Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP).
Cisco Discovery Protocol (CDP) is a Cisco-proprietary Layer 2 protocol used to gather information about Cisco devices on the same data link. Cisco devices also support Link Layer Discovery Protocol (LLDP), which is a standards-based neighbor discovery protocol similar to CDP. Today we review the configuration and verification of CDP and LLDP.
As Figure 5-1 shows, CDP sends advertisements to directly connected devices.
CDP runs on all Cisco-manufactured equipment. It gathers the protocol addresses of neighboring devices and discovers the platforms of those devices. CDP runs over the data link layer only. This means that two systems that support different Layer 3 protocols can learn about each other. Table 5-1 summarizes the CDP defaults.
Table 5-1 CDP Defaults
Parameter |
Default |
CDP |
Enabled globally and on all interfaces |
CDP version |
Version 2 |
CDP timer |
60 seconds |
CDP holdtime |
180 seconds |
CDP can assist in network discovery and troubleshooting. CDP advertises the following helpful information:
Device ID: The hostname of the neighboring device
Addresses: The IPv4 and IPv6 addresses used by the device
Port ID: The name of the local port or the remote port
Capabilities: Whether the device is a router or a switch or has other capabilities
Version: The version of CDP running on the device
Platform: The hardware platform of the device, such as a Cisco 1941 router or 2960 switch
CDP is enabled on a device for all interfaces, as Example 5-1 shows.
Router# show cdp interface Embedded-Service-Engine0/0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/1 is up, line protocol is up Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/0 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/1 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds cdp enabled interfaces : 5 interfaces up : 1 interfaces down : 4 Router# show ip interface brief Interface IP-Address OK? Method Status Protocol Embedded-Service-Engine0/0 unassigned YES unset administratively down down GigabitEthernet0/0 unassigned YES unset administratively down down GigabitEthernet0/1 unassigned YES unset up up Serial0/0/0 unassigned YES unset administratively down down Serial0/0/1 unassigned YES unset administratively down down Router#
Notice in the output in Example 5-1 that an interface does not have to be configured with a Layer 3 address to send or receive CDP advertisements. The interface only needs to be activated with the no shutdown command. In Example 5-2. the switch connected to the router in Example 5-1 has gathered CDP information about the router. The two devices are communicating across the Layer 2 link without any Layer 3 addressing.
Switch# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Router Fas 0/5 155 R B S I CISCO1941 Gig 0/1
Switch#
To disable CDP on the device, use the CDP global configuration command no cdp run:
Router(config)# no cdp run
Verify that the device is no longer running CDP by using the show cdp command:
Router# show cdp % CDP is not enabled Router#
After waiting for the 180-second holdtime to expire on the switch, you can verify that the switch is no longer receiving information about the router (see Example 5-3).
Switch# show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID Switch#
You can also disable CDP on a per-interface basis. This configuration option is a security best practice for interfaces that are connected to untrusted networks. To disable CDP on an interface, use the no cdp enable command (see Example 5-4).
Router(config)# interface s0/0/0 Router(config-if)# no cdp enable Router(config-if)# end Router# show cdp interface Embedded-Service-Engine0/0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/1 is up, line protocol is up Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/1 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds cdp enabled interfaces : 4 interfaces up : 1 interfaces down : 3 Router#
Notice in the output of the show cdp interface command that the Serial 0/0/0 interface is no longer listed, as it was in Example 5-1.
To adjust the time for CDP advertisements, use the cdp timer global configuration command:
Router(config)# cdp timer seconds
The range is 5 to 254 seconds, and the default is 60 seconds. If you modify the CDP timer, you should also modify the holdtime with the cdp holdtime global configuration command:
Router(config)# cdp holdtime seconds
The range is from 10 to 255, and the default is 180 seconds.
You have already seen examples of show cdp, show cdp neighbors, and show cdp interface. The show cdp neighbors detail command lists all the information CDP gathers about directly connected neighbors. In Example 5-5. switch S3 knows a variety of information about R1, including the IP address and Cisco IOS version running on the router.
S3# show cdp neighbors detail ------------------------- Device ID: R3.31days.com Entry address(es): IP address: 192.168.1.1 Platform: Cisco CISCO1941/K9, Capabilities: Router Source-Route-Bridge Switch IGMP Interface: FastEthernet0/5, Port ID (outgoing port): GigabitEthernet0/1 Holdtime : 162 sec Version : Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M2, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Fri 06-Feb-15 17:01 by prod_rel_team advertisement version: 2 Duplex: full Power Available TLV: Power request id: 0, Power management id: 0, Power available: 0, Power management level: 0 Management address(es): IP address: 192.168.1.1 S3#
When documentation is lacking or incomplete, you can use CDP to gather information about devices and discover the network topology. Example 5-6 shows how to remotely access R3 and discover that R2 is connected to R3.
S3# ssh -l admin 192.168.1.1 Password: R3> show cdp neighbors detail ------------------------- Device ID: S3.31days.com Entry address(es): IP address: 192.168.1.2 Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP Interface: GigabitEthernet0/1, Port ID (outgoing port): FastEthernet0/5 Holdtime : 126 sec Version : Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Thu 23-Oct-14 14:49 by prod_rel_team advertisement version: 2 Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FF FFFFFF010221FF0000000000000CD996E87400FF0000 VTP Management Domain: '' Native VLAN: 1 Duplex: full Management address(es): IP address: 192.168.1.2 ------------------------- Device ID: R2.31days.com Entry address(es): IP address: 192.168.10.1 Platform: Cisco CISCO1941/K9, Capabilities: Router Source-Route-Bridge Switch IGMP Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1 Holdtime : 148 sec Version : Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M2, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Fri 06-Feb-15 17:01 by prod_rel_team advertisement version: 2 Management address(es): IP address: 192.168.10.1 Total cdp entries displayed : 2 R3>
You can now access router R2, with authentication, and continue discovering the network.
As Example 5-7 shows, you use the show cdp traffic command to verify how many CDP packets a device has sent and received.
R3# show cdp traffic
CDP counters :
Total packets output: 758, Input: 724
Hdr syntax: 0, Chksum error: 0, Encaps failed: 1
No memory: 0, Invalid packet: 0,
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 758, Input: 724
R3#
In addition to supporting CDP, Cisco devices also support LLDP, which is a vendor-neutral open standard (IEEE 802.1AB). LLDP works with routers, switches, and wireless LAN access points. As with CDP, LLDP is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network. Also as with CDP, LLDP enables two systems running different network layer protocols to learn about each other.
Table 5-2 summarizes the CDP defaults.
Table 5-2 LLDP Defaults
Parameter |
Default |
LLDP |
Disabled globally and on all interfaces |
LLDP timer |
30 seconds |
LLDP holdtime |
120 seconds |
LLDP reinitialization delay |
2 seconds |
To enable LLDP globally, enter the lldp run command:
Router(config)# lldp run
When enabled globally, LLDP is enabled on all interfaces. To disable LLDP on an interface, use the no lldp transmit and no lldp receive commands:
Router(config)# interface interface-id Router(config-if)# no lldp transmit Router(config-if)# no lldp receive Router(config-if)# end Router#
To adjust the time for LLDP advertisements, use the lldp timer global configuration command:
Router(config)# lldp timer seconds
The range is 5 to 65534 seconds, and the default is 30 seconds. If you modify the CDP timer, you should also modify the holdtime with the cdp holdtime global configuration command:
Router(config)# lldp holdtime seconds
The range is from 0 to 65535, and the default is 120 seconds. You can also modify the delay time for LLDP to initialize on any interface with the lldp reinit global configuration command:
Router(config)# lldp reinit seconds
The range is 2 to 5 seconds, and the default is 2 seconds.
For the topology in Figure 5-2, the policy is that LLDP should have the same timers as CDP. Routers should not transmit LLDP messages out LAN interfaces.
Example 5-8 shows the commands to implement the LLDP policy.
R1(config)# lldp run
R1(config)# lldp timer 60
R1(config)# lldp holdtime 180
R1(config)# interface g0/1
R1(config-if)# no lldp transmit
R1(config-if)# end
R1#
S1(config)# lldp run
S1(config)# lldp timer 60
S1(config)# lldp holdtime 180
S1(config)# end
S1#
The LLDP verification commands are similar to those in CDP. Simply replace the keyword cdp with llpd. Example 5-9 shows output from the LLDP verification commands.
R1# show lldp Global LLDP Information: Status: ACTIVE LLDP advertisements are sent every 60 seconds LLDP hold time advertised is 180 seconds LLDP interface reinitialization delay is 2 seconds R1# show lldp interface <output omitted> GigabitEthernet0/0: Tx: enabled Rx: enabled Tx state: INIT Rx state: WAIT PORT OPER GigabitEthernet0/1: Tx: disabled Rx: enabled Tx state: INIT Rx state: WAIT FOR FRAME <output omitted> R1# show lldp neighbors Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold-time Capability Port ID S1 Gi0/1 180 B Fa0/5 Total entries displayed: 1 R1# show lldp neighbors detail ------------------------------------------------ Local Intf: Gi0/1 Chassis id: 0cd9.96e8.8a00 Port id: Fa0/5 Port Description: FastEthernet0/5 System Name: S1.31days.com System Description: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Thu 23-Oct-14 14:49 by prod_rel_team Time remaining: 127 seconds System Capabilities: B Enabled Capabilities: B Management Addresses: IP: 172.16.1.2 Auto Negotiation - supported, enabled Physical media capabilities: 100base-TX(FD) 100base-TX(HD) 10base-T(FD) 10base-T(HD) Media Attachment Unit type: 16 Vlan ID: 1 Total entries displayed: 1 R1# show lldp traffic LLDP traffic statistics: Total frames out: 171 Total entries aged: 0 Total frames in: 34 Total frames received in error: 0 Total frames discarded: 0 Total TLVs discarded: 0 Total TLVs unrecognized: 0 R1#
For today’s exam topics, refer to the following resources for more study.
Resource |
Module or Chapter |
Enterprise Networking, Security, and Automation |
10 |
CCNA 200-301 Official Cert Guide, Volume 2 |
9 |
|
12 |
Portable Command Guide |
13 |
18.119.253.2