Hola amigos.

Onto the second section!.. of the first section… of the main first section of the syllabus…

So what is CDP and LLDP? What do they have in common and how are they different? Is one a potato and the other a turnip? No. They’re L2 discovery protocols and they’re pretty darn useful. Sometimes. Sometimes they’re a risk. Let’s explain.

CDP, or Cisco Discovery Protocol, is a Cisco proprietary L2 protocol only found on Cisco equipment… or HP equipment, or anything else that wants it… but for the purpose of this post we’ll say its only on Cisco switches, routers and, quite conveniently, their peripherals such as WAPs and IP phones (not firewalls as they don’t really want to be discovered!) The great thing about it being enabled on a L2 basis, is that the device doesn’t need to be on the same IP subnet or VLAN for it to communicate with its directly connected neighbours. Its enabled by default and runs on every interface unless told not to do so with the per interface no cdp enable command. To disable CDP globally, from the config prompt just do no cdp run. Think of CDP as a very friendly, oversharing neighbour. They want to tell you everything about themselves and you’re sort of forced to listen. Unless you go into the interface that they’re communicating with you through and you no cdp enable that sucker.

CDP information will include hostname, switch part number, interface its connecting from and what interface its received the CDP advertisement on. It will also include a holdtime which is the time in seconds the device will hold this information before discarding it. So lets get stuck into some command line-age. First lets take a look at our topology:

We’ve got 3 routers, which in the default state all have CDP enabled globally. We have 2 different subnets with no routing configured between them. So let’s take a look at what CDP tells us…

So R1 shows us the directly connected R2.

R2 shows us both the directly connected R1 and R3

R3 shows us the directly connected R2.

So from this information, it’s easy to determine how these routers are connected to eachother. As you can see it shows the local interface (the interface on the device you’re running the command on) and the port ID is the interface in the directly connected device. It also shows the platform, in this case an old school 3725 router, the hold time (the amount of time it will keep this information before discarding it) and also the capability (their meanings are listed in the capability codes part of the output.) Ok this is cool, but can we get even more information? Did Grizzly Adams have a beard? Is Donald Trump a massive wanker?

We just use the detail command as shown below:

So here, we’re getting a bit extra. We’re getting everything from the standard command, but here we’re getting software version, IP address, if its part of a VTP management domain and even duplex of the connection (this is half because I’m labbing it.) That’s about all there is to know about CDP. Just remember the key commands:

  • Global command – cdp run/no cdp run
  • Per interface command – cdp enable/no cdp enable
  • F0r a brief view of directly connected CDP running devices – show cdp neighbors
  • For a more detailed view of directly connected CDP running devices – show cdp neighbors detail

So now let’s have a tête-à-tête about the industry standard version LLDP (layer link discovery protocol.) Pronounced ‘el-el-dee-pee’ or as I pronounce it, leledup. It does essentially the same thing, but uses different commands and is NOT enabled by default on Cisco equipment, however allows non-Cisco equipment to say hello. With LLDP, you actually get a few different bits of interesting information too.

Leledup works by use attributes called TLVs (type, length value) to send specific info to neighbouring devices. For example the system name TLV will contain system name information, the port name TLV will contain port name information etc. There is a slightly smarter version of LLDP used by host devices that can use LLDP to determine VLAN assignment or PoE requirements, and its called LLDP-med (media endpoint discovery.) Lets dive into some commands but first lets take at look at what we’re working with here…

Collapsed core topology, 3 L3 switches, bish bash bosh. I have taken the liberty of running the below command on all 4 switches to save some precious real estate on this post:

So we’ve got 4 switches all running leledup. Lets see what output and info we can get:

So if we pause the clip after each command, we can see that the standard sh lldp neighbors command looks very similar to the sh cdp neighbors command. Shows device ID, local interface, port ID, hold time and capability (notice the capabilities are different to CDP.) When we run the sh lldp neighbors detail command we get a bit of difference.  Starting at the top we get the port description (which in a well organised switch can be very handy).

You’re probably wondering whether this can be enabled/disabled on a per interface basis too? The answer is yes, but the commands are slightly different. LLDP must be enabled globally, then you can disable and enable at will. This however requires 2 separate commands. You can stop lldp TRANSMITTING and lldp RECEIVING. So lets go onto SW-2 and stop it from transmitting and receiving LLDP advertisements.

Ok, we’ve disabled leledup on the interface connected to SW-1, so lets see whether its worked…

So there we have it. 2 discovery protocols for you. Very handy stuff.

Jack x