08-04-2010 11:13 AM - edited 03-06-2019 12:19 PM
this is not a huge issue, just an odd question. I'm sitting next to someone who's just getting their hands dirty with Cisco gear. So he asks me "when I do a 'show ?' cdp and interfaces isn't on the list". So I log in to see for myself (I never actually looked for cdp or int when doing a sho ? before), and sure enough it wasnt (but the command executes anyhow). when I enable on that same switch and do a 'sho ?' cdp and interfaces IS on the list.
I then logged into switches running other code, same thing on 12.2(25) and 12.2(53) both 3750g's. Also tried this on various 6500's, same result. 2800 router, same result.
Is there a good reason why those commands are ommitted from the list, yet still work from user exec prompt?
08-04-2010 11:58 AM
Hi,
This is likely for security purposes from a logical point of view. For example, If an unauthorized person connects to the switch and does not know the enable password, you don't want them to know what devices (IP address, device info etc) are connected to the current device via CDP.
08-04-2010 12:59 PM
I would buy that if you couldn't execute the command at all unless you enable, but you could execute the command from user exec. If someone finds the device, gets credentials to the device, and wants to 'look around', I'm sure they would know the 'sho cdp nei' command... If it were security purposes, then why not disable the command altogether?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide