Re: 'cdp' or 'interface' does not show up when 'sho ?' in EXEC

randomjoe1 · ‎08-04-2010

this is not a huge issue, just an odd question. I'm sitting next to someone who's just getting their hands dirty with Cisco gear. So he asks me "when I do a 'show ?' cdp and interfaces isn't on the list". So I log in to see for myself (I never actually looked for cdp or int when doing a sho ? before), and sure enough it wasnt (but the command executes anyhow). when I enable on that same switch and do a 'sho ?' cdp and interfaces IS on the list.

I then logged into switches running other code, same thing on 12.2(25) and 12.2(53) both 3750g's. Also tried this on various 6500's, same result. 2800 router, same result.

Is there a good reason why those commands are ommitted from the list, yet still work from user exec prompt?

vragotha · ‎08-04-2010

Hi,

This is likely for security purposes from a logical point of view. For example, If an unauthorized person connects to the switch and does not know the enable password, you don't want them to know what devices (IP address, device info etc) are connected to the current device via CDP.

randomjoe1 · ‎08-04-2010

I would buy that if you couldn't execute the command at all unless you enable, but you could execute the command from user exec. If someone finds the device, gets credentials to the device, and wants to 'look around', I'm sure they would know the 'sho cdp nei' command... If it were security purposes, then why not disable the command altogether?