NetRef

Search

SearchSearch

Layer 2 Discovery Protocols (CDP & LLDP)

4 min read

Layer 2 discovery protocols such as CDP and LLDP share information with and discover information about neighboring (connected) devices. Shared information includes host name, IP address, device type, etc.

Warning

Because these protocols share information about the devices in a network they can be a security risk. It is common for them not to be used in enterprise networking.

Cisco Discovery Protocol (CDP)

  • CDP is a Cisco-proprietary protocol. As such, it is only supported on Cisco devices.
    • If your network uses a different vendor, or devices from a variety of vendors, they will not be able to use this protocol together — use LLDP instead
  • It is enabled on Cisco devices (routers, switches, firewalls, etc.) by default
    • Annoying, if your organization wants these protocols disabled for security
  • CDP messages are periodically sent to multicast MAC address 0100.0CCC.CCCC
    • When a device receives a CDP message, it processes and discards the message. It does NOT forward it to other devices
  • By default, CDP messages are sent once every 60 seconds
  • The default ‘holdtime’ is 180 seconds (how long a device will wait without seeing a message from a neighbor before removing that neighbor from its neighbor table)
  • There are two version, but CDPv2 is the default. CDPv1 is rarely, if ever, used.

Verification (‘show’ Commands)

  • show cdp
    • Displays basic CDP information including message timers
  • show cdp traffic
    • Displays how many CDP advertisements the device has sent and received, as well as some other statistics
  • show cdp interface {interface-id}
    • Displays CDP information by interface. Optionally specify an interface ID for information on a specific interface
  • show cdp neighbors {detail}
    • Displays the CDP neighbor table — all devices that have been found with CDP. Add the detail tag for additional information about each device.
  • show cdp entry device-id
    • Show the detailed neighbor table entry for a specific neighbored device. The ID is usually the device’s hostname.

Basic Configuration

  • (config)#{no} cdp run
    • Enable or disable (prepend ‘no’ to the command) CDP globally (for the entire device)
  • (config-if)#{no} cdp enable
    • Enable or disable CDP on a specific interface
  • (config)#cdp timer seconds
    • Change how often the device send CDP advertisements
  • (config)#cdp holdtime seconds
    • Change how long the device will wait for a CDP message before deleting a neighbor from its table
  • (config)#{no} cdp advertise-v2
    • Enable or disable sending CDP Version 2 messages, as opposed to sending version 1 messages. This does not stop the device from sending messages, it only specifies which version to send.

Note

CDP is enabled by default on all Cisco devices and on all interfaces on those devices. They will send CDP version 2 messages by default.

Link Layer Discovery Protocol (LLDP)

  • LLDP is an industry standard protocol (IEEE 802.1AB) and is therefore supported by devices from many manufacturers, including Cisco
  • It is typically disabled by default on Cisco devices
  • A device can run CDP and LLDP at the same time, though this is uncommon
  • LLDP messages are periodically sent to multicast MAC address 0180.C200.000E
  • Like in CDP, devices process received LLDP messages and then discard them. LLDP messages are NOT forwarded to other devices.
  • By default LLDP messages are sent once every 30 seconds
  • By default the ‘holdtime’ is 120 seconds
  • LLDP has an additional ‘reinitialization delay’ timer. This is a delay between when LLDP is enabled (globally or on an interface) and when it is actually initialized. Default 2 seconds

Verification (‘show’ Commands)

  • show lldp
    • Displays whether LLDP is enabled globally and timer settings
  • show lldp traffic
    • Displays various statistics about sent & received LLDP frames
  • show lldp interface
    • Displays whether LLDP transmission/receiving are enabled and current states of all interfaces
  • show lldp neighbors {detail}
    • Displays the entire neighbor table. Optional detail tag shows more granular info for each entry
  • show lldp entry device-id
    • Show detailed information on a single neighbor. The ID is the device’s hostname

Basic Configuration

Note

Because LLDP is usually both globally and on each interface by default, you will need to enable it globally and on every interface you want it to be used on.

  • (config)#lldp run
    • Enable LLDP globally
  • To enable LLDP on a specific interface you must enable both transmission and receiving:
    • (config-if)#lldp transmit
      • Enable LLDP message transmission on a specific interface
    • (config-if)#lldp receive
      • Enable LLDP message receiving on a specific interface
  • (config)#lldp timer seconds
    • Configure the message interval timer
  • (config)#lldp holdtime seconds
    • Configure how long the device will wait for a message before deleting a neighbor from its table
  • (config)#lldp reinit seconds
    • Configure the reinitialization delay timer — the delay between LLDP being enabled and actually becoming active

Graph View

Backlinks