cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5987
Views
4
Helpful
9
Replies

Why should I disable the CDP?

Malik_zoubir
Level 1
Level 1

Hi guys!

The IT manager, asked me to disable CDP, cause when using (our monitoring tool) he got a warning.

Why should I disable it? knowing that it helps a lot, espicialy for designing the network diagram.

Just another question,

Is there any reason to not stop CDP? is there any thing working along with CDP???

Thank you guys....

1 Accepted Solution

Accepted Solutions

Hi

The best practice says it can disabled on the interfaces for security purposes, but I think you could enable it for troubleshooting when it is required. Please check this link:

http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

9 Replies 9

Dennis Mink
VIP Alumni
VIP Alumni

First of all keep in mind that CDP is cisco proprietary, so pretty much usable between cisco devices only.  If you dont use cisco phones, and dont want to run it between Cisco switches, there is no real harm in turning it of.

I am curious what the monitoring tool prompted you to turning it off?

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

thank you for the answer,

The monitoring tool is solarwinds and it's listed as a security warning. I didn't use personaly solarwinds not yet, but it's what they told me.

I guess CDP is a security respect with respect to it being able to pull information off a Layer2 neighbour such as IP address, hardware type and firmware, so in that respect you might want to be careful where you use it and at least turn if off on access ports

cheers

Please remember to rate useful posts, by clicking on the stars below.

Hi

It is recommended by security purposes but it depends of the use of this on your network by the network administrators. To be honest I love cdp, it is very useful. Now if you are thinking to turn off take in consideration that some voice over IP hardphones use CDP for dhcp information. 

Check this link about CDP and Cisco phones, https://supportforums.cisco.com/document/104191/ip-phone-boot-process

Please rate the comment if it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Do you think that there's any advice to secure the CDP without disabling it???

Thank you for your answer.

Hi

The best practice says it can disabled on the interfaces for security purposes, but I think you could enable it for troubleshooting when it is required. Please check this link:

http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Thank you, i think it is what I am going to do... I finished the Design of the existing network...

Hi

You are welcome, have a good day

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

If we disabled CDP , ip phones are getting data vlan Ip address,

and if i set admin vlan number in IP phones then it changes to voice vlan,,

so if i have 500+ users i can able to change manullay as adminvlan id in IP phones...
so i need your technical advise to fix this issue.

Review Cisco Networking for a $25 gift card