Sunday, 16 June 2013

Cisco Discovery Protocol (CDP)

CDP

Topology


Note: The router on the left with DLCI 301 and 302 is still being use at an organisation, so it will not be in CDP entries.



Objectives

  • View CDP information
  • View Wireshark
  • Configure CDP

CDP

  • The neighbor command will show brief information about directly connected neighbors
  • The interface command allows you to view interfaces with CDP enabled, which includes link encapsulation, CDP holdtime, and send times.
  • The traffic command will show which CDP version is running and if there are any errors.
  • The entry command will show alot of detailed information

To gain a quick view of your network toplogy I would use the interface command.





Configure CDP


As of now CDP is enabled on all active interfaces, I will now secure my network by limiting which interfaces CDP is allowed on. To do this you can disable CDP on a per link basis.

This will stop you advertising your network to devices/people who you dont want to.  It will also reduce traffic being sent to your end devices, although you may want it enabled to VoIP phones who use CDP.

Wireshark


If you let CDP run on its default behaviour, an end user could use a program like Wireshark to intercept CDP messages, as seen below.



CHRONOS


I will disable CDP on the fa0/0 interface.

 

With my s0/0 and my serial sub interfaces I can choose which sub interface I want to allow CDP on. You can disable CDP on the physical link and then choose which sub interfaces you want or do not want to advertise CDP information.






 

HADES

 

APHRODITE

 

 

EREBOS


Here I am disabling CDP on my switchports which are in access mode, leaving the trunks to send CDP traffic.





 

GAIA


Here I am disabling CDP on my switchports which are in access mode, leaving the trunks to send CDP traffic.






Complete


No comments:

Post a Comment