Secure CDP

ravirepaka · ‎07-08-2005

Hi Guys,

I have recently installed CW Lan Manager 2.2 in my production network.I have the following queries on CDP and SNMP

Due to my companies policy,I cannot enable CDP on the network nodes due to security reason(As CDP can provide the complete device information if it is tracked),But I believe Cisco recommends to enable CDP on the nodes that are to be discovered by CW.

Is it possible to discover the nodes by any other way with out using CDP,or is there any secure kind of CDP available that can limit the information.

Kindly let me know if any of you guys have the solution to my problem.

Thanks

RR

nhabib · ‎07-08-2005

Unfortunately, Campus Manager reuquires CDP information.

I don't know of any way to secure CDP.

mfreeman451 · ‎07-08-2005

You could use an ACL? According to my docs Campus Manager won't work without CDP enabled..

Marvin Rhoads · ‎07-08-2005

CM is severaly hobbled w/o cdp - probably to the point of uselessness. When faced with this draconian policy in a previous job, I got them to change the policy. Mitigate the vulnerability with good passwords on snmp, access logging (tacacs), protection of the management interfaces on a separate VLAN, etc. and you'll be good to go.

lanbrown · ‎07-08-2005

You could use a seed file, but every Cisco device would need to be added to it. You could also just add the devices manually to RME as well.