Disable or turn off CDP on Cisco switches

Contributor Icon Contributed by CISSP06 Date Icon August 12, 2006  
Tag Icon Tagged: Cisco switch

Cisco Discover Protocol or CDP is a Cisco-proprietary protocol that runs on all Cisco products. CDP allows devices to learn about neighboring devices (the ones attached directly to the switch) including information about their platform, IP address, the version of IOS or other OS, VLAN membership, etc. This can be helpful information when troubleshooting network issues, it can also provide an attacker valuable information about the layout of your network. Other vulnerabilities include a denial of service attack in which CDP packets are generated, flooding the network. If you want to know how to turn off CDP, read on.


To disable CDP on the entire switch, use the ‘no cdp run’ command from enable mode:

conf t
no cdp run

CDP can also be disabled on specific ports. To disable CDP on FastEthernet0/3, use these commands from enable mode:

conf t
int faste0/3
no cdp enable

Be sure to save those settings! In my practice, I turn on CDP when I need it, then disable it when I’m done. In general, I’m opposed to things that constantly generate traffic on the network, regardless of how little, when I don’t constantly benefit from that traffic.

Previous recipe | Next recipe |
 

 
close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus