Discovering Cisco Discovery Protocol

What Is Cisco Discovery Protocol?

 

Cisco Discovery Protocol, also known as CDP, is something Cisco has quietly added to its entire product line. If you haven’t read your release notes carefully, you might not have noticed this feature. It’s quietly there on your links, consuming a very small amount of bandwidth for a pretty good purpose.

The CDP protocol is media and network protocol independent. It works with Cisco bridges and switches. (Review question: what layer must it be operating at?) It provides a mechanism for two neighboring devices to learn about each other, even if they don’t both speak the same network protocol. At the end of this article, we’ll see what that might be useful for.

 

Technical Details

 

CDP uses SNAP frames at the data layer. Media that allow this: all LAN media, Frame Relay, and ATM.

The CDP information is sent periodically to a multicast address. The default period is 60 seconds. Using multicast is kinder and gentler than broadcasting it. It gives non-participants a chance to ignore the traffic, depending on how smart their NIC cards and drivers are.

The CDP announcement contains one or more addresses which can receive SNMP messages. There is also holdtime information in the announcement as well. This means that the information will be discarded if not refreshed before the holdtime expires.

Configuring CDP

 

Configuring CDP is easy: it’s on by default on routers and interfaces (despite what some versions of the documentation may say).

  • no cdp run: disables CDP globally
  • no cdp enable: disables CDP on an interface (interface command)

Other configuration commands:

  • cdp timer seconds: interval between CDP advertisements
  • cdp holdtime seconds: holdtime before information should be discarded

Some EXEC commands related to CDP:

  • clear cdp counters: reset traffic counters
  • clear cdp table: purge the table of neighbor information

 

Show Commands

 

There’s the usual complement of show commands. These include:

  • show cdp
  • show cdp entry entry-name [protocol | version]
  • show cdp interface [type number]
  • show cdp neighbors [type number] [detail]
  • show cdp traffic

The options in square brackets allow greater specificity in what’s displayed. Here’s some sample show command output.

entry Information for specific neighbor entry

interface CDP interface status and configuration

neighbors CDP neighbor entries

traffic CDP statistics

<cr>

Note that nothing displayed — the device name here is (currently) case-sensitive. So we need:

-------------------------

Device ID: Paris

Entry address(es):

IP address: 145.4.0.1

Novell address: A4.aa00.0400.0228

DECnet address: 10.2

Appletalk address: 1007.185

Platform: cisco 2500, Capabilities: Router

Interface: Ethernet0, Port ID (outgoing port): Ethernet0

Holdtime : 145 sec

Version :

Cisco Internetwork Operating System Software

IOS (tm) 3000 Software (IGS-J-L), Version 11.0(4), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1995 by cisco Systems, Inc.

Compiled Mon 18-Dec-95 17:21 by alanyu

That’s a lot of information about Paris! We can also pull out just parts of this:

Protocol information for Paris :

IP address: 145.4.0.1

Novell address: A4.aa00.0400.0228

DECnet address: 10.2

Appletalk address: 1007.185

Version information for Paris :

Cisco Internetwork Operating System Software

IOS (tm) 3000 Software (IGS-J-L), Version 11.0(4), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1995 by cisco Systems, Inc.

Compiled Mon 18-Dec-95 17:21 by alanyu

If we want to check how CDP is configured on an interface:

Ethernet0 is up, line protocol is up, encapsulation is ARPA

Sending CDP packets every 60 seconds

Holdtime is 180 seconds

To see which neighboring routers CDP has learned about:

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP

Device ID Local Intrfce Holdtme Capability Platform Port ID

york Ser 0 146 R 2500 Ser 0

Paris Eth 0 149 R 2500 Eth 0

kyoto Eth 1 132 R 2500 Eth 1

That’s the short form. To get the full details:

-------------------------

Device ID: york

Entry address(es):

IP address: 145.3.0.1

Novell address: A3.0000.0c34.692c

Platform: cisco 2500, Capabilities: Router

Interface: Serial0, Port ID (outgoing port): Serial0

Holdtime : 139 sec

Version :

Cisco Internetwork Operating System Software

IOS (tm) 3000 Software (IGS-J-L), Version 11.0(4), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1995 by cisco Systems, Inc.

Compiled Mon 18-Dec-95 17:21 by alanyu

-------------------------

Device ID: Paris

Entry address(es):

IP address: 145.4.0.1

Novell address: A4.aa00.0400.0228

DECnet address: 10.2

Appletalk address: 1007.185

Platform: cisco 2500, Capabilities: Router

Interface: Ethernet0, Port ID (outgoing port): Ethernet0

Holdtime : 140 sec

Version :

Cisco Internetwork Operating System Software

IOS (tm) 3000 Software (IGS-J-L), Version 11.0(4), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1995 by cisco Systems, Inc.

Compiled Mon 18-Dec-95 17:21 by alanyu

-------------------------

Device ID: kyoto

Entry address(es):

IP address: 145.5.0.1

Novell address: A5.0000.0c7e.f635

Platform: cisco 2500, Capabilities: Router

Interface: Ethernet1, Port ID (outgoing port): Ethernet1

Holdtime : 123 sec

Version :

Cisco Internetwork Operating System Software

IOS (tm) 3000 Software (IGS-J-L), Version 11.0(4), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1995 by cisco Systems, Inc.

Compiled Mon 18-Dec-95 17:21 by alanyu

And finally, we can use a show command to find out how much CDP traffic we’ve been processing:

CDP counters :

Packets output: 49, Input: 44

Hdr syntax: 0, Chksum error: 0, Encaps failed: 0

No memory: 0, Invalid packet: 0, Fragmented: 0

Debugging CDP

 

If you want to, you can use debug to watch the CDP activity. There are three variants available:

  • debug cdp adjacency
  • debug cdp events
  • debug cdp packets

So What’s In It For Me?

 

That may all look nifty but rather technical. Why should we care about CDP?

Cisco is not hiding anything here: the documentation states that a SNMP management application can learn protocol addresses and device types of neighboring devices, by retrieving the CDP tables from an SNMP agent in a Cisco device. That means a full multi-protocol network discovery engine could be built using CDP.

The original intent might have been to get at vLAN’s to manage switches. But think about the potential: Cisco or a third party can now build an HP OpenView or IBM NetView add-on that does discovery and generates topology maps, one for each network protocol. The HP OpenView architecture seems to be intended to support precisely this sort of third-party functionality. In addition, DEC’s new NT-based network management architecture should accomodate this.