Solved: Does disabling CDP affect LMS topology

Joris Deprouw · ‎02-15-2012

Hi all,

I have a customer who wants to disable cdp on all switches for securtity reasons. The same customer has also LMS 4.0 installed.

When disabling cdp, does it affect the topology services on LMS? Can you still see the topology tab on device manager or the topology map of the entire network?

Thanks,

Best Regards,

Joris

Martin Ermel · ‎02-15-2012

it seems you are on a good track :-)

Yes, you are right, the topology map cannot be build without CDP, i.e. LMS cannot draw the links between the devices without having CDP enabled on the devices on both sides of the link. Otherwise the device would appear as "unconncted"

Also Joe pointed this out here.

View solution in original post

Martin Ermel · ‎02-15-2012

Yes, this would affect topology!

the topology part of LMS strictly relies on CDP and also on SNMP read access; You won't be able to make use of the topology services without CDP;

while CDP *COULD* be viewed as a security risc on access ports for endhosts, I wouldn't count it as such for the backbone. Generally there are other more insecure aspects in a network which should be avoided first befor talking about this ...(e.g physical access to devices, using telnet instead of ssh (where possible), no ACL for accessing devices, no ACL for SNMP; no radius or tacacs for device access, etc......)

Joris Deprouw · ‎02-15-2012

Thanks Martin,

We did take already some security steps like you told.

The physical access to the device is limited, ssh access with raduis is configured , ACL for SNMP v3 is also configured.

SNMP read access is allowed but as I understand is not enough to build the topology service(without cdp).

Best Regards,

Joris

Martin Ermel · ‎02-15-2012

it seems you are on a good track :-)

Yes, you are right, the topology map cannot be build without CDP, i.e. LMS cannot draw the links between the devices without having CDP enabled on the devices on both sides of the link. Otherwise the device would appear as "unconncted"

Also Joe pointed this out here.

Joris Deprouw · ‎02-15-2012

Thanks Martin

fawzi siyoucef · ‎07-04-2017

Hi there, I know that the poste is very old, but I need your help in a similar issue, on lms 4.2 our customer has many wan routers to manage with lms, the connectivity is not shown in the map view, the connectivity is over a L3 MPLS service provider. So no L2 connectivity and no cdp, to overcome that we added Gre tunnels on the router conf and activated the cdp. But it did not solve it. Any ideas thanks

Marvin Rhoads · ‎07-04-2017

Do the routers see each other as CDP neighbors across the WAN now?

Did you rediscover them in ANI after adding the GRE interfaces and enabling CDP?

fawzi siyoucef · ‎07-04-2017

Hi Marvin ;

yes the two routers are now CDP neighbors across the WAN & are discovered by LMS , but they are added in the unconnected groupe and we can't see the Link between them .

we already tested it in the Lab environement and it worked fine, but now that it is on a production environement ( over th service provider links ) it is showing the same issue .

do i have to check if the SP is not blocking something ? or do i have to Check my LMS installation ?

Sincerly

Marvin Rhoads · ‎07-04-2017

It's been a good 5-6 years since I've done that on LMS.

Now that I think back, it may be that the links never did show up - it's just that you can discover the remote site(s) due to their CDP adjacency.

If they still have the LMS under support, you should be able to open a TAC case on it.