an external entity.

 

If I'm in a highly secured environment and I just want to completely disable CDP on the switch, then I'll exit back down to global configuration, and do a ‘no cdp run’. If I now go down to the enable prompt and do a ‘show cdp’, you can see that CDP is not enabled.

 

LLDP Link Layer Discovery Protocol

 

LLDP is the Link Layer Discovery Protocol. This came out a lot later than CDP did, and where CDP is Cisco proprietary, LLDP is an open standard. So, it's supported on most vendors' devices, and it provides similar information to CDP.

 

 

It does have some differences though. CDP will always be enabled by default on Cisco routers and switches, but with LLDP, it depends on the switch and version, whether it will be enabled or disabled by default.

 

LLDP is only supported on physical interfaces, CDP is also supported on virtual sub-interfaces as well. With LLDP, it can only discover up to one device per port. CDP is able to discover multiple devices per physical port because it does support those virtual sub-interfaces. LLDP can also discover Linux servers, CDP cannot.

 

LLDP Link Layer Discovery Protocol Configuration

 

Our commands to configure LLDP on a Cisco router or switch, to turn it on, at global configuration we use the command:

lldp run

 

To turn it off, we use the command:

no lldp run

 

To disable it at the interface level, we do it for both transmit and receive separately. To disable sending out information, we use the command:

no lldp transmit

 

To disable sending out information, we use the command:

no lldp receive

 

 

Our verification commands are again similar to CDP:

• show lldp - It will show if LLDP is enabled or not.
• show lldp neighbors - It will show a summary of our neighbors.
• show lldp neighbors detail - It will show more verbose output, including the IP addresses configured on those devices.

 

Cisco CDP and LLDP Configuration Example

 

This configuration example is taken from my free ‘Cisco CCNA Lab Guide’ which includes over 350 pages of lab exercises and full instructions to set up the lab for free on your laptop.

Click here to download your free Cisco CCNA Lab Guide.

 

1. Verify the directly attached Cisco neighbors using Cisco Discovery Protocol

SW1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

R1 Fas 0/1 170 R C2800 Fas 0/0

R2 Fas 0/2 134 R C2800 Fas 0/0

 

2. Prevent R1 from discovering information about Switch 1 via CDP

SW1(config)#interface FastEthernet 0/1

SW1(config-if)#no cdp enable

 

3. Flush the CDP cache on R1 by entering the ‘no cdp run’ then ‘cdp run’ commands in global configuration mode

R1(config)#no cdp run

R1(config)#cdp run

 

4. Verify that R1 cannot see SW1 via CDP

R1#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID

R1#

 

Additional Resources

 

Cisco Discovery Protocol (CDP): https://learningnetwork.cisco.com/s/article/cisco-discovery-protocol-cdp-x

Configuring LLDP: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/46sg/configuration/guide/Wrapper-46SG/swlldp.html

LLDP and CDP: https://www.cisco.com/assets/sol/sb/Switches_Emulators_v2_3_5_xx/help/250/index.html#page/tesla_250_olh/lldp_cdp.html

 

Want to practice Cisco CCNA technologies on your laptop? Download my complete 350-page Cisco CCNA Lab Guide for free.

 

Click Here to get my Cisco CCNA Gold Bootcamp, the highest rated CCNA course online with a 4.8 star rating from over 20,000 public reviews.