CDP stands for Cisco Discovery Protocol. This is a Cisco proprietary mechanism that can be used for verifying the Cisco devices connected directly to the host.

CDP sends the host details to its Cisco neighbor every 60 seconds by default and places a hold time of 180 seconds. If a CDP message does not reach the neighbor within 180 seconds, it will consider the neighbor dead and remove it from the CDP table.

To enable CDP globally:

Sw(config)#cdp run

This command enables CDP on all the interfaces. This may pose a security threat as an interface that is connected to the internet may leave its information open to some unknown user which might be exploited. Hence its better to turn on CDP on the required interfaces alone.

To enable CDP on the interfaces:

Sw(config-if)#cdp enable

To disable CDP on a particular interface, use the no cdp enable command on the corresponding interface mode.

To verify the information that a neighbor sends through CDP:

Sw#show cdp neighbors

This output gives the neighbor's hostname, interface connected to the neighbor, model of the Cisco neighbor, and so on.

To get detailed information, such as the IP address of the neighbor:

Sw#show cdp neighbor detail

For example:

In this example, we have two routers connected to the external internet. The R2 router is connected to the public cloud on the f1/0 interface. We can realize a vulnerability if CDP is turned on in this interface. Hence we can disable CDP on the f1/0 interface:

R2(config)#interface FastEthernet 1/0
R2(config-if)#no cdp enable

As a result, we can see the output shown on R2:

R2#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
 S - Switch, H - Host, I - IGMP, r - Repeater
Device ID   Local Intrface   Holdtme    Capability   Platform      Port ID           R1          Fas 0/0        166        R S I        3640         Fas 0/0

Thus we can enable CDP in a more secured manner.