Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CDP questions

My engineer has a question regards to CDP.

If we were to turn CDP off on a interface level would we still receive alerts on that interface i.e. up/down errors status in CiscoWorks.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CDP questions

In terms of security, it's best to disable CDP on all interfaces/ports which go to devices you do not manage, or to user access ports. I realize it may not always be possible to turn off CDP to access ports given things like IP telephony, but it should be very doable on links to devices that you do not manage (e.g. ISP devices). This way you're not providing people with more information than they need to know. Keeping CDP enabled on infrastructure links that interconnect managed devices should not open you up to any security problems.

4 REPLIES
Cisco Employee

Re: CDP questions

Yes. Provided the interface is managed in DFM, it will still provide unreachable events for that interface. However, without CDP, Campus Manager will not be able to ascertain the related topology.

New Member

Re: CDP questions

Thanks for your response. Preparing for an network audit and security is asking if we can turn off CDP but we are in a battle with them right now. I am aware that Campus Manager will be affected if we were to do this hopefully we won't thanks.

Cisco Employee

Re: CDP questions

In terms of security, it's best to disable CDP on all interfaces/ports which go to devices you do not manage, or to user access ports. I realize it may not always be possible to turn off CDP to access ports given things like IP telephony, but it should be very doable on links to devices that you do not manage (e.g. ISP devices). This way you're not providing people with more information than they need to know. Keeping CDP enabled on infrastructure links that interconnect managed devices should not open you up to any security problems.

New Member

Re: CDP questions

You are right. Thanks so much....this is why I'm always in the cisco forum.....very valuable information.

119
Views
0
Helpful
4
Replies
CreatePlease to create content