04-09-2017 02:26 AM - edited 03-08-2019 10:08 AM
Hi guys!
The IT manager, asked me to disable CDP, cause when using (our monitoring tool) he got a warning.
Why should I disable it? knowing that it helps a lot, espicialy for designing the network diagram.
Just another question,
Is there any reason to not stop CDP? is there any thing working along with CDP???
Thank you guys....
Solved! Go to Solution.
04-09-2017 08:36 AM
Hi
The best practice says it can disabled on the interfaces for security purposes, but I think you could enable it for troubleshooting when it is required. Please check this link:
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
04-09-2017 04:07 AM
First of all keep in mind that CDP is cisco proprietary, so pretty much usable between cisco devices only. If you dont use cisco phones, and dont want to run it between Cisco switches, there is no real harm in turning it of.
I am curious what the monitoring tool prompted you to turning it off?
Please rate if useful
04-09-2017 05:30 AM
thank you for the answer,
The monitoring tool is solarwinds and it's listed as a security warning. I didn't use personaly solarwinds not yet, but it's what they told me.
04-09-2017 06:16 AM
I guess CDP is a security respect with respect to it being able to pull information off a Layer2 neighbour such as IP address, hardware type and firmware, so in that respect you might want to be careful where you use it and at least turn if off on access ports
cheers
04-09-2017 06:22 AM
Hi
It is recommended by security purposes but it depends of the use of this on your network by the network administrators. To be honest I love cdp, it is very useful. Now if you are thinking to turn off take in consideration that some voice over IP hardphones use CDP for dhcp information.
Check this link about CDP and Cisco phones, https://supportforums.cisco.com/document/104191/ip-phone-boot-process
Please rate the comment if it is useful
:-)
04-09-2017 08:33 AM
Do you think that there's any advice to secure the CDP without disabling it???
Thank you for your answer.
04-09-2017 08:36 AM
Hi
The best practice says it can disabled on the interfaces for security purposes, but I think you could enable it for troubleshooting when it is required. Please check this link:
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
04-09-2017 08:40 AM
Thank you, i think it is what I am going to do... I finished the Design of the existing network...
04-09-2017 08:44 AM
Hi
You are welcome, have a good day
:-)
02-10-2020 11:35 PM
If we disabled CDP , ip phones are getting data vlan Ip address,
and if i set admin vlan number in IP phones then it changes to voice vlan,,
so if i have 500+ users i can able to change manullay as adminvlan id in IP phones...
so i need your technical advise to fix this issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide