Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Does disabling CDP affect LMS topology

Hi all,

I have a customer who wants to disable cdp on all switches for securtity reasons. The same customer has also LMS 4.0 installed.

When disabling cdp, does it affect the topology services on LMS? Can you still see the topology tab on device manager or the topology map of the entire network?

Thanks,

Best Regards,

Joris

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

Does disabling CDP affect LMS topology

it seems you are on a good track :-)

Yes, you are right, the topology map cannot be build without CDP, i.e. LMS cannot draw the links between the devices without having CDP enabled on the devices on both sides of the link. Otherwise the device would appear as "unconncted"

Also Joe pointed this out here.

8 REPLIES

Does disabling CDP affect LMS topology

Yes, this would affect topology!

the topology part of LMS strictly relies on CDP and also on SNMP read access; You won't be able to make use of the topology services without CDP;

while CDP *COULD* be viewed as a security risc on access ports for endhosts, I wouldn't count it as such for the backbone. Generally there are other more insecure aspects in a network which should be avoided first befor talking about this ...(e.g physical access to devices, using telnet instead of ssh (where possible), no ACL for accessing devices, no ACL for SNMP; no radius or tacacs for device access, etc......)

New Member

Does disabling CDP affect LMS topology

Thanks Martin,

We did take already some security steps like you told.

The physical access to the device is limited, ssh access with raduis is configured , ACL for SNMP v3 is also configured.

SNMP read access is allowed but as I understand is not enough to build the topology service(without cdp).

Best Regards,

Joris

Does disabling CDP affect LMS topology

it seems you are on a good track :-)

Yes, you are right, the topology map cannot be build without CDP, i.e. LMS cannot draw the links between the devices without having CDP enabled on the devices on both sides of the link. Otherwise the device would appear as "unconncted"

Also Joe pointed this out here.

New Member

Does disabling CDP affect LMS topology

Thanks Martin

New Member

Hi there,  I now that the

Hi there,  I know that the poste is very old,  but I need your help in a similar issue,  on lms 4.2 our customer has many wan routers to manage with lms,  the connectivity is not shown in the map view,  the connectivity is over a L3 MPLS service provider.  So no L2 connectivity and no cdp,  to overcome that we added Gre tunnels on the router conf and activated the cdp.  But it did not solve it. Any ideas thanks 

Hall of Fame Super Silver

Do the routers see each other

Do the routers see each other as CDP neighbors across the WAN now?

Did you rediscover them in ANI after adding the GRE interfaces and enabling CDP?

New Member

Hi Marvin ; 

Hi Marvin ; 

yes the two routers are now CDP neighbors across the WAN & are discovered by LMS , but they are added in the unconnected groupe and we can't see the Link between them . 

we already tested it in the Lab environement and it worked fine, but now that it is on a production environement (  over th service provider links ) it is showing the same issue .

do i have to check if the SP is not blocking something ? or do i have to Check my LMS installation ?

Sincerly

 

Hall of Fame Super Silver

It's beena good 5-6 years

It's been a good 5-6 years since I've done that on LMS.

Now that I think back, it may be that the links never did show up - it's just that you can discover the remote site(s) due to their CDP adjacency.

If they still have the LMS under support, you should be able to open a TAC case on it.

738
Views
3
Helpful
8
Replies
CreatePlease login to create content