Day 5. CDP and LLDP
CCNA 200-301 Exam Topics
Configure and verify Layer 2 discovery protocols (Cisco Discovery Protocol and LLDP).
Key Topics
Cisco Discovery Protocol (CDP) is a Cisco-proprietary Layer 2 protocol used to gather information about Cisco devices on the same data link. Cisco devices also support Link Layer Discovery Protocol (LLDP), which is a standards-based neighbor discovery protocol similar to CDP. Today we review the configuration and verification of CDP and LLDP.
CDP Overview
As Figure 5-1 shows, CDP sends advertisements to directly connected devices.
Figure 5-1 CDP Sends Advertisements Between Directly Connected Devices
CDP runs on all Cisco-manufactured equipment. It gathers the protocol addresses of neighboring devices and discovers the platforms of those devices. CDP runs over the data link layer only. This means that two systems that support different Layer 3 protocols can learn about each other. Table 5-1 summarizes the CDP defaults.
Table 5-1 CDP Defaults
Parameter |
Default |
CDP |
Enabled globally and on all interfaces |
CDP version |
Version 2 |
CDP timer |
60 seconds |
CDP holdtime |
180 seconds |
CDP can assist in network discovery and troubleshooting. CDP advertises the following helpful information:
Device ID: The hostname of the neighboring device
Addresses: The IPv4 and IPv6 addresses used by the device
Port ID: The name of the local port or the remote port
Capabilities: Whether the device is a router or a switch or has other capabilities
Version: The version of CDP running on the device
Platform: The hardware platform of the device, such as a Cisco 1941 router or 2960 switch
CDP Configuration
CDP is enabled on a device for all interfaces, as Example 5-1 shows.
Example 5-1 CDP Running on All Interfaces
Router# show cdp interface Embedded-Service-Engine0/0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/1 is up, line protocol is up Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/0 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/1 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds cdp enabled interfaces : 5 interfaces up : 1 interfaces down : 4 Router# show ip interface brief Interface IP-Address OK? Method Status Protocol Embedded-Service-Engine0/0 unassigned YES unset administratively down down GigabitEthernet0/0 unassigned YES unset administratively down down GigabitEthernet0/1 unassigned YES unset up up Serial0/0/0 unassigned YES unset administratively down down Serial0/0/1 unassigned YES unset administratively down down Router#
Notice in the output in Example 5-1 that an interface does not have to be configured with a Layer 3 address to send or receive CDP advertisements. The interface only needs to be activated with the no shutdown command. In Example 5-2. the switch connected to the router in Example 5-1 has gathered CDP information about the router. The two devices are communicating across the Layer 2 link without any Layer 3 addressing.
Example 5-2 Sending Layer 2 Messages
Switch# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Router Fas 0/5 155 R B S I CISCO1941 Gig 0/1
Switch#
To disable CDP on the device, use the CDP global configuration command no cdp run:
Router(config)# no cdp run
Verify that the device is no longer running CDP by using the show cdp command:
Router# show cdp % CDP is not enabled Router#
After waiting for the 180-second holdtime to expire on the switch, you can verify that the switch is no longer receiving information about the router (see Example 5-3).
Example 5-3 Verifying That a Switch Has No CDP Neighbors
Switch# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch#
You can also disable CDP on a per-interface basis. This configuration option is a security best practice for interfaces that are connected to untrusted networks. To disable CDP on an interface, use the no cdp enable command (see Example 5-4).
Example 5-4 Disabling CDP on an Interface
Router(config)# interface s0/0/0 Router(config-if)# no cdp enable Router(config-if)# end Router# show cdp interface Embedded-Service-Engine0/0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/0 is administratively down, line protocol is down Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds GigabitEthernet0/1 is up, line protocol is up Encapsulation ARPA Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0/0/1 is administratively down, line protocol is down Encapsulation HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds cdp enabled interfaces : 4 interfaces up : 1 interfaces down : 3 Router#
Notice in the output of the show cdp interface command that the Serial 0/0/0 interface is no longer listed, as it was in Example 5-1.
To adjust the time for CDP advertisements, use the cdp timer global configuration command:
Router(config)# cdp timer seconds
The range is 5 to 254 seconds, and the default is 60 seconds. If you modify the CDP timer, you should also modify the holdtime with the cdp holdtime global configuration command:
Router(config)# cdp holdtime seconds
The range is from 10 to 255, and the default is 180 seconds.
CDP Verification
You have already seen examples of show cdp, show cdp neighbors, and show cdp interface. The show cdp neighbors detail command lists all the information CDP gathers about directly connected neighbors. In Example 5-5. switch S3 knows a variety of information about R1, including the IP address and Cisco IOS version running on the router.
Example 5-5 CDP Detailed Information
S3# show cdp neighbors detail ------------------------- Device ID: R3.31days.com Entry address(es): IP address: 192.168.1.1 Platform: Cisco CISCO1941/K9, Capabilities: Router Source-Route-Bridge Switch IGMP Interface: FastEthernet0/5, Port ID (outgoing port): GigabitEthernet0/1 Holdtime : 162 sec Version : Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M2, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Fri 06-Feb-15 17:01 by prod_rel_team advertisement version: 2 Duplex: full Power Available TLV: Power request id: 0, Power management id: 0, Power available: 0, Power management level: 0 Management address(es): IP address: 192.168.1.1 S3#
When documentation is lacking or incomplete, you can use CDP to gather information about devices and discover the network topology. Example 5-6 shows how to remotely access R3 and discover that R2 is connected to R3.
Example 5-6 Discovering More Devices
S3# ssh -l admin 192.168.1.1 Password: R3> show cdp neighbors detail ------------------------- Device ID: S3.31days.com Entry address(es): IP address: 192.168.1.2 Platform: cisco WS-C2960-24TT-L, Capabilities: Switch IGMP Interface: GigabitEthernet0/1, Port ID (outgoing port): FastEthernet0/5 Holdtime : 126 sec Version : Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2014 by Cisco Systems, Inc. Compiled Thu 23-Oct-14 14:49 by prod_rel_team advertisement version: 2 Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FF FFFFFF010221FF0000000000000CD996E87400FF0000 VTP Management Domain: '' Native VLAN: 1 Duplex: full Management address(es): IP address: 192.168.1.2 ------------------------- Device ID: R2.31days.com Entry address(es): IP address: 192.168.10.1 Platform: Cisco CISCO1941/K9, Capabilities: Router Source-Route-Bridge Switch IGMP Interface: Serial0/0/1, Port ID (outgoing port): Serial0/0/1 Holdtime : 148 sec Version : Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(3)M2, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Fri 06-Feb-15 17:01 by prod_rel_team advertisement version: 2 Management address(es): IP address: 192.168.10.1 Total cdp entries displayed : 2 R3>
You can now access router R2, with authentication, and continue discovering the network.
As Example 5-7 shows, you use the show cdp traffic command to verify how many CDP packets a device has sent and received.
Example 5-7 Verifying the Number of CDP Packets
R3# show cdp traffic
CDP counters :
Total packets output: 758, Input: 724
Hdr syntax: 0, Chksum error: 0, Encaps failed: 1
No memory: 0, Invalid packet: 0,
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 758, Input: 724
R3#
LLDP Overview
In addition to supporting CDP, Cisco devices also support LLDP, which is a vendor-neutral open standard (IEEE 802.1AB). LLDP works with routers, switches, and wireless LAN access points. As with CDP, LLDP is a neighbor discovery protocol that is used for network devices to advertise information about themselves to other devices on the network. Also as with CDP, LLDP enables two systems running different network layer protocols to learn about each other.
Table 5-2 summarizes the CDP defaults.
Table 5-2 LLDP Defaults
Parameter |
Default |
LLDP |
Disabled globally and on all interfaces |
LLDP timer |
30 seconds |
LLDP holdtime |
120 seconds |
LLDP reinitialization delay |
2 seconds |
LLDP Configuration
To enable LLDP globally, enter the lldp run command:
Router(config)# lldp run
When enabled globally, LLDP is enabled on all interfaces. To disable LLDP on an interface, use the no lldp transmit and no lldp receive commands:
Router(config)# interface interface-id Router(config-if)# no lldp transmit Router(config-if)# no lldp receive Router(config-if)# end Router#
To adjust the time for LLDP advertisements, use the lldp timer global configuration command:
Router(config)# lldp timer seconds
The range is 5 to 65534 seconds, and the default is 30 seconds. If you modify the CDP timer, you should also modify the holdtime with the cdp holdtime global configuration command:
Router(config)# lldp holdtime seconds
The range is from 0 to 65535, and the default is 120 seconds. You can also modify the delay time for LLDP to initialize on any interface with the lldp reinit global configuration command:
Router(config)# lldp reinit seconds
The range is 2 to 5 seconds, and the default is 2 seconds.
For the topology in Figure 5-2, the policy is that LLDP should have the same timers as CDP. Routers should not transmit LLDP messages out LAN interfaces.
Figure 5-2 LLDP Configuration Topology
Example 5-8 shows the commands to implement the LLDP policy.
Example 5-8 LLDP Configuration
R1(config)# lldp run
R1(config)# lldp timer 60
R1(config)# lldp holdtime 180
R1(config)# interface g0/1
R1(config-if)# no lldp transmit
R1(config-if)# end
R1#
S1(config)# lldp run
S1(config)# lldp timer 60
S1(config)# lldp holdtime 180
S1(config)# end
S1#
LLDP Verification
The LLDP verification commands are similar to those in CDP. Simply replace the keyword cdp with llpd. Example 5-9 shows output from the LLDP verification commands.
Example 5-9 LLDP Verification Commands
R1# show lldp
Global LLDP Information:
Status: ACTIVE
LLDP advertisements are sent every 60 seconds
LLDP hold time advertised is 180 seconds
LLDP interface reinitialization delay is 2 seconds
R1# show lldp interface
<output omitted>
GigabitEthernet0/0:
Tx: enabled
Rx: enabled
Tx state: INIT
Rx state: WAIT PORT OPER
GigabitEthernet0/1:
Tx: disabled
Rx: enabled
Tx state: INIT
Rx state: WAIT FOR FRAME
<output omitted>
R1# show lldp neighbors
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
S1 Gi0/1 180 B Fa0/5
Total entries displayed: 1
R1# show lldp neighbors detail
------------------------------------------------
Local Intf: Gi0/1
Chassis id: 0cd9.96e8.8a00
Port id: Fa0/5
Port Description: FastEthernet0/5
System Name: S1.31days.com
System Description:
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE7,
RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Thu 23-Oct-14 14:49 by prod_rel_team
Time remaining: 127 seconds
System Capabilities: B
Enabled Capabilities: B
Management Addresses:
IP: 172.16.1.2
Auto Negotiation - supported, enabled
Physical media capabilities:
100base-TX(FD)
100base-TX(HD)
10base-T(FD)
10base-T(HD)
Media Attachment Unit type: 16
Vlan ID: 1
Total entries displayed: 1
R1# show lldp traffic
LLDP traffic statistics:
Total frames out: 171
Total entries aged: 0
Total frames in: 34
Total frames received in error: 0
Total frames discarded: 0
Total TLVs discarded: 0
Total TLVs unrecognized: 0
R1#
Study Resources
For today’s exam topics, refer to the following resources for more study.
Resource |
Module or Chapter |
Enterprise Networking, Security, and Automation |
10 |
CCNA 200-301 Official Cert Guide, Volume 2 |
9 |
|
12 |
Portable Command Guide |
13 |