Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CDP Vulnerability

We need to trace all the switches and routers connection in the office and will require the protocol cdp enabled.

Please what are the advantages/disadvantages and Vulnerability of enabling this protocol?

What is the best practice?

Thanks

1 ACCEPTED SOLUTION
4 REPLIES
New Member

Re: CDP Vulnerability

Best practice is disable CDP on any interfaces accessible from outside your network.

CDP can be used by intruders to determine:

Device type

IOS version

IP address

And more....

With this information in hand a network can be compromised quite easily, especially if out-dated IOS versions are being used.

HTH

New Member

Re: CDP Vulnerability

Thanks

Is there any documentation I can read further on this as I need to convince my boss.

Thanks

New Member

Re: CDP Vulnerability

You can disable cdp globally using no cdp run

or disable cdp on certain interfaces

config t

int x/x

no cdp enable

this way you can turn it off with points which might have external network connections such as border routers.

HTH

Peter

846
Views
0
Helpful
4
Replies