Here again with more security considerations in your Switched environment. I have started to deep dive into certain technologies with reasons behind why I use them the way I do. CDP will be the first one of these. You may find this blog elsewhere.

CDP

This handy feature consists of a plethora of information about a device and it’s connected neighbors. Hello-based and using an ethernet multicast address of 01-00-0C-CC-CC-CC, this protocol includes information such as hostname, management IP, local and remote interfaces, IOS version, platform, and VTP domain.

The information contained here within is cached until refreshed or flushed. CDP can reveal a lot of information regarding devices. IOS version is in my opinion the biggest as an attacker could exploit known vulnerabilities in the code. Though another post I have written defends this point. It states that if an attacker is using the CDP information to attack your network you have a serious problem in other security layers.

The message interval between CDP messages is 60 seconds and the hold time before flushing is 180 seconds. By default it is enabled upon all ports. Dangerous!

The following commands demonstrate the ability to disable CDP on a global level and on a per interface level. I recommend disabling them on all interfaces except trunks, APs, VOIP phones, and WLCs.

2960(config)# no cdp run
2960(config-if)# no cdp enable

Below are the following show options for CDP. Handy as all get out! One is a basic output the other is more details. Have a look at the difference.

2960#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
lab-7206         Eth 0              157          R        7206VXR   Fas 0/0/0
lab-as5300-1     Eth 0              163          R        AS5300    Fas 0
3640#show cdp neighbors detail 
-------------------------
Device ID: 3640
Entry address(es): 
IP address: 10.2.2.3
Platform: Cisco 3640, Capabilities: Router Switch IGMP 
Interface: FastEthernet1/0, Port ID (outgoing port): FastEthernet0/0
Holdtime : 125 sec

Version :
Cisco IOS Software, 3600 Software (C3640-JK9S-M), Version 12.4(16), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 20-Jun-07 11:43 by prod_rel_team

advertisement version: 2
VTP Management Domain: pandom.ciscoinferno.net
Duplex: full

As you can see there is a massive amount of information regarding the IOS, Switch platform, and network topology. Use wisely!















Leave a Reply 
 


Your email address will not be published. Required fields are marked *
 
 



 


 
 


CAPTCHA







 *