Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2122
Views
0
Helpful
5
Replies

CDP Packet

Go to solution
sabrouch001
Level 1
Level 1

‎11-16-2005 06:11 AM

Hello,

Please I would like to know the size and the composation of a CDP packet, and if the CDP make a lot of traffic on the network.

1 person had this problem
Labels:
0 Helpful
4 Accepted Solutions

Accepted Solutions

Go to solution
DAVID NOONAN
Level 1
Level 1

‎11-16-2005 08:42 AM

Info on the CDP frame:

http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm#xtocid12

CDP traffic is layer-2 so it's generally confined to a single segment. CDP sends a multicast frame every 60 seconds (by default, it can be changed with the "cdp timer") so it shouldn't be much traffic.

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎11-16-2005 08:49 AM

Sabri

From a capture I did the CDP packet is 194 bytes. It has a standard layer 2 header for 802.3 SNAP with a multicast MAC destination address. There is no layer 3 information in the frame. The payload is the CDP data.

No the CDP traffic does not make a lot of traffic on the network. It is a pretty small packet on the network, once every 60 seconds. Given the helpful information that CDP can generate I believe that it is well worth running CDP. And the load that it puts on the network is pretty insignificant.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Richard Burts

‎11-16-2005 09:38 AM

Some (i.e., National Secuirty Agency: http://www.nsa.gov/snac/downloads_cisco.cfm?MenuID=scg10.3.1, reference paragraph 4.2.1, page 69) have argued that cdp can be considered a security risk as it potentially exposes information about your platform to untrusted sources.

I don't share that opinion, except for public-facing interfaces. In those instances only, I would advocate "no cdp" on the interface. Properly isolated (firewall, etc.) interfaces should use cdp for the utlility it adds - especially for networks using CiscoWorks as an element manager - not having cdp enabled disables much of the Campus Manager tools' functionality (e.g., the ANI discovery process).

View solution in original post

0 Helpful

Go to solution
itdojo
Level 1
Level 1
In response to Marvin Rhoads

‎11-16-2005 06:58 PM

Attached is a text printout of a CDP packet captured in Ethereal. I captured this from a 3548 switch in my lab.

View solution in original post

Preview file
6 KB
0 Helpful
5 Replies 5

Go to solution
DAVID NOONAN
Level 1
Level 1

‎11-16-2005 08:42 AM

Info on the CDP frame:

http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm#xtocid12

CDP traffic is layer-2 so it's generally confined to a single segment. CDP sends a multicast frame every 60 seconds (by default, it can be changed with the "cdp timer") so it shouldn't be much traffic.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎11-16-2005 08:49 AM

Sabri

From a capture I did the CDP packet is 194 bytes. It has a standard layer 2 header for 802.3 SNAP with a multicast MAC destination address. There is no layer 3 information in the frame. The payload is the CDP data.

No the CDP traffic does not make a lot of traffic on the network. It is a pretty small packet on the network, once every 60 seconds. Given the helpful information that CDP can generate I believe that it is well worth running CDP. And the load that it puts on the network is pretty insignificant.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Richard Burts

‎11-16-2005 09:38 AM

Some (i.e., National Secuirty Agency: http://www.nsa.gov/snac/downloads_cisco.cfm?MenuID=scg10.3.1, reference paragraph 4.2.1, page 69) have argued that cdp can be considered a security risk as it potentially exposes information about your platform to untrusted sources.

I don't share that opinion, except for public-facing interfaces. In those instances only, I would advocate "no cdp" on the interface. Properly isolated (firewall, etc.) interfaces should use cdp for the utlility it adds - especially for networks using CiscoWorks as an element manager - not having cdp enabled disables much of the Campus Manager tools' functionality (e.g., the ANI discovery process).

0 Helpful

Go to solution
itdojo
Level 1
Level 1
In response to Marvin Rhoads

‎11-16-2005 06:58 PM

Attached is a text printout of a CDP packet captured in Ethereal. I captured this from a 3548 switch in my lab.

Preview file
6 KB
0 Helpful

Go to solution
sabrouch001
Level 1
Level 1
In response to itdojo

‎11-17-2005 01:22 AM

thank you for your help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents