How to disable cdp traffic on cisco core router

ahsanrasheed1 · ‎03-13-2014

Hi All members,

I want discuss one issue with all of you.

I am facing some issue on cisco 2811 routers. I am using very simple connectivity of ospf between core ,customer 1 and customer2 routers. I have disabled cdp on core router but customer routers A & B can see each other via cdp as show cdp neighbor. On cisco core router how we can disable multicast traffic or disable cdp so customer routers can't see each other via cdp.we do not have any control on customer routers. we have control on our router and access points. I know one thing, we don't have much options on our Access points but there is some way on cisco core router to block cdp traffic, i want to know how its is possible on cisco core router. is there any option?

On two different AP's on point to multipoint (pmp) scenario like this:

(Customer A Router1)---->Customer radio(Station)--------->AP1------>Tough switch-------->AP2--------->Customer radio(station)------->(customer B Router 1 ).

Equipment i am using:

Routers: 2811 cisco router

Customer radio: Ubiquiti Nano station M5

AP1 & AP2: Ubiquiti Nano station M5

And toughswitch of ubiquiti is connected to core router like multipoint customer of AP's scenario. Both Customers are different companies, they should not see each other router, may be they can ping or not.my question is this " how to disable cdp on core router or both AP's or customer radios, we don’t want that both customer can see each other router, we want they can ping but can’t see other. If i do show cdp neighbor on each customer router, i can see other router. although client isolation in enable on both AP1 and AP2, multicasting and extra reporting are disable on radios. We do not have any control on customer routers or devices, like we can’t disable cdp on customer routers in real and live situation. I have also tried to disable cdp on core router but customer routers can still see each other.

our main concern are:

1)both customer routers should not see each other via cdp, but they should pass traffic.

or

2)both customer routers should not see each other, also should not ping each other.

I have checked with by disable the cdp on core router but customer can still each other (A & B routers).

is there anything we can do on AP's or customer radio or cisco routers to resolve above two issues.My main concern is now Is there any thing we can do on cisco core router, to disable cdp traffic that customers can not see each other.

All suggestions and solutions are requested to solve this issue.

Thanks & Regards,

Ahsan Rasheed

shamax_1983 · ‎03-13-2014

Hi Ahsan,

Unfortunately with your topology I don't think this is possible. The only way you can stop this is if you can block ALL multicast traffic on your APs. Since you mentioned you've already turned off Multicast traffic on the APs, I don't think it is blocking ALL multicast frames... it may only be blocking IPv4 (or/and v6) Multicast frames and simply forward rest of the Multicast traffic (without knowing how to deal with them)

You can't do much at the core router level because CDP frames are switched trough the toughswitch. So there is no way you can control this traffic from the router..

The toughswitch Just broadcasts all CDP on all ports and that's how the two customer routers can see each other. If you want to stop CDP at the switch level, you need something that understands CDP frames.. ( Like Cisco switch :)). OR APs that can stop CDP Multicast..

Hope this helps.

Please rate helpful answers.