In an attempt to make my network as secure as possible. I wanted to disable LLDP. When is it right to disable LLDP and when do you need it. I know it is for interoperability but currently we have all Cisco switches in our network.
You might need LLDP , which is the standardized equivalent of CDP, when you need interoperability btwn non-Cisco boxes and also when you have IP-Phones connected to to access switches. Newer Ip-Phones use LLDP-MED.
LLDP, like CDP is a discovery protocol used by devices to identify themselves. By default Cisco switches & routers send CDP packets out on all interfaces (that are Up) every 60-seconds. The contents of the CDP packet will contain the device type, hostname, Interface type/number and IP address, IOS version and on switches VTP information. Additionally Cisco IP Phones signal via CDP their PoE power requirements. LLDP is essentially the same but a standardised version. Depending on what IOS version you are running it might ben enabled by default or not. It is an incredibly useful feature when troubleshooting.
Security people see the information sent via CDP or LLDP as a security risk as it potentially allows hackers to get vital information about the device to launch an attack.
It is up to you whether you think you should disable it or not (either CDP, LLDP or both). If you have applied other measures to mitigate attacks (VTY/HTTP ACL's, control-plane policing etc) then I personally don't see it as a big risk and see the troubleshooting ability as a bigger benefit.
If you have IP Phones (Cisco or others) then CDP and or LLDP might be required to support these.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.