What Is Cisco Discovery Protocol in Networking?
Also known as: Cisco Discovery Protocol, CDP, CCNA, Network+, network discovery protocol
On This Page
Quick Definition
Cisco Discovery Protocol (CDP) is a tool that lets Cisco networking equipment automatically learn about nearby devices without any manual setup. It shares details like device type, IP address, and software version between directly connected neighbors. This helps network administrators quickly map and troubleshoot their network infrastructure.
Must Know for Exams
Cisco Discovery Protocol is a regular topic in the CCNA and CompTIA Network+ certification exams. For the CCNA exam, which is heavily centered on Cisco technologies, CDP is a core concept. Candidates are expected to understand how to enable and disable CDP both globally and per interface, interpret the output of show cdp commands, and troubleshoot simple connectivity issues using CDP information. The exam objectives explicitly include the ability to use CDP as a troubleshooting tool. For example, a candidate might be asked to determine which devices are connected to a specific switch based on a given CDP table.
In the CompTIA Network+ exam, CDP is covered as a proprietary discovery protocol. While Network+ is vendor-neutral, it still tests the candidate's ability to differentiate CDP from the standard LLDP (Link Layer Discovery Protocol). The exam may ask which protocol a Cisco device uses by default, or which protocol is appropriate in a multi-vendor environment. Candidates need to know that CDP is Cisco-proprietary and that LLDP is the IEEE standard (802.1AB) that works across different vendors.
Both exams test security awareness regarding CDP. A common question type presents a scenario where a network administrator is concerned about information leakage. The candidate must recommend disabling CDP on interfaces facing untrusted networks. Another typical question involves interpreting a show cdp neighbors detail output to find a neighbor's IP address or IOS version. These questions are straightforward but require the candidate to recall specific command syntax and the meaning of various fields. Understanding CDP timers (default 60-second advertisement and 180-second holdtime) is also tested, often in the context of convergence times or detection of a failed neighbor. Overall, CDP is a high-probability topic because it is simple, foundational, and heavily used in real Cisco networks.
Simple Meaning
Think of Cisco Discovery Protocol as a friendly wave between two neighbors who live right next to each other. When two Cisco devices are connected by a cable, CDP allows each device to say, Hi, I am a Cisco router running version 15.0 of the operating system, and my IP address is 192.168.1.1. The other device responds with its own details. This happens without any special configuration, right out of the box. Just like how you might learn your neighbor's name and what car they drive by seeing them in the driveway, CDP gives network devices a way to introduce themselves to one another.
Imagine you are a postal worker assigned to a new neighborhood. On your first day, you have no idea which house belongs to which family. But if every house had a sign showing the family name and a list of who lives there, your job would be much easier. CDP is like those signs for network devices. It automatically publishes information that other devices can see immediately. This saves network engineers from having to manually record every device and its details. Instead, they can use CDP to get a live picture of the network's connections.
In a more technical sense, CDP operates at Layer 2 of the OSI model, which is the data link layer. This means it does not rely on higher-level protocols like IP to function. Even if a device has not been assigned an IP address, CDP can still share its chassis ID, port ID, and capabilities. This makes it incredibly useful during initial network setup or when troubleshooting connectivity issues. However, because CDP is proprietary to Cisco, it only works between Cisco devices or with devices that support it. For a mixed-vendor network, engineers often use the standard Link Layer Discovery Protocol (LLDP) instead. But for Cisco-only environments, CDP remains a powerful and simple discovery tool.
Full Technical Definition
Cisco Discovery Protocol is a proprietary Layer 2 network protocol developed by Cisco Systems. It operates at the data link layer of the OSI model, meaning it is independent of any network layer protocol such as IP or IPX. CDP uses multicast frames to periodically announce the existence of a device to its directly connected neighbors. The destination MAC address used for these announcements is 01:00:0C:CC:CC:CC, a specific multicast address reserved by Cisco. By default, CDP sends these announcements every 60 seconds, and the holdtime (the time a neighbor waits before considering the device as gone) is 180 seconds. This allows for quick detection of device failures or disconnections.
CDP shares a wide range of information including the device hostname, the hardware platform (e.g., Cisco 2960 switch), the software version (e.g., IOS 15.2), the number and type of interfaces, the VLAN identifier (for trunk ports), and the native VLAN. It can also convey information about the device's capabilities, such as whether it is a router, switch, bridge, or a host device like an IP phone or a wireless access point. This makes CDP useful for network inventory, topology mapping, and fault isolation. Network management tools like Cisco Network Assistant, Cisco Prime Infrastructure, and third-party tools like SolarWinds can collect CDP information to build a live map of the network.
From a configuration perspective, CDP is enabled globally by default on most Cisco devices. Administrators can enable or disable it globally with the commands cdp run or no cdp run in global configuration mode. They can also enable or disable CDP on specific interfaces using cdp enable or no cdp enable. This granular control is important in security-conscious environments where an attacker might use CDP to gather information about the network. For example, on a public-facing interface, a security best practice is to disable CDP to prevent information leakage. CDP is a lightweight protocol and consumes very little bandwidth, but in very large networks, the periodic advertisements can become significant. Engineers may adjust the timer using cdp timer seconds to reduce the frequency of announcements.
CDP also supports two versions. Version 1 is the original, and version 2 introduced support for more detailed information such as the VTP domain name, the native VLAN, and the duplex setting. Most modern Cisco devices run CDP version 2 by default. The protocol is also used as a building block for other Cisco technologies. For instance, Voice VLAN assignment using the Cisco IP Phone relies on CDP to communicate the VLAN ID to the phone. Similarly, Cisco Discovery Protocol plays a role in the operation of Cisco EIGRP and OSPF on certain interface types. While CDP is generally considered safe in trusted internal networks, security guidelines recommend disabling it on perimeter interfaces and using authentication (where supported) to prevent spoofing.
Real-Life Example
Imagine you have just moved into a new apartment building. You want to know who your neighbors are, what they do, and maybe what floor they live on. Without any help, you would have to knock on each door and ask. But suppose the building management installed a small digital display next to every apartment door. When you stand in the hallway, your display shows, Apartment 3A: Alice, Engineer, works at TechCorp. Apartment 3B: Bob, Nurse, works from 9 to 5. Now you can see this information at a glance without any effort. If Alice moves out and Charlie moves in, the display updates automatically. That is exactly what CDP does for network devices.
In this analogy, the apartment building is your network switch or router. Each apartment door represents a port on the device. The digital display represents the CDP table that a device builds automatically. When you connect a new device, like a new switch or a router, it starts broadcasting its identity using CDP. Your existing switch sees this broadcast and adds the new device to its CDP neighbor table. Now you, as a network administrator, can run a simple command like show cdp neighbors and see a list of all directly connected Cisco devices. You do not need to manually enter any information. The system updates itself when devices are added or removed.
If a device stops working or is unplugged, the CDP timer eventually expires, and the neighbor entry disappears from the table. This is like the apartment display removing a name after the resident has moved out for three days. This automatic discovery and removal saves enormous time when troubleshooting or documenting a network. Without CDP, an engineer would have to physically trace cables or use IP-based discovery tools that may not work if devices are not properly configured. CDP works even on a completely unconfigured switch right out of the box, making it the first tool a network engineer reaches for when building or inspecting a network.
Why This Term Matters
Cisco Discovery Protocol is a practical tool that network administrators rely on every day for tasks big and small. One of its primary uses is network documentation and topology mapping. When an engineer walks into a server room or a data center, they often have no idea which cable goes where. A simple show cdp neighbors command on a switch can immediately reveal exactly what devices are connected to each port, including the device hostname and platform. This eliminates the guesswork and greatly reduces the time needed to create accurate network diagrams. In large enterprise networks with hundreds or thousands of devices, CDP is often the backbone of automated network mapping tools.
In troubleshooting, CDP is invaluable. If a user reports that a network port is not working, an engineer can first check if CDP sees a neighbor on that port. If CDP does not detect a device, the issue might be a bad cable or a powered-off device. If CDP sees the device but it is not communicating properly, the engineer can look at the CDP information for clues like mismatched VLANs or duplex settings. CDP also helps identify rogue devices. If an unknown Cisco device appears in the CDP table, it could indicate a security breach or an unauthorized access point. Security teams often monitor CDP changes as part of their intrusion detection.
From a capacity planning perspective, CDP provides hardware and software version information. An administrator can quickly verify that all switches in a stack are running the same IOS version or that a router has enough memory. This information is also useful during maintenance windows. Before upgrading a device, an engineer can check CDP to see which devices will be affected by a reboot. CDP also plays a role in advanced features like Cisco EnergyWise, where it helps manage power settings for connected devices. In short, CDP is not just a nice-to-have; it is a fundamental tool that saves time, improves accuracy, and enhances security in network operations.
How It Appears in Exam Questions
In certification exams, CDP questions usually fall into several categories. The first is command-based questions. For example, a candidate might be asked, What command would you use to see a summary of all Cisco devices directly connected to a switch? The correct answer is show cdp neighbors. A more detailed version might ask for the command to see the IP address of a neighboring router, which is show cdp neighbors detail. These questions test rote knowledge of CLI commands that are essential for real-world practice.
The second category is scenario-based troubleshooting. A typical question might describe a network where devices cannot communicate. The candidate is given output from show cdp neighbors and must identify a misconfiguration, such as a VLAN mismatch or a duplex mismatch. For instance, the CDP output might show that the native VLAN is 1 on one side and 100 on the other. The candidate must recognize that this misconfiguration can cause connectivity issues. Another scenario might involve a switch port that has CDP disabled, and the candidate must figure out why the neighboring device is not visible.
The third category is security and best practice questions. An exam question might ask, A network administrator notices that CDP is enabled on an internet-facing router interface. What is the most likely security risk? The answer is that an attacker could learn network topology information. The candidate may be asked to recommend a remediation step, such as using the no cdp enable command on that interface. Another security-related question could involve spoofing, where an attacker sends fake CDP advertisements to gain information or disrupt the network.
Finally, there are comparison questions that ask about the difference between CDP and LLDP. For example, Which protocol is a Cisco proprietary discovery protocol? Or, Which IEEE standard defines LLDP? These questions test the candidate's understanding of standards and vendor-specific protocols. Some questions might also integrate CDP with other technologies, such as Voice VLAN. A question could describe a scenario where an IP phone is not receiving a voice VLAN, and the candidate must know that CDP or LLDP is required for the phone to learn the VLAN ID. In summary, CDP appears in a variety of formats, but the key is to know its purpose, commands, security implications, and how it compares to LLDP.
Practise Cisco Discovery Protocol Questions
Test your understanding with exam-style practice questions.
Example Scenario
A small company called TechGlobal has a network with three Cisco switches in different rooms. The network administrator, Priya, is trying to create a diagram of the physical connections. She does not know which cable goes where.
She connects her laptop to the main switch in the server room via a console cable and types show cdp neighbors. The output shows that port GigabitEthernet0/1 is connected to a device named Switch-Floor2 and port GigabitEthernet0/2 is connected to a device named Router-Main. Priya now knows exactly which ports lead to which devices.
She then goes to Switch-Floor2, runs the same command, and sees that it is connected to Switch-Floor3. Within minutes, she has drawn a complete map of the network without ever unplugging a cable or walking around. The CDP information also tells her that the router is running IOS 15.
7 and has an IP address of 192.168.1.1. Later, when she needs to configure a new switch, she immediately checks CDP on the existing switch to confirm the new device appears before proceeding with configuration.
This scenario shows how CDP saves time and simplifies network management in real-world environments.
Common Mistakes
Thinking CDP works across multiple hops or over the internet.
CDP only works between directly connected neighbors. It does not forward CDP advertisements to devices that are not physically connected by a single link. This is because CDP is a Layer 2 protocol and does not traverse routers.
Remember that CDP is for discovering your immediate neighbors only. To see farther away devices, you must use network layer discovery tools or protocols like SNMP or traceroute.
Believing CDP is the same as LLDP and can be used interchangeably in any network.
CDP is proprietary to Cisco, while LLDP is an IEEE standard (802.1AB) that works across multiple vendors. In a mixed-vendor network, a Cisco device using CDP will not see a Juniper or HP device, and vice versa. They are not interchangeable.
In a Cisco-only network, you can rely on CDP. In a multi-vendor network, you should use LLDP instead. Many Cisco devices support both protocols at the same time.
Assuming CDP is always secure and safe to leave enabled on all interfaces.
CDP shares detailed information about the device, including its hostname, model, IOS version, and IP addresses. An attacker connected to a port where CDP is enabled can harvest this information to launch targeted attacks.
Disable CDP on interfaces that face untrusted networks, such as internet-facing ports, guest network ports, or any port that connects to an area outside of your administrative control.
Confusing the CDP timer with the holdtime.
The CDP timer is the interval at which CDP advertisements are sent, defaulting to 60 seconds. The holdtime is the duration the receiver waits before removing the neighbor entry if no new advertisement is received, defaulting to 180 seconds. They are not the same.
Memorize the default values: CDP sends packets every 60 seconds (timer) and waits 180 seconds (holdtime) before declaring a neighbor lost. The holdtime is typically three times the timer.
Thinking CDP requires an IP address to function.
CDP operates at Layer 2 and does not depend on IP. It uses the data link layer to send multicast frames. Even a brand new switch with no IP configuration can send and receive CDP information.
Understand that CDP works at Layer 2, so it functions regardless of IP configuration. It is especially useful when a device has no IP address yet, such as during initial setup.
Exam Trap — Don't Get Fooled
An exam question shows a scenario where a new switch is connected to an existing network, but show cdp neighbors on the existing switch does not show the new device. The question asks for the most likely cause. Many candidates choose 'the new switch is not a Cisco device' or 'the cable is faulty'.
But the trap is that CDP is disabled by default on some IOS versions or on certain interface types, especially in newer versions of IOS. Always verify the CDP configuration status first. In a troubleshooting scenario, the first step should be to run show cdp on the existing switch to confirm that CDP is enabled globally.
Then check the specific interface with show cdp interface. If CDP is enabled and the neighbor still does not appear, then consider cable or non-Cisco device issues. Remember that CDP is a Layer 2 protocol, so if the physical link is up, CDP should work if both sides have it enabled.
Commonly Confused With
LLDP is an IEEE standard (802.1AB) that is vendor-neutral, meaning any vendor's device can use it to share information. CDP is proprietary to Cisco and only works fully between Cisco devices. Both serve the same purpose of automatic neighbor discovery, but LLDP is used in mixed-vendor environments while CDP is used in Cisco-only environments.
A network has a Cisco switch and an HP switch. CDP will not work between them because the HP switch does not understand Cisco's proprietary messages. But if both are configured with LLDP, they can exchange neighbor information seamlessly.
STP is used to prevent loops in a network by blocking redundant paths, while CDP is used for discovering information about directly connected neighbors. STP works by exchanging Bridge Protocol Data Units (BPDUs) to calculate a loop-free topology. CDP does not prevent loops; it only shares device information.
If you connect two switches with two cables, STP will block one of the cables to prevent a loop, but CDP will still see both neighbors on both ports. STP handles topology control; CDP handles discovery.
VTP is used to synchronize VLAN information across a network of Cisco switches, such as VLAN names and numbers. CDP is used to discover neighbors and their capabilities. VTP operates by sending advertisements about VLAN changes, while CDP sends general device information like hostname and software version. They are different protocols for different purposes.
If you create a new VLAN on a switch, VTP can propagate that VLAN to other switches in the same VTP domain. CDP would never do that; instead, it might tell you that the switch now has a new VLAN configured, but it does not share the VLAN database.
Step-by-Step Breakdown
CDP Initialization
When a Cisco device boots up, CDP starts automatically if it is enabled by default. The device begins listening for CDP frames on all active interfaces. At this stage, no information has been exchanged yet. The device is ready to discover and be discovered.
Sending CDP Advertisements
Every 60 seconds by default, each interface on the device sends a CDP multicast frame to the designated multicast MAC address 01:00:0C:CC:CC:CC. This frame contains the device's hostname, platform, IOS version, capabilities, and the interface from which it was sent. The frame is not acknowledged; it is purely a one-way announcement.
Receiving and Processing CDP Frames
When a neighboring Cisco device receives a CDP frame, it checks whether the source MAC address and interface are already in its CDP neighbor table. If the frame is from a new neighbor, it creates a new entry. If it is from an existing neighbor, it updates the hold timer resetting it to 180 seconds. The information from the frame is stored locally.
Building the CDP Neighbor Table
The device maintains a table of all neighbors it has heard from. Each entry includes the neighbor's hostname, local interface, remote interface, platform, capabilities, and IP address if available. This table can be viewed using the command show cdp neighbors for a summary or show cdp neighbors detail for comprehensive information.
Holddown and Removal
If a device stops sending CDP frames due to shutdown, cable disconnection, or failure, the hold timer for that neighbor will eventually expire after 180 seconds. At that point, the device removes the neighbor entry from the CDP table. This automatically reflects changes in the network topology without manual intervention.
Practical Mini-Lesson
Cisco Discovery Protocol is one of the first tools a network engineer learns because it is simple yet powerful. In practice, you will use CDP constantly during network documentation, troubleshooting, and inventory management. Let us walk through how you would actually use CDP in a real environment.
First, when you connect a new Cisco device to your network, you should immediately check that CDP is enabled. On most modern devices, it is on by default, but you can verify by entering the command show cdp in global configuration mode or in privileged EXEC mode. If it says CDP is not enabled, you need to enter global configuration mode and type cdp run to activate it globally. You can also check each interface with show cdp interface. If you see CDP disabled on an interface where you want discovery, you can go to that interface and type cdp enable.
Once CDP is running, you can start discovering neighbors. The most common command is show cdp neighbors. This gives you a table with columns for Device ID, Local Interface, Holdtime, Capability, Platform, and Port ID. The Device ID is typically the hostname. Capability codes like R for router, S for switch, H for host, and I for IGMP interface are very useful. You can use the detailed version show cdp neighbors detail to get the IP address and the exact IOS version, which is helpful for verifying software consistency across devices.
Now consider a real troubleshooting scenario. A user reports they cannot reach a server. You check the switch port the user is connected to. You run show cdp neighbors on that switch to see if the server is visible. If you see the server as a CDP neighbor, then the physical layer is likely fine. Then you look at the CDP output to see the server's IP address. If no CDP neighbor appears, you know the problem is likely at Layer 1 or Layer 2 on that link. This simple step saves time by narrowing down the problem space quickly.
One common mistake in practice is leaving CDP enabled on interfaces that face the internet or untrusted networks. This can leak sensitive information. For example, if a router has a public-facing interface, an attacker who connects to that port can see the router's hostname, model, and IOS version. They could then research known vulnerabilities for that specific model and IOS version. Therefore, as a good security practice, always use the command no cdp enable on any interface that connects to an untrusted zone, such as a guest Wi-Fi VLAN or a DMZ.
CDP also interacts with other features. For instance, when you connect a Cisco IP phone to a switch, the phone uses CDP to learn which VLAN to use for voice traffic. The switch sends the voice VLAN ID via CDP. If CDP is disabled on that port, the phone might not get the correct VLAN, and voice traffic may not work. Similarly, Cisco Unified Communications Manager uses CDP to identify phones. So if you are working with IP telephony, you must ensure CDP is enabled on all switch ports that connect to phones.
Finally, remember that CDP is a Layer 2 protocol. This means it does not care about IP addresses. It works even if your devices have no IP configuration at all. This is particularly useful during initial setup of a new switch. You can plug a laptop into the switch, run show cdp neighbors, and see the switch's information even though it has no IP. This helps you identify the device and know what you are working with before you configure it. Overall, CDP is a straightforward but essential tool that every network professional should master.
Memory Tip
Remember CDP as the Cisco 'Hi, I am here' protocol that only talks to its immediate neighbors, sending a postcard every 60 seconds with its name, platform, and software version.
Covered in These Exams
Current Exam Context
Current exam versions that test this topic — use these objectives when studying.
Related Glossary Terms
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
5G is the fifth generation of cellular network technology, designed to deliver faster speeds, lower latency, and support for many more connected devices than previous generations.
Frequently Asked Questions
Is CDP enabled by default on all Cisco devices?
Yes, on most Cisco devices, CDP is enabled by default globally and on all interfaces. However, some newer software versions may have CDP disabled for security reasons. Always verify with the show cdp command.
Can CDP work across a router?
No, CDP only works between directly connected devices. It does not propagate through routers or other intermediate devices. Each layer 2 segment is a separate CDP domain.
What is the difference between CDP and LLDP?
CDP is a proprietary protocol from Cisco, while LLDP is an open standard (IEEE 802.1AB). CDP only works between Cisco devices, whereas LLDP works between devices from different vendors.
How do I disable CDP on a specific interface?
Enter interface configuration mode for that port and use the command no cdp enable. To disable CDP globally, use the command no cdp run in global configuration mode.
What information does CDP share?
CDP shares the device hostname, hardware platform, software version, interfaces, capabilities (router, switch, host), VLAN information, and IP addresses if configured.
Is CDP a security risk?
Yes, CDP can leak detailed device information to anyone connected to a port where CDP is enabled. It is a best practice to disable CDP on interfaces that face untrusted networks, such as internet-facing ports or guest VLANs.
What are the default CDP timers?
The CDP advertisement interval is 60 seconds by default, and the holdtime is 180 seconds. The holdtime is the amount of time a neighbor waits before removing the entry if no new advertisement is received.
Does CDP work on switches that are not Cisco?
CDP is proprietary to Cisco. Non-Cisco devices generally do not understand CDP. For mixed-vendor networks, use LLDP instead.
Summary
Cisco Discovery Protocol is a foundational networking tool that automatically reveals information about directly connected Cisco devices. It operates at Layer 2, uses multicast frames sent every 60 seconds, and stores neighbor information for 180 seconds. This simple mechanism allows network engineers to quickly map a network, verify connections, troubleshoot link issues, and collect inventory data without any manual effort.
CDP is heavily tested in certification exams like CCNA and Network+, where candidates must know its commands, default timers, security implications, and the difference between CDP and the standard LLDP. While extremely useful, CDP also presents a security risk because it broadcasts sensitive device information. Best practices dictate disabling CDP on interfaces that face untrusted networks.
Mastering CDP is essential for anyone working with Cisco equipment, as it is one of the first and most reliable tools used in real-world network administration. Remember that CDP is your friend for discovery but should be used with caution on perimeter interfaces.