Solved: CDP Packet

sabrouch001 · ‎11-16-2005

Hello,

Please I would like to know the size and the composation of a CDP packet, and if the CDP make a lot of traffic on the network.

DAVID NOONAN · ‎11-16-2005

Info on the CDP frame:

http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm#xtocid12

CDP traffic is layer-2 so it's generally confined to a single segment. CDP sends a multicast frame every 60 seconds (by default, it can be changed with the "cdp timer") so it shouldn't be much traffic.

View solution in original post

Richard Burts · ‎11-16-2005

Sabri

From a capture I did the CDP packet is 194 bytes. It has a standard layer 2 header for 802.3 SNAP with a multicast MAC destination address. There is no layer 3 information in the frame. The payload is the CDP data.

No the CDP traffic does not make a lot of traffic on the network. It is a pretty small packet on the network, once every 60 seconds. Given the helpful information that CDP can generate I believe that it is well worth running CDP. And the load that it puts on the network is pretty insignificant.

HTH

Rick

HTH

Rick

View solution in original post

Marvin Rhoads · ‎11-16-2005

Some (i.e., National Secuirty Agency: http://www.nsa.gov/snac/downloads_cisco.cfm?MenuID=scg10.3.1, reference paragraph 4.2.1, page 69) have argued that cdp can be considered a security risk as it potentially exposes information about your platform to untrusted sources.

I don't share that opinion, except for public-facing interfaces. In those instances only, I would advocate "no cdp" on the interface. Properly isolated (firewall, etc.) interfaces should use cdp for the utlility it adds - especially for networks using CiscoWorks as an element manager - not having cdp enabled disables much of the Campus Manager tools' functionality (e.g., the ANI discovery process).

View solution in original post

itdojo · ‎11-16-2005

Attached is a text printout of a CDP packet captured in Ethereal. I captured this from a 3548 switch in my lab.

View solution in original post

DAVID NOONAN · ‎11-16-2005

Info on the CDP frame:

http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm#xtocid12

CDP traffic is layer-2 so it's generally confined to a single segment. CDP sends a multicast frame every 60 seconds (by default, it can be changed with the "cdp timer") so it shouldn't be much traffic.

Richard Burts · ‎11-16-2005

Sabri

From a capture I did the CDP packet is 194 bytes. It has a standard layer 2 header for 802.3 SNAP with a multicast MAC destination address. There is no layer 3 information in the frame. The payload is the CDP data.

No the CDP traffic does not make a lot of traffic on the network. It is a pretty small packet on the network, once every 60 seconds. Given the helpful information that CDP can generate I believe that it is well worth running CDP. And the load that it puts on the network is pretty insignificant.

HTH

Rick

HTH

Rick

Marvin Rhoads · ‎11-16-2005

Some (i.e., National Secuirty Agency: http://www.nsa.gov/snac/downloads_cisco.cfm?MenuID=scg10.3.1, reference paragraph 4.2.1, page 69) have argued that cdp can be considered a security risk as it potentially exposes information about your platform to untrusted sources.

I don't share that opinion, except for public-facing interfaces. In those instances only, I would advocate "no cdp" on the interface. Properly isolated (firewall, etc.) interfaces should use cdp for the utlility it adds - especially for networks using CiscoWorks as an element manager - not having cdp enabled disables much of the Campus Manager tools' functionality (e.g., the ANI discovery process).

itdojo · ‎11-16-2005

Attached is a text printout of a CDP packet captured in Ethereal. I captured this from a 3548 switch in my lab.

sabrouch001 · ‎11-17-2005

thank you for your help