# CDP

> Source: Courseiva IT Certification Glossary — https://courseiva.com/glossary/cdp

## Quick definition

CDP stands for Cisco Discovery Protocol. It is a tool used by Cisco network devices like routers and switches to automatically tell each other who they are and what they are connected to. This helps network administrators see a map of the network without having to manually check each device. CDP works at Layer 2 of the OSI model, so it can share information even if higher-layer protocols are not configured.

## Simple meaning

Imagine you move into a new apartment building. You don't know your neighbors yet. CDP is like each apartment sending out a friendly postcard that says, "Hi, I'm Apartment 3B, I run a home office, and my Wi-Fi network is called 'OfficeNet.'" Everyone who receives the postcard pins it on a community board. Now, if you are the building manager, you can walk past that board and instantly know who lives where, what they do, and how to reach them. 

 In a computer network, Cisco devices send out these postcards every 60 seconds by default. The postcard is a special message called an advertisement. It contains the device's hostname, the type of device it is (like a router or switch), the software version it is running, and the network interfaces it has. Any directly connected Cisco device that receives this message stores the information in a local table. You can then use a command like "show cdp neighbors" to see the list. 

 This is extremely useful because networks can have dozens or hundreds of devices. Without CDP, you would have to log into each device separately to find out what it is connected to. CDP gives you a quick, automatic, and reliable view of your Layer 2 connections. It works even if the devices are not configured with IP addresses, because it uses a special Layer 2 frame format that Cisco devices understand. 

 The only catch is that CDP is Cisco proprietary. That means it only works between Cisco devices. If you have a network switch from another vendor, like HP or Juniper, it will not understand CDP messages. However, many network engineers still rely on CDP heavily in Cisco-only or mostly-Cisco environments because it is simple, automatic, and does not require any extra configuration beyond being enabled (which it is by default on most Cisco devices).

## Technical definition

CDP is a network protocol developed by Cisco Systems that operates at Layer 2 of the OSI model, specifically using Subnetwork Access Protocol (SNAP) frames. It is designed to allow Cisco devices to discover and share identity and capability information with directly connected neighbors without requiring any Layer 3 configuration. CDP is media- and protocol-independent, meaning it can run over any medium that supports SNAP encapsulation, including Ethernet, Frame Relay, ATM, and FDDI. 

 The protocol works by having each CDP-enabled Cisco device periodically send multicast frames to a reserved destination MAC address of 01-00-0C-CC-CC-CC. These frames are sent every 60 seconds by default, with a holdtime of 180 seconds. If a device does not receive a CDP advertisement from a neighbor within the holdtime, it removes that neighbor from its CDP neighbor table. The advertisements carry a wealth of information in Type-Length-Value (TLV) format. Key TLVs include device ID (usually the hostname), address (network and data-link layer addresses), port ID (the local interface name), capabilities (e.g., router, switch, host), platform (the exact hardware model), and software version (the IOS version running). 

 CDP operates at Layer 2, so it is particularly useful for discovering directly connected devices that may not have IP connectivity yet. For example, during initial network setup, an engineer can connect a laptop to a Cisco switch, enable CDP, and instantly see the switch's hostname and model without configuring an IP address on either device. CDP also helps with troubleshooting: if a link is down, the CDP neighbor table will show the absence of a neighbor that should be there, pointing to a physical or Layer 1 issue. 

 Cisco devices have CDP enabled globally by default, and also on each interface. Administrators can disable CDP globally with the command "no cdp run" or on specific interfaces with "no cdp enable". On some modern switches, CDP may be disabled by default for security reasons, as CDP advertisements can leak network topology information to an attacker who gains physical access. Cisco also recommends disabling CDP on interfaces facing untrusted or external networks. 

 CDP has a close relative called LLDP (Link Layer Discovery Protocol), which is an IEEE standard (802.1AB). LLDP works similarly but is vendor-neutral. Many enterprise networks run both CDP and LLDP, using CDP for Cisco-specific details and LLDP for interoperability with other vendors. Understanding CDP is fundamental for the CCNA and CCNP exams, as it appears in topics on network discovery, Layer 2 technologies, and troubleshooting methodologies.

## Real-life example

Think of a large office building with many departments. Each department has a manager. You are the building's facilities manager. Without any system, if you want to know which department is in which room, you would have to knock on every door and ask. That would take hours and would annoy everyone. 

 Now imagine that every department places a small nameplate on the outside of their door. The nameplate says, "Sales Department, Manager: Jane, Phone Extension: 234, Hours: 9-5." You can walk down the hallway and quickly gather all this information in a few minutes. This is exactly what CDP does, but instead of nameplates, devices send electronic advertisements. Each Cisco device puts its own nameplate on the virtual network cable, so any directly connected Cisco device can read it. 

 The map you build becomes invaluable when something goes wrong. If a department reports that they cannot print, you look at your map and see that the printer in Room 304 is connected to the switch in Room 302. You can then check that specific switch port without guessing. Similarly, if a new department moves in, they place their nameplate, and you know immediately without any manual paperwork. 

 CDP works autonomously. You do not have to go around turning on a nameplate feature on each door; the doors are designed to always display the nameplate. In the same way, CDP is enabled by default on Cisco devices. This makes initial network setup and ongoing troubleshooting much faster and more reliable. The only downside is that if a bad actor gains physical access to the building, they can also read all the nameplates, gaining intelligence about who works where. That is why network security best practices often recommend disabling CDP or filtering it on ports that connect to untrusted devices.

## Why it matters

In the day-to-day work of a network administrator, CDP is a quick diagnostic lifesaver. When a user reports that they cannot reach a server, you can often start by checking the CDP neighbors on the user's access switch. If the switch shows the upstream router as a neighbor, you know the Layer 2 connection is intact and the problem lies higher up. If the neighbor is missing, you have a strong clue that the cable or the upstream device port is failing. 

 CDP also matters because it provides a topology map without requiring SNMP, a network management system, or even IP routing. In a small office, you might not have a dedicated network monitoring tool. CDP gives you a simple command-line view of your physical and logical connections. It is also free, built into every Cisco IOS device, and does not consume significant bandwidth due to its 60-second update interval. 

CDP is critical for certain network services. Cisco IP phones use CDP to learn the voice VLAN ID from a switch. Without CDP, the phone might not know which VLAN to use for voice traffic, causing poor call quality or no connectivity. Similarly, Cisco Wireless LAN Controllers use CDP to discover access points. These real-world dependencies mean that knowing how CDP works is not just exam trivia but practical knowledge you will use on the job. 

 From a security standpoint, CDP can inadvertently expose network information. Attackers can use tools to capture CDP frames and learn device models, IOS versions, and hostnames, which they can then use to craft targeted attacks. That is why modern best practices advise disabling CDP globally or on untrusted interfaces. Understanding this trade-off between ease of management and security is a key part of being a responsible network professional.

## Why it matters in exams

CDP is a core topic for the CCNA exam (200-301). It appears under the 'Network Access' and 'IP Connectivity' sections, specifically in the context of Layer 2 discovery and troubleshooting. The exam expects you to know how to interpret CDP output, understand the protocol's default timers (60-second update, 180-second holdtime), and know the command syntax for enabling and disabling CDP. 

 Multiple-choice questions often test your knowledge of CDP characteristics: what information it provides (device ID, platform, port ID, capabilities, software version), which layer it operates at (Layer 2), and that it is Cisco proprietary. You may be asked to compare CDP to LLDP, including the fact that LLDP is IEEE standard 802.1AB and is not Cisco proprietary. 

 Simulated lab questions (or the new style of exam tasks) may present a topology and ask you to identify which devices are connected to which interfaces. You will need to use the "show cdp neighbors" and "show cdp neighbors detail" commands to answer. Troubleshooting scenarios might give you a CDP neighbor table that is incomplete, and you must determine whether the issue is a physical disconnection, a disabled interface, or CDP being globally disabled. 

 Another common exam trap involves the default CDP state. Many students assume CDP is always enabled on all interfaces, but in recent IOS versions, CDP might be disabled on certain interface types like ISDN or serial interfaces. The exam may test whether you know that CDP requires the interface to be up and have a connection to a Cisco device. If a neighbor is a non-Cisco device, CDP will not show it, which can be a trick answer in a scenario question. 

 To prepare, practice the commands in a lab environment. Pay special attention to the output of "show cdp neighbors" and "show cdp entry *". Understanding the differences between CDPv1 and CDPv2 (CDPv2 supports TLVs for native VLAN and duplex information) is also useful, though v1 is largely obsolete in modern exams. Finally, remember that CDP frames are multicast, not broadcast, and they are sent to MAC address 01-00-0C-CC-CC-CC. This multicast address detail can appear in a protocol theory question.

## How it appears in exam questions

CDP questions on the CCNA exam fall into three main patterns: command output interpretation, configuration logic, and troubleshooting analysis. 

 In command output interpretation questions, you will be shown the output of "show cdp neighbors" or "show cdp neighbors detail". You might be asked to identify the type of device connected to a specific port, the IOS version running on a neighbor, or the model number of the neighbor. For example, a question might show a table with a neighbor entry having platform 'WS-C2960-24TC-L', and you need to recognize that it is a switch. Another variant gives you the output and asks what the holdtime means, or why a particular interface does not have a CDP neighbor. 

 Configuration logic questions test your understanding of CDP commands. You could be asked to choose the correct command to disable CDP on an interface ("no cdp enable") versus globally ("no cdp run"). A scenario might present a security concern where a network admin wants to stop CDP advertisements on ports facing a public area. The correct answer is to use "interface fastethernet0/1" followed by "no cdp enable". Another question might ask which command is used to verify that CDP is enabled globally, with the answer being "show cdp". 

 Troubleshooting analysis questions are the most challenging. A typical scenario: a user cannot connect to the network, and you are given a partial output of "show cdp neighbors" on the access switch. One expected neighbor is missing. You must determine whether the issue is a faulty cable, a disabled port, a non-Cisco device, or CDP being disabled on the neighbor. Another scenario might involve multicast flooding: if CDP is enabled on many interfaces and an attacker sends many fake CDP frames, it could overwhelm the CPU. The exam might ask how to mitigate such an attack, with disabline CDP on user-facing ports being a valid answer. 

 Exam questions also sometimes combine CDP with VLAN information. For instance, a switch port may be configured with the 'switchport voice vlan' command, and CDP is used to communicate the VLAN ID to an IP phone. A question could test that without CDP, the phone will not know which VLAN to use and might default to the access VLAN, leading to voice traffic issues. Recognizing that CDP provides this Layer 2 service is key. 

 Finally, you may see a question comparing CDP and LLDP. The correct answer often highlights that CDP is Cisco proprietary, while LLDP is IEEE standard. You might also be asked about the default update interval: 60 seconds for CDP, and usually 30 seconds for LLDP (though configurable). Being precise with these numbers can earn you points on the exam.

## Example scenario

You are a newly hired network technician at a midsize company. Your supervisor hands you a diagram that shows five Cisco switches connected in a star topology, but the diagram is two years old and might be outdated. You need to verify the actual physical connections. 

 You sit down at the main distribution switch, which is a Catalyst 3850. You open a terminal session and type 'show cdp neighbors'. The output shows four neighbors: one on GigabitEthernet1/0/1 is a Catalyst 2960, one on GigabitEthernet1/0/2 is another 2960, one on GigabitEthernet1/0/3 is a router (Cisco 4321), and one on GigabitEthernet1/0/4 is an IP phone (CP-8845). The old diagram only listed three switches, so you have discovered an extra switch that was recently added without updating the documentation. 

 You then move to the new switch, which you found on G1/0/2. You run 'show cdp neighbors' on it to see what devices are connected downstream. It shows two more access switches and a wireless access point (AIR-AP1852). You now have an accurate picture of the Layer 2 topology. 

 Later, while investigating a slow network complaint from the third floor, you check the CDP neighbor table on the first-floor switch that is supposed to connect to the third-floor switch. The neighbor is missing. You walk to the wiring closet and find that the fiber patch cable has become loose. After re-seating it, CDP shows the neighbor again, and the complaint is resolved. This scenario shows how CDP helps you discover unknown devices and quickly isolate physical problems.

## Common mistakes

- **Mistake:** Thinking CDP works only over Ethernet.
  - Why it is wrong: CDP is media-independent and can work over Frame Relay, ATM, FDDI, and serial links, as long as the medium supports SNAP encapsulation. Many students assume it only runs on Ethernet because that is what they see in labs.
  - Fix: Remember that CDP is Layer 2 and media-agnostic. It can run on any Cisco interface that supports SNAP, including serial interfaces used for WAN.
- **Mistake:** Assuming CDP is always enabled by default in all Cisco IOS versions.
  - Why it is wrong: While CDP is enabled by default on most Cisco switches and routers, some newer IOS-XE versions and certain device types (like Cisco Catalyst 9000 series) may have CDP disabled globally by default for security hardening. Relying on default behavior without verifying can cause issues.
  - Fix: Always verify CDP status with 'show cdp' or 'show cdp neighbors' during network setup, and explicitly enable it if needed with 'cdp run'.
- **Mistake:** Confusing the command 'no cdp run' with 'no cdp enable'.
  - Why it is wrong: 'no cdp run' disables CDP globally on the device, while 'no cdp enable' disables it only on the specific interface. Disabling globally when you only meant to disable on one interface breaks CDP on the entire device.
  - Fix: To disable CDP on a single port, go to interface configuration mode and use 'no cdp enable'. Leave 'cdp run' enabled globally.
- **Mistake:** Thinking CDP can discover devices more than one hop away.
  - Why it is wrong: CDP only works with directly connected neighbors. It does not forward advertisements to other devices. A common exam trick shows a topology where a device is two hops away and asks whether CDP will see it. The answer is no.
  - Fix: Remember: CDP is a Layer 2, one-hop discovery protocol. It only sees devices that are physically connected to the local device. For multi-hop discovery, use protocols like SNMP or traceroute.
- **Mistake:** Believing CDP requires an IP address to function.
  - Why it is wrong: CDP operates at Layer 2; it does not need IP addresses or routing. It uses a special multicast MAC address to send frames. This is a key feature, especially when configuring devices without IP connectivity.
  - Fix: Understand that CDP runs independently of Layer 3. Even if a switch has no IP address, it can still advertise and receive CDP information.
- **Mistake:** Assuming CDP sends information only when requested.
  - Why it is wrong: CDP sends advertisements every 60 seconds by default, regardless of whether a neighbor is listening. It is a periodic push model, not a request-response model.
  - Fix: Know that CDP is a periodic unsolicited advertisement. The default timer is 60 seconds. This distinguishes it from protocols like DHCP, which use a request-response mechanism.

## Exam trap

{"trap":"A question asks which command to use to see the software version of a directly connected Cisco device. Many students instinctively type 'show version' or 'show cdp neighbors' and get it wrong.","why_learners_choose_it":"Learners often think 'show version' will give remote device info, but it only shows the local device's version. They also sometimes choose 'show cdp neighbors' because it shows neighboring devices, but that command does not show software version; it shows platform and port ID.","how_to_avoid_it":"Remember that 'show cdp neighbors detail' or 'show cdp entry *' includes the software version TLV for each neighbor. Memorize that the 'detail' keyword adds the software version and other details not shown in the basic 'show cdp neighbors' output."}

## Commonly confused with

- **CDP vs LLDP:** LLDP (Link Layer Discovery Protocol) is an IEEE standard (802.1AB) that works on multi-vendor networks, while CDP is Cisco proprietary. Both operate at Layer 2 and perform similar discovery functions, but LLDP can interoperate with devices from different manufacturers. CDP provides additional Cisco-specific TLVs like native VLAN and power negotiation that LLDP may not have. (Example: If you have a mixed network with Cisco switches and HP servers, you use LLDP to discover the HP servers, as they will not understand CDP. For Cisco IP phones, you would still use CDP for voice VLAN assignment.)
- **CDP vs STP:** STP (Spanning Tree Protocol) is a Layer 2 protocol that prevents loops in Ethernet networks by blocking redundant paths. CDP is strictly for device discovery and topology information, not for loop prevention. STP exchanges BPDUs, not CDP advertisements, even though both use multicast frames. (Example: STP ensures that a network with two switches connected by two cables does not create a broadcast storm. CDP would simply show that both ports are connected to the other switch, but it would not take any action to prevent loops.)
- **CDP vs NDP:** NDP (Neighbor Discovery Protocol) is part of IPv6 and operates at Layer 3. It replaces ARP and ICMP Router Discovery in IPv6 networks. CDP is Layer 2 and works with both IPv4 and IPv6, while NDP is specific to IPv6. They serve different purposes: NDP discovers IPv6 neighbors and resolves addresses, while CDP discovers Cisco device details. (Example: On an IPv6 network, a router uses NDP to learn the link-local address of a host. CDP would not help with that; it would only tell you the hostname and platform of the connected Cisco router.)
- **CDP vs ARP:** ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses at Layer 2. CDP does not perform address resolution; it shares device identity and capability. ARP is a request-response protocol, whereas CDP is periodic unsolicited advertisements. They both operate at Layer 2, but their functions are completely different. (Example: When a host wants to send a packet to another host on the same LAN, it uses ARP to find the destination MAC. CDP would not be involved in this process at all; it is only for device discovery, not for communication between hosts.)

## Step-by-step breakdown

1. **CDP advertisement creation** — A Cisco device prepares a CDP frame containing TLVs with its device ID, platform, software version, capabilities, port ID, and native VLAN. This frame is encapsulated in a SNAP header and sent to the multicast MAC address 01-00-0C-CC-CC-CC.
2. **Transmission to all interfaces** — The device transmits this frame out of every interface that has CDP enabled. By default, CDP is enabled on all interfaces. The frame is sent every 60 seconds.
3. **Reception by neighbor device** — A directly connected Cisco device with CDP enabled receives the multicast frame. The device processes the frame at Layer 2 and extracts the TLVs. It then updates its CDP neighbor table with the information.
4. **Neighbor table storage and aging** — The received information is stored in the CDP neighbor table along with a timestamp. The default holdtime is 180 seconds. If no new advertisement is received from that neighbor before the holdtime expires, the entry is removed. This ensures stale information does not persist.
5. **Displaying neighbor information** — Network administrators can view the neighbor table using commands like 'show cdp neighbors' (summary) or 'show cdp neighbors detail' (full information). This output provides a clear view of directly connected Cisco devices.
6. **Troubleshooting and topology verification** — The administrator uses the CDP output to verify physical connections, identify unknown devices, and diagnose link failures. Missing neighbors indicate potential problems, such as a disabled port, faulty cable, or CDP being disabled.

## Practical mini-lesson

CDP is one of the most practical tools you will use as a network engineer, especially during the initial setup and ongoing maintenance of Cisco networks. In a real-world environment, you will rarely configure anything for CDP because it is enabled by default. However, you must know how to verify its status, interpret its output, and manage its security implications. 

 To verify CDP globally, use the command 'show cdp'. This will tell you whether CDP is enabled, the default timers (update and holdtime), and the version (CDPv2 is standard). To see all neighbors, use 'show cdp neighbors'. The output shows a table with columns for Device ID, Local Interface, Holdtime, Capability, Platform, and Port ID. For example, a line might read: 'Switch-B Gig 0/2 147 S WS-C2960-24TT Gig 0/2'. This tells you that a switch named Switch-B is connected to your local interface Gig0/2, with 147 seconds left in the holdtime, it is a switch (S stands for switch), it is a 2960 model, and its remote port is also Gig0/2. 

 When you need more details, use 'show cdp neighbors detail'. This command outputs the full set of TLVs for each neighbor, including the exact IOS version string, the native VLAN, and the duplex setting. This is extremely helpful when planning IOS upgrades, as you can see which neighbors are running older code. In a production network, you might use this to identify devices that need patching. 

 One common practical task is to disable CDP on user-facing switch ports for security reasons. Attackers with physical access can plug in a laptop and capture CDP frames, revealing the switch's hostname, model, and IOS version. To prevent this, you go into each user port interface configuration mode and issue the command 'no cdp enable'. You can also disable CDP globally with 'no cdp run', but that is a sledgehammer approach because you lose the discovery benefits on uplink ports. A better practice is to disable CDP only on access ports and keep it on trunk ports and router interfaces. 

 Another practical use is verifying voice VLANs. When a Cisco IP phone is connected to a switch port configured with the 'switchport voice vlan' command, the switch uses CDP to tell the phone which VLAN to use for voice traffic. Without CDP, the phone will not receive this information and might default to the data VLAN, causing poor voice quality or no dial tone. So if users complain about their phones, always check that CDP is enabled on the phone port. 

 Finally, be aware that CDP advertisements consume a small amount of bandwidth and CPU. On a network with thousands of devices, the periodic multicast frames add up, but in practice, the overhead is minimal. The real risk is information leakage, not resource consumption. Keep that perspective when working with CDP in your professional career.

## Memory tip

CDP = Cisco's Devious Postcard: It sends a postcard every 60 seconds to its neighbors (01-00-0C-CC-CC-CC), and the postcard stays on the wall for 180 seconds.

## FAQ

**Does CDP work with non-Cisco devices?**

No, CDP is Cisco proprietary. Non-Cisco devices do not understand CDP frames. For multi-vendor environments, use the IEEE standard LLDP instead.

**Is CDP enabled by default on all Cisco devices?**

In most cases, yes. However, some newer models or IOS versions, especially those focused on security, may have CDP disabled by default. Always verify with 'show cdp'.

**Can CDP cross a router?**

No, CDP operates at Layer 2 and only works with directly connected neighbors. Routers do not forward CDP frames between interfaces.

**What information does a CDP advertisement contain?**

It contains the device ID (hostname), platform (model), software version, port ID (local interface), capabilities (router, switch, etc.), native VLAN, and duplex settings.

**How often does CDP send advertisements?**

By default, CDP advertisements are sent every 60 seconds. The holdtime is 180 seconds, meaning a neighbor entry is removed if no advertisement is received within 180 seconds.

**What is the difference between 'no cdp run' and 'no cdp enable'?**

'no cdp run' disables CDP globally on the entire device. 'no cdp enable' disables CDP only on a specific interface.

**How do I see the IOS version of a neighbor using CDP?**

Use the command 'show cdp neighbors detail' or 'show cdp entry *'. These show the full software version string for each neighbor.

**Is CDP secure?**

CDP has no authentication or encryption. Anyone who can receive the multicast frames can read the information. That is why it should be disabled on untrusted interfaces.

## Summary

CDP, or Cisco Discovery Protocol, is a foundational Layer 2 discovery protocol that allows Cisco devices to automatically share identity and capability information with directly connected neighbors. It simplifies network documentation, troubleshooting, and initial setup by providing a command-line view of the physical topology without requiring any Layer 3 configuration. 

 For the CCNA exam, a solid understanding of CDP is essential. You must know its default timers (60-second update, 180-second holdtime), the type of information it carries (device ID, platform, software version, port ID, capabilities), and the commands to verify and manage it ('show cdp neighbors', 'show cdp neighbors detail', 'no cdp enable', 'no cdp run'). You should also be able to compare CDP with LLDP, as the exam tests the distinction between Cisco proprietary and IEEE standard protocols. 

 In professional practice, CDP is a double-edged sword. It is incredibly useful for discovering devices and validating connections, but it also leaks network topology information that attackers can exploit. The best approach is to enable CDP on infrastructure ports (uplinks, trunk links) and disable it on access ports facing end users and untrusted networks. 

 As you prepare for your exam, spend time in a lab environment practicing the 'show cdp' commands and understanding how the output maps to real devices. This hands-on practice will make the exam questions much easier and prepare you for real-world network management. Remember, CDP is your friendly postcard service, but use it wisely.

---

Practice questions and the full interactive page: https://courseiva.com/glossary/cdp
