03-09-2017 05:01 PM - edited 03-08-2019 09:41 AM
Hello, my supervisor has asked me to disable CDP on all switch ports that have wifi access points attached.
I guess this to prevent any wifi clients potentially reporting themselves as 'neighbors'.
Would there be any other reasons for doing this ?
Thanks kindly.
03-09-2017 06:01 PM
When a large amount of CDP neighbor announcements are sent, it is possible to consume all memory of an available device. This causes a crash or other abnormal behavior.
Reference: http://www.cisco.com/c/en/us/support/docs/network-management/discovery-protocol-cdp/43485-cdponios43485.html
03-12-2017 04:19 AM
Hello, my supervisor has asked me to disable CDP on all switch ports that have wifi access points attached.
I guess this to prevent any wifi clients potentially reporting themselves as 'neighbors'.
Would there be any other reasons for doing this ?
Thanks kindly.
Hi,
Normal Security recommendation always come to shutdown anything that is not needed in the system.Less risks for different types of attacks and less risks for bugs.
Normally , cdp will send out information that gives the attacker an edge such as the version number of the operating system and what port you are on what type of hardware it is and so on.
so it is a Loophole or anyone getting ready to attack your system. If the details are know like ios they can findout what bugs it has and so on.
CDP is powerful when it comes to different things like asking the switches for information and stuffs.
Hope it Helps..
-GI
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: