Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
775
Views
0
Helpful
4
Replies

CDP questions

Go to solution
dionjiles
Level 1
Level 1

‎03-25-2008 09:48 AM

My engineer has a question regards to CDP.

If we were to turn CDP off on a interface level would we still receive alerts on that interface i.e. up/down errors status in CiscoWorks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to dionjiles

‎03-25-2008 11:00 AM

In terms of security, it's best to disable CDP on all interfaces/ports which go to devices you do not manage, or to user access ports. I realize it may not always be possible to turn off CDP to access ports given things like IP telephony, but it should be very doable on links to devices that you do not manage (e.g. ISP devices). This way you're not providing people with more information than they need to know. Keeping CDP enabled on infrastructure links that interconnect managed devices should not open you up to any security problems.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎03-25-2008 10:29 AM

Yes. Provided the interface is managed in DFM, it will still provide unreachable events for that interface. However, without CDP, Campus Manager will not be able to ascertain the related topology.

0 Helpful

Go to solution
dionjiles
Level 1
Level 1
In response to Joe Clarke

‎03-25-2008 10:56 AM

Thanks for your response. Preparing for an network audit and security is asking if we can turn off CDP but we are in a battle with them right now. I am aware that Campus Manager will be affected if we were to do this hopefully we won't thanks.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to dionjiles

‎03-25-2008 11:00 AM

In terms of security, it's best to disable CDP on all interfaces/ports which go to devices you do not manage, or to user access ports. I realize it may not always be possible to turn off CDP to access ports given things like IP telephony, but it should be very doable on links to devices that you do not manage (e.g. ISP devices). This way you're not providing people with more information than they need to know. Keeping CDP enabled on infrastructure links that interconnect managed devices should not open you up to any security problems.

0 Helpful

Go to solution
dionjiles
Level 1
Level 1
In response to Joe Clarke

‎03-25-2008 11:09 AM

You are right. Thanks so much....this is why I'm always in the cisco forum.....very valuable information.

0 Helpful
Customers Also Viewed These Support Documents