11-16-2005 06:11 AM
Hello,
Please I would like to know the size and the composation of a CDP packet, and if the CDP make a lot of traffic on the network.
Solved! Go to Solution.
11-16-2005 08:42 AM
Info on the CDP frame:
http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm#xtocid12
CDP traffic is layer-2 so it's generally confined to a single segment. CDP sends a multicast frame every 60 seconds (by default, it can be changed with the "cdp timer") so it shouldn't be much traffic.
11-16-2005 08:49 AM
Sabri
From a capture I did the CDP packet is 194 bytes. It has a standard layer 2 header for 802.3 SNAP with a multicast MAC destination address. There is no layer 3 information in the frame. The payload is the CDP data.
No the CDP traffic does not make a lot of traffic on the network. It is a pretty small packet on the network, once every 60 seconds. Given the helpful information that CDP can generate I believe that it is well worth running CDP. And the load that it puts on the network is pretty insignificant.
HTH
Rick
11-16-2005 09:38 AM
Some (i.e., National Secuirty Agency: http://www.nsa.gov/snac/downloads_cisco.cfm?MenuID=scg10.3.1, reference paragraph 4.2.1, page 69) have argued that cdp can be considered a security risk as it potentially exposes information about your platform to untrusted sources.
I don't share that opinion, except for public-facing interfaces. In those instances only, I would advocate "no cdp" on the interface. Properly isolated (firewall, etc.) interfaces should use cdp for the utlility it adds - especially for networks using CiscoWorks as an element manager - not having cdp enabled disables much of the Campus Manager tools' functionality (e.g., the ANI discovery process).
11-16-2005 06:58 PM
Attached is a text printout of a CDP packet captured in Ethereal. I captured this from a 3548 switch in my lab.
11-16-2005 08:42 AM
Info on the CDP frame:
http://www.cisco.com/univercd/cc/td/doc/product/lan/trsrb/frames.htm#xtocid12
CDP traffic is layer-2 so it's generally confined to a single segment. CDP sends a multicast frame every 60 seconds (by default, it can be changed with the "cdp timer") so it shouldn't be much traffic.
11-16-2005 08:49 AM
Sabri
From a capture I did the CDP packet is 194 bytes. It has a standard layer 2 header for 802.3 SNAP with a multicast MAC destination address. There is no layer 3 information in the frame. The payload is the CDP data.
No the CDP traffic does not make a lot of traffic on the network. It is a pretty small packet on the network, once every 60 seconds. Given the helpful information that CDP can generate I believe that it is well worth running CDP. And the load that it puts on the network is pretty insignificant.
HTH
Rick
11-16-2005 09:38 AM
Some (i.e., National Secuirty Agency: http://www.nsa.gov/snac/downloads_cisco.cfm?MenuID=scg10.3.1, reference paragraph 4.2.1, page 69) have argued that cdp can be considered a security risk as it potentially exposes information about your platform to untrusted sources.
I don't share that opinion, except for public-facing interfaces. In those instances only, I would advocate "no cdp" on the interface. Properly isolated (firewall, etc.) interfaces should use cdp for the utlility it adds - especially for networks using CiscoWorks as an element manager - not having cdp enabled disables much of the Campus Manager tools' functionality (e.g., the ANI discovery process).
11-16-2005 06:58 PM
11-17-2005 01:22 AM
thank you for your help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: