Cisco Discovery Protocol Security Issues

Although Cisco Discovery Protocol (CDP) is necessary for some management applications, CDP should still be disabled in some instances.

Disable CDP globally under these scenarios:

• The device is located in an insecure environment. Use the command no cdp run to disable CDP globally: Switch(config)#no cdp run

Disable CDP on any interface under these scenarios:

• Management is not being performed.

• The interface is a nontrunk interface.

• The interface is connected to a nontrusted network.

Use the interface configuration command no cdp enable to disable CDP on a specific interface:

Switch(config)#interface fastethernet 0/12

Switch(config-if)#no cdp enable

Was this article helpful?

0 0

Post a comment