Cisco Discovery Protocol (CDP)

• Layer 2 proprietary protocol developed by Cisco for device discovery and network topology mapping
• Runs on all Cisco devices by default - routers, switches, IP phones, access points
• Operates at Data Link Layer, meaning it works regardless of Layer 3 protocols (IP, IPX, etc.)
• Uses multicast address 01-00-0C-CC-CC-CC to send advertisements every 60 seconds
• Hold timer is 180 seconds (3x the advertisement interval) - if no CDP packet received, neighbor entry expires

CDP Functionality

• Discovers directly connected Cisco neighbors only - cannot see through non-Cisco devices
• Exchanges information about device capabilities, platform, software version, and interface details
• Helps network administrators map topology and troubleshoot connectivity issues
• Used by network management tools for automatic device discovery and documentation

Key Information Exchanged

• Device ID (hostname)
• Local interface and remote interface names
• Platform type (e.g., Cisco 2960, ISR 4331)
• Capabilities (Router, Switch, Bridge, IGMP, etc.)
• Software version and feature set
• VTP domain name (for switches)
• Native VLAN information
• Duplex settings

CDP Commands

Security Considerations

• CDP should be disabled on interfaces facing untrusted networks (Internet, customer connections)
• Reveals detailed network information that attackers can exploit for reconnaissance
• Shows internal IP addresses, device models, and software versions
• Common security practice: disable on edge interfaces, keep enabled on internal links

Notes

• Always disable CDP on external-facing interfaces for security
• CDP works even when IP connectivity is broken, making it valuable for troubleshooting Layer 1/2 issues
• The show cdp neighbors detail command is essential for finding IP addresses of connected devices
• Remember: CDP only shows directly connected Cisco neighbors