Solved: Why should I disable the CDP?

Malik_zoubir · ‎04-09-2017

Hi guys!

The IT manager, asked me to disable CDP, cause when using (our monitoring tool) he got a warning.

Why should I disable it? knowing that it helps a lot, espicialy for designing the network diagram.

Just another question,

Is there any reason to not stop CDP? is there any thing working along with CDP???

Thank you guys....

Julio E. Moisa · ‎04-09-2017

Hi

The best practice says it can disabled on the interfaces for security purposes, but I think you could enable it for troubleshooting when it is required. Please check this link:

http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Dennis Mink · ‎04-09-2017

First of all keep in mind that CDP is cisco proprietary, so pretty much usable between cisco devices only. If you dont use cisco phones, and dont want to run it between Cisco switches, there is no real harm in turning it of.

I am curious what the monitoring tool prompted you to turning it off?

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

Malik_zoubir · ‎04-09-2017

thank you for the answer,

The monitoring tool is solarwinds and it's listed as a security warning. I didn't use personaly solarwinds not yet, but it's what they told me.

Dennis Mink · ‎04-09-2017

I guess CDP is a security respect with respect to it being able to pull information off a Layer2 neighbour such as IP address, hardware type and firmware, so in that respect you might want to be careful where you use it and at least turn if off on access ports

cheers

Please remember to rate useful posts, by clicking on the stars below.

Julio E. Moisa · ‎04-09-2017

Hi

It is recommended by security purposes but it depends of the use of this on your network by the network administrators. To be honest I love cdp, it is very useful. Now if you are thinking to turn off take in consideration that some voice over IP hardphones use CDP for dhcp information.

Check this link about CDP and Cisco phones, https://supportforums.cisco.com/document/104191/ip-phone-boot-process

Please rate the comment if it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Malik_zoubir · ‎04-09-2017

Do you think that there's any advice to secure the CDP without disabling it???

Thank you for your answer.

Julio E. Moisa · ‎04-09-2017

Hi

The best practice says it can disabled on the interfaces for security purposes, but I think you could enable it for troubleshooting when it is required. Please check this link:

http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Malik_zoubir · ‎04-09-2017

Thank you, i think it is what I am going to do... I finished the Design of the existing network...

Julio E. Moisa · ‎04-09-2017

Hi

You are welcome, have a good day

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

sjd2020 · ‎02-10-2020

If we disabled CDP , ip phones are getting data vlan Ip address,

and if i set admin vlan number in IP phones then it changes to voice vlan,,

so if i have 500+ users i can able to change manullay as adminvlan id in IP phones...
so i need your technical advise to fix this issue.