show cdp neighbors – Cisco Device Discovery Protocol

What is CDP (Cisco Discovery Protocol)?

Definition & Purpose:
CDP is a Cisco proprietary Layer 2 protocol that enables Cisco network devices (switches, routers, IP phones, etc.) to advertise themselves and discover directly connected Cisco devices—even without Layer 3 (IP) configuration.

Devices periodically send CDP advertisements to connected neighbors.
CDP operates independently of IP—useful in early configuration or troubleshooting cabling.
Network admins can easily view physical connectivity and map the Cisco network topology.

Role in Discovering Directly Connected Cisco Devices

Quickly maps out physical interconnections between Cisco devices.
Helps verify cabling, port assignments, and neighbor device types/capabilities.
Critical for documentation and rapid troubleshooting in medium to large networks.

Understanding `show cdp neighbors` Command

Usage: show cdp neighbors
Lists all directly connected Cisco neighbors and their interfaces.
Output is a concise table—very useful for quick mapping.

Typical Output Example

Device ID    Local Intrfce   Holdtme  Capability  Platform     Port ID
SwitchB      Gig 0/1         122      S I         WS-C2960     Gig 0/2
RouterA      Gig 0/2         132      R S I       ISR4331      Gig 0/0

Field	Description
Device ID	Hostname of the neighbor device
Local Intrfce	Local interface connecting to neighbor (e.g., Gig 0/1)
Holdtme	Seconds before CDP info is discarded if not refreshed
Capability	Device type (R=Router, S=Switch, I=IGMP, P=Phone, etc.)
Platform	Hardware/model of neighbor device
Port ID	Neighbor’s interface connected to your device

Example Scenario

Situation: John is an IT engineer documenting a new rack of Cisco switches.
He runs show cdp neighbors and observes:

SwitchA connected to SwitchB via Gig 0/1 <-> Gig 0/2
SwitchA connected to RouterA via Gig 0/2 <-> Gig 0/0

This allows him to verify connectivity and cabling instantly.

Additional CDP Commands

Command	Purpose
show cdp neighbors detail	More details: IP address, software version, serial, etc.
show cdp entry [device-id]	Info on a specific neighbor
show cdp	Global CDP status
show cdp interface	CDP status per interface

CDP Versions and Compatibility

CDPv1: Basic device info, original version.
CDPv2: Adds features like VLAN, duplex info, improved discovery.
Compatibility: CDP only works between Cisco devices.

Enabling/Disabling CDP

Globally:

configure terminal
no cdp run    # Disables CDP everywhere
cdp run      # Enables CDP everywhere
end

Per Interface:

interface GigabitEthernet0/1
  no cdp enable
end

Best practice: Disable CDP on interfaces facing untrusted networks.

CDP vs. LLDP (Link Layer Discovery Protocol)

Aspect	CDP	LLDP
Vendor	Cisco only	Multi-vendor (IEEE 802.1AB)
Default	Enabled (Cisco)	Disabled (must enable)
Use Case	Cisco environments	Mixed-vendor environments
Discovery Scope	Cisco devices only	Any LLDP-compliant device
Commands	show cdp neighbors	show lldp neighbors
Extended Info	show cdp neighbors detail	show lldp neighbors detail
Topology Mapping	Yes (Cisco-centric)	Yes (vendor-neutral)
Security Risk	Topology exposure risk	Topology exposure risk

Security Considerations

CDP exposes network topology, models, and port info to directly connected devices.
Risk: Attackers with access to a switch port could map your network.
Best Practice: Always disable CDP on user-facing, untrusted, or internet-connected ports.

Troubleshooting Using CDP

Verify physical connectivity: Quickly confirm cable and port mapping.
Detect misconfigurations: Catch wrong cables, speed/duplex mismatches, or missing neighbors.
If a neighbor is missing: Check cable, interface status (show interfaces status), and CDP config.

Use in Network Documentation and Mapping

CDP outputs are perfect for drawing up-to-date topology diagrams.
Automate mapping: Collect CDP info using scripts (Python/Netmiko) for large networks.

Exam Tips and Key Points

Know the difference between CDP and LLDP (protocol, commands, use case).
Understand all fields in the show cdp neighbors output.
Know how to enable/disable CDP globally and per interface—and when to do it.
Be able to interpret CDP data for troubleshooting and documentation.
Always address CDP security risks in your answers.
Remember: CDP works at Layer 2—no IP required!

Sample Lab Tasks – Mastering CDP

Lab Task	Objective	Steps
1. Basic CDP Neighbor Discovery	Identify directly connected Cisco devices	Connect switch to at least one Cisco device. Run `enable` then `show cdp neighbors`. Interpret Device ID, Local Interface, Platform, Port ID, Capability. Draw a simple diagram.
2. Detailed Neighbor Information	Get IP, software version, etc. from neighbors	Run `show cdp neighbors detail`. Review neighbor IP, IOS version, serial, management address.
3. Disabling & Enabling CDP	Practice limiting CDP scope for security	Disable CDP per interface: `configure terminal interface GigabitEthernet0/2 no cdp enable end` Disable globally: `configure terminal no cdp run end` Enable globally: `configure terminal cdp run end`
4. Using CDP for Troubleshooting	Resolve missing neighbor problem	Check cabling and port status Verify CDP status globally and on interface Use `show interfaces status` and `show cdp neighbors`

Breakdown: `show cdp neighbors detail` Output

-------------------------
Device ID: SwitchB
Entry address(es):
  IP address: 10.1.1.2
Platform: cisco WS-C2960, Capabilities: Switch IGMP
Interface: GigabitEthernet0/1, Port ID (outgoing port): GigabitEthernet0/2
Holdtime : 133 sec

Version :
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE5
...
Duplex: full

Device ID: Neighbor’s hostname
Entry address(es): Management IP
Platform: Hardware/model
Capabilities: Router, Switch, etc.
Interface / Port ID: Local and remote ports
Holdtime: Aging timer
Version: IOS/firmware version
Duplex: Full/half

CDP vs. LLDP – Quick Comparison Table

Feature	CDP	LLDP
Vendor Support	Cisco only	Multi-vendor (IEEE)
Layer	2	2
Enabled by Default	Yes (Cisco)	No
Discovery Scope	Cisco devices	Any LLDP-compliant
CLI Command	show cdp neighbors	show lldp neighbors
Extended Info	show cdp neighbors detail	show lldp neighbors detail
Security	Topology exposure risk	Topology exposure risk

Exam Tips

Be able to explain and interpret all show cdp neighbors fields (and detail fields)
Know how and when to enable/disable CDP for security and documentation
Compare CDP and LLDP (use case, CLI, scope, security)
Never leave CDP or LLDP enabled on user-facing or public ports
Always mention security, and remember CDP works at Layer 2 only

Cisco Discovery Protocol (CDP) Quiz

1. What layer does CDP operate on?

A. Layer 3 (Network) B. Layer 4 (Transport) C. Layer 2 (Data Link) D. Layer 1 (Physical)

Correct answer is C. CDP operates at Layer 2, allowing discovery without IP addresses.

2. Which command lists all directly connected Cisco neighbors?

A. show interfaces B. show cdp neighbors C. show ip route D. show arp

Correct answer is B. The command 'show cdp neighbors' displays directly connected Cisco devices.

3. What does the “Holdtime” field indicate in the 'show cdp neighbors' output?

A. Time between CDP advertisements B. Time CDP has been running C. Time since last reboot D. Time before CDP info is discarded if not refreshed

Correct answer is D. Holdtime shows how long the CDP info remains valid without updates.

4. Which of the following is NOT a Capability code seen in CDP output?

A. F (Firewall) B. R (Router) C. S (Switch) D. I (IGMP)

Correct answer is A. Firewall (F) is not a standard CDP capability code.

5. How do you disable CDP on a specific interface?

A. no cdp run B. shutdown interface C. interface [name]
no cdp enable D. no cdp advertise

Correct answer is C. CDP can be disabled per interface with 'no cdp enable'.

6. Which command provides detailed CDP neighbor information including IP address and IOS version?

A. show cdp neighbors B. show cdp neighbors detail C. show interfaces detail D. show version

Correct answer is B. 'show cdp neighbors detail' gives extended neighbor info.

7. What is the main security risk associated with CDP?

A. Password exposure B. Unauthorized routing C. DHCP spoofing D. Network topology exposure to attackers

Correct answer is D. CDP reveals topology info that could aid attackers.

8. How does CDP differ from LLDP?

A. CDP is Cisco proprietary; LLDP is vendor-neutral IEEE standard B. CDP uses Layer 3; LLDP uses Layer 2 C. CDP requires IP addresses; LLDP does not D. CDP is used in mixed vendor environments; LLDP only in Cisco

Correct answer is A. CDP is Cisco-only; LLDP is IEEE 802.1AB multi-vendor standard.

9. Which CDP command disables CDP globally?

A. no cdp enable B. no cdp run C. disable cdp D. no cdp protocol

Correct answer is B. 'no cdp run' disables CDP on the entire device.

10. Why is it important to disable CDP on untrusted or user-facing ports?

A. To save bandwidth B. To prevent DHCP conflicts C. To reduce risk of exposing network topology to attackers D. To speed up CDP advertisements

Correct answer is C. Disabling CDP on untrusted ports limits network information exposure to attackers.

← Back to Home