Imagine plugging a new switch into your network and having it automatically announce its hostname, IOS version, and management IP to its neighbors — no configuration required. That's the power of CDP (Cisco Discovery Protocol) and its vendor-neutral cousin LLDP (Link Layer Discovery Protocol). For the CCNA 200-301 exam (Objective 2.6), mastering these protocols is essential because they appear in troubleshooting scenarios, network documentation, and automation tasks. In real networks, they are your first line of defense for discovering topology and verifying Layer 2 connectivity.
Jump to a section
Think of a networking conference where professionals meet and exchange information. CDP and LLDP are like automatic business card exchanges that happen every 60 seconds. When you (a switch) meet another professional (a neighboring device), you hand over a business card containing your name (hostname), job title (device type), phone number (management IP), and department (VLAN or platform details). The other person does the same. This happens without anyone asking — it's a polite, periodic announcement. Cisco's CDP is like a Cisco-exclusive networking event: only Cisco devices can exchange cards. LLDP is like an industry-wide conference where any vendor's device can participate. The information on the card is standardized (IEEE 802.1AB) so that a Cisco switch can understand a Juniper router's card. Both protocols have a 'holdtime' — like how long you keep a business card before recycling it. If you don't receive a new card within 180 seconds (3 times the 60-second interval), you assume that person left the conference. This analogy maps directly: CDP/LLDP frames are multicast at Layer 2, devices listen and store neighbor info in a table, and timers govern how often announcements are sent and how long they're valid. Just as you might use the business cards to map out who's at the conference, network engineers use CDP/LLDP to build a topology map.
Cisco Discovery Protocol (CDP) is a Cisco-proprietary Layer 2 protocol that runs on all Cisco devices — routers, switches, firewalls, access points, and IP phones. It enables devices to discover each other, learn their device type, hostname, IP address, IOS version, and platform, even if they are not configured with the same Layer 3 protocol. CDP operates at Layer 2 (data link layer) and sends frames to the multicast destination address 01:00:0C:CC:CC:CC. It is enabled by default on Cisco devices.
Link Layer Discovery Protocol (LLDP) is the IEEE standard (802.1AB) equivalent. It is vendor-neutral and allows devices from different vendors to discover each other. LLDP sends frames to the multicast address 01:80:C2:00:00:0E (or 01:80:C2:00:00:03 for LLDP-MED). On Cisco devices, LLDP is disabled by default and must be enabled globally and per interface.
Both protocols serve the same fundamental purpose: neighbor discovery and topology mapping. However, the exam focuses on their configuration, verification, and differences.
How CDP Works Step by Step
Initialization: When a Cisco device boots up, CDP is enabled by default on all interfaces that support SNAP (Subnetwork Access Protocol) headers. CDP frames are sent out every 60 seconds (the CDP timer).
Frame Construction: The device builds a CDP frame containing Type-Length-Value (TLV) fields. Key TLVs include:
- Device ID (hostname) - Addresses (network layer addresses, usually IP) - Port ID (interface name) - Capabilities (e.g., router, switch, host) - Software Version - Platform (e.g., Cisco 2960) - VTP Management Domain - Native VLAN (for switches) - Full/Half Duplex
Transmission: The frame is encapsulated in an 802.2 SNAP header and sent to the multicast address 01:00:0C:CC:CC:CC. All Cisco devices on the same LAN segment receive the frame.
Reception and Storage: A neighbor device receives the CDP frame, extracts the TLVs, and stores the information in its CDP neighbor table. The table entry is valid for the holdtime (default 180 seconds). If no new CDP frame is received within the holdtime, the entry is removed.
Periodic Updates: The device continues to send CDP advertisements every 60 seconds. If a change occurs (e.g., interface goes down), a CDP frame is sent immediately (triggered update).
LLDP Operation
LLDP works similarly but with these differences:
- Multicast Address: 01:80:C2:00:00:0E
- Timers: Default LLDP timer is 30 seconds; holdtime multiplier is 4, so holdtime = 120 seconds (4 x 30).
- TLVs: LLDP uses a standard set of TLVs defined by IEEE 802.1AB. Cisco also supports LLDP-MED (Media Endpoint Discovery) for VoIP devices, which adds TLVs for power negotiation, network policy, and location.
- Configuration: On Cisco IOS, you must enable LLDP globally with lldp run and per interface with lldp transmit and lldp receive.
CDP and LLDP Defaults
| Parameter | CDP Default | LLDP Default | |-----------|-------------|--------------| | Global state | Enabled | Disabled | | Timer | 60 seconds | 30 seconds | | Holdtime | 180 seconds | 120 seconds | | Per interface | Enabled (transmit & receive) | Disabled | | Version | 2 | IEEE 802.1AB |
IOS CLI Verification Commands
CDP Commands:
- show cdp neighbors – Displays a summary of CDP neighbors.
- show cdp neighbors detail – Shows detailed information including IP address, IOS version, and capabilities.
- show cdp interface [interface-id] – Shows CDP status and timers on an interface.
- show cdp traffic – Shows CDP packet statistics.
- show cdp entry * – Shows all CDP entries with details.
Example output of `show cdp neighbors`:
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch-2 Gig 0/1 152 S I WS-C2960 Gig 0/2
Router-A Gig 0/2 175 R S I ISR4321 Gig 0/0LLDP Commands:
- show lldp neighbors – Similar output to CDP.
- show lldp neighbors detail – Detailed neighbor info.
- show lldp interface [interface-id] – Shows LLDP status on an interface.
- show lldp traffic – Statistics.
- show lldp entry * – All entries.
Example output of `show lldp neighbors`:
Capability codes:
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
Juniper-1 Gi0/0 120 R ge-0/0/0Interaction with Related Protocols
CDP and LLDP are independent of STP, VLANs, and routing protocols. They operate at Layer 2 and do not rely on IP connectivity. However, they can be used by other protocols: for example, Cisco IP phones use CDP to learn the voice VLAN and power requirements (PoE). CDP also assists in Dynamic Trunking Protocol (DTP) and VLAN Trunking Protocol (VTP) advertisements, though these are less common now.
Security Considerations
Because CDP and LLDP send information about the device, they can be a security risk. Attackers can learn device types, IOS versions, and IP addresses. Best practice is to disable CDP/LLDP on interfaces that connect to untrusted networks (e.g., internet-facing) or where discovery is not needed. Use no cdp enable or no lldp transmit / no lldp receive on specific interfaces.
Verify CDP Global Status
Use `show cdp` to check if CDP is enabled globally and see the default timers. If CDP is disabled, enable it with `cdp run` in global configuration mode. Note that on newer IOS versions, CDP is enabled by default. The output shows the timer (60 seconds) and holdtime (180 seconds). This is the first step in any CDP troubleshooting scenario.
Check CDP Per Interface
Use `show cdp interface` to see which interfaces have CDP enabled. If an interface is administratively down or CDP is disabled on it, you won't see neighbors. To enable CDP on an interface, use `cdp enable` in interface configuration mode. Conversely, to disable on a specific interface (e.g., for security), use `no cdp enable`. This step isolates interface-level issues.
View CDP Neighbors Summary
Run `show cdp neighbors` to get a quick list of directly connected Cisco devices. The output shows Device ID, Local Interface, Holdtime, Capability, Platform, and Port ID. If a neighbor is missing, check physical connectivity, VLAN membership, and CDP status on both ends. This command is often the first diagnostic for Layer 2 issues.
View Detailed CDP Info
Use `show cdp neighbors detail` to see the full TLV information: IP address, IOS version, duplex, native VLAN, and VTP domain. This is useful for documenting the network or verifying that a neighbor has the expected configuration. For example, if a switch shows a mismatched native VLAN, you can spot it here.
Enable LLDP Globally and Per Interface
On Cisco devices, LLDP is disabled by default. To enable it, enter global configuration mode and issue `lldp run`. Then, on each desired interface, enter interface configuration mode and issue `lldp transmit` and `lldp receive` (or just `lldp both` on some platforms). Verify with `show lldp` and `show lldp interface`.
Verify LLDP Neighbors
Use `show lldp neighbors` to see all LLDP neighbors. The output is similar to CDP but includes all vendor devices. Use `show lldp neighbors detail` for full TLV details. If a neighbor is missing, check that LLDP is enabled on both sides, that the interface is up/up, and that no ACL is blocking the LLDP multicast address.
In enterprise networks, CDP and LLDP are invaluable for automated topology discovery and troubleshooting. Here are three common scenarios:
1. VoIP Deployment with CDP
Cisco IP phones use CDP to learn the voice VLAN ID and negotiate Power over Ethernet (PoE) power levels. When a phone plugs into a switch port, CDP frames carry the voice VLAN TLV, and the phone automatically tags its traffic with that VLAN. Without CDP, the phone might use the access VLAN (usually data) and cause voice quality issues or fail to get an IP address. Network engineers ensure CDP is enabled on access ports connecting to phones. They also use show cdp neighbors to verify the phone is detected and check its power negotiation.
2. Multi-Vendor Environment with LLDP
In a data center with Cisco switches and Juniper routers, LLDP is the common language. Engineers enable LLDP on all devices to build a network map using tools like Cisco Prime or open-source LLDP daemons. LLDP-MED is used for IP phones from different vendors. Misconfiguration occurs when LLDP is enabled globally but not on specific interfaces, or when the holdtime is too short, causing flapping neighbor entries. Engineers adjust timers with lldp timer and lldp holdtime to match the network's stability requirements.
3. Security Hardening
Security teams often disable CDP and LLDP on interfaces facing the internet or untrusted networks to prevent information leakage. For example, on a router's WAN interface, no cdp enable is configured. However, internal interfaces usually keep CDP/LLDP enabled for operational visibility. A common mistake is disabling CDP globally (no cdp run) and then wondering why IP phones don't work. The solution is to disable only on external interfaces.
Scale and Performance: CDP/LLDP generate minimal overhead — a few frames per minute per interface. Even in large networks with thousands of devices, the CPU impact is negligible. However, if timers are set too low (e.g., 5 seconds), the control plane can be overwhelmed. Always use default timers unless you have a specific need.
The CCNA 200-301 exam tests CDP and LLDP under Objective 2.6: "Configure and verify CDP and LLDP." Expect questions on:
- Default states: CDP is enabled by default; LLDP is disabled by default. This is a common trick: a question might ask 'Which protocol is enabled by default on Cisco switches?' Answer: CDP.
- Verification commands: Know show cdp neighbors, show cdp neighbors detail, show lldp neighbors, and show lldp neighbors detail. Be able to interpret output to find IP address, platform, and interface.
- Timers: CDP timer = 60s, holdtime = 180s. LLDP timer = 30s, holdtime = 120s (multiplier of 4). A question might ask: 'If the CDP holdtime is 180 seconds and the timer is 60 seconds, how many missed advertisements before the entry is removed?' Answer: 3 (180/60).
- Configuration: Know how to enable/disable globally and per interface. Commands: cdp run, no cdp run, cdp enable, no cdp enable; lldp run, lldp transmit, lldp receive.
- Common wrong answers:
1. 'LLDP is enabled by default on Cisco devices.' Wrong — it's disabled.
2. 'CDP uses multicast address 01:80:C2:00:00:0E.' Wrong — that's LLDP. CDP uses 01:00:0C:CC:CC:CC.
3. 'CDP can discover non-Cisco devices.' Wrong — CDP is proprietary.
4. 'CDP works across routers.' It works on directly connected Layer 2 segments only; it does not cross routers (Layer 3).
- Scenario trap: A switch shows a neighbor with a holdtime of 0. Candidates might think it's a misconfiguration. Actually, holdtime of 0 means the neighbor sent a 'goodbye' message (CDP version 2 supports this when an interface goes down). The entry will be removed immediately.
- Decision rule: If the question involves multiple vendors, the answer is LLDP. If it involves Cisco IP phones, the answer is CDP (or LLDP-MED, but CDP is more common).
CDP is Cisco-proprietary and enabled by default on all Cisco devices; LLDP is IEEE 802.1AB standard and disabled by default.
CDP sends frames to multicast address 01:00:0C:CC:CC:CC; LLDP sends to 01:80:C2:00:00:0E.
Default CDP timer is 60 seconds, holdtime is 180 seconds; default LLDP timer is 30 seconds, holdtime is 120 seconds.
Use 'show cdp neighbors' and 'show lldp neighbors' to verify neighbor discovery.
LLDP-MED extends LLDP for VoIP devices, providing power negotiation and network policy.
Disable CDP/LLDP on untrusted interfaces for security using 'no cdp enable' or 'no lldp transmit/receive'.
CDP and LLDP operate at Layer 2 and do not require IP connectivity.
These come up on the exam all the time. Here's how to tell them apart.
CDP
Cisco proprietary
Enabled by default
Multicast: 01:00:0C:CC:CC:CC
Timer: 60s, Holdtime: 180s
Version 2 supports 'goodbye' messages
Used by Cisco IP phones for voice VLAN and PoE
LLDP
IEEE standard (802.1AB)
Disabled by default on Cisco
Multicast: 01:80:C2:00:00:0E
Timer: 30s, Holdtime: 120s (multiplier 4)
Vendor-neutral; interop with Juniper, HP, etc.
LLDP-MED for VoIP devices
Mistake
LLDP is enabled by default on Cisco devices.
Correct
LLDP is disabled by default on Cisco devices. You must enable it globally with 'lldp run' and per interface with 'lldp transmit' and 'lldp receive'.
Candidates often assume that because CDP is enabled by default, LLDP must be too. But Cisco prioritizes its proprietary protocol.
Mistake
CDP can discover devices across a router (Layer 3 boundary).
Correct
CDP operates only at Layer 2 and cannot cross a router. It only discovers directly connected neighbors on the same VLAN or physical segment.
Candidates confuse discovery protocols with routing protocols; CDP is not forwarded.
Mistake
The CDP holdtime is the same as the timer.
Correct
The timer is the interval between advertisements (60s), while the holdtime is how long the entry is kept without receiving a new frame (180s). They are different.
The terms sound similar; candidates mix them up.
Mistake
LLDP uses the same multicast address as CDP.
Correct
LLDP uses 01:80:C2:00:00:0E; CDP uses 01:00:0C:CC:CC:CC.
Both are multicast, but the addresses are different. The exam may ask to identify the correct address.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
First, enable LLDP globally with the command 'lldp run' in global configuration mode. Then, on each interface where you want LLDP to operate, enter interface configuration mode and issue 'lldp transmit' and 'lldp receive' (or 'lldp both' on some platforms). Verify with 'show lldp' and 'show lldp interface'. Remember that LLDP is disabled by default, so you must explicitly enable it.
Yes, they can coexist on the same interface. They use different multicast addresses and do not interfere. However, be mindful of the overhead; it's usually negligible. In a multi-vendor environment, you might run both for maximum compatibility.
Enter interface configuration mode for that interface and issue 'no cdp enable'. This disables CDP transmissions and receptions on that interface only. To disable CDP globally, use 'no cdp run'. For LLDP, use 'no lldp transmit' and 'no lldp receive' on the interface, or 'no lldp run' globally.
CDP advertisements contain TLVs including: Device ID (hostname), Addresses (usually IP), Port ID (interface), Capabilities (router, switch, etc.), Software Version, Platform, VTP Domain, Native VLAN, Duplex, and more. The exact set depends on the device type and CDP version.
Possible reasons: CDP is disabled globally on one or both switches; CDP is disabled on the specific interface; the interface is down; there is a Layer 1 issue (cable, transceiver); the connected device is not Cisco (e.g., a PC) and doesn't speak CDP; or an access control list (ACL) is blocking the CDP multicast address. Check each of these systematically.
The timer is the interval (in seconds) at which CDP advertisements are sent. Default is 60 seconds. The holdtime is the amount of time (in seconds) that the receiving device keeps the CDP information before discarding it if no new advertisement is received. Default is 180 seconds. Holdtime is typically 3 times the timer. LLDP uses a multiplier of 4 (timer 30s, holdtime 120s).
CDP operates at Layer 2 and is sent on the native VLAN of a trunk port or on the access VLAN of an access port. It does not cross VLAN boundaries; it only reaches devices directly connected on the same physical segment. For example, two switches connected via a trunk will exchange CDP frames on the native VLAN, but CDP does not propagate through a router or Layer 3 switch.
You've just covered CDP and LLDP — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?