Disable or turn off CDP on Cisco switches
Cisco Discover Protocol or CDP is a Cisco-proprietary protocol that runs on all Cisco products. CDP allows devices to learn about neighboring devices (the ones attached directly to the switch) including information about their platform, IP address, the version of IOS or other OS, VLAN membership, etc. This can be helpful information when troubleshooting network issues, it can also provide an attacker valuable information about the layout of your network. Other vulnerabilities include a denial of service attack in which CDP packets are generated, flooding the network. If you want to know how to turn off CDP, read on.
To disable CDP on the entire switch, use the 'no cdp run' command from enable mode:
conf t
no cdp run
no cdp run
CDP can also be disabled on specific ports. To disable CDP on FastEthernet0/3, use these commands from enable mode:
conf t
int faste0/3
no cdp enable
int faste0/3
no cdp enable
Be sure to save those settings! In my practice, I turn on CDP when I need it, then disable it when I'm done. In general, I'm opposed to things that constantly generate traffic on the network, regardless of how little, when I don't constantly benefit from that traffic.
Also see ...
Cisco: Making long commands short with aliases
H3How to configure aliases for frequently used commands./H3PIf you're like you me you hate typing in long commands over and over... and over... and over. br / br /Instead of typing span style="font style: italic"sh ip int br/span all the time wouldn't it be nice to just type span styl
H3How to configure aliases for frequently used commands./H3PIf you're like you me you hate typing in long commands over and over... and over... and over. br / br /Instead of typing span style="font style: italic"sh ip int br/span all the time wouldn't it be nice to just type span styl
Configuring DHCP to work with Cisco Manager
H3This Tech Recipe describes using an external DHCP server, in this case from a Windows Server 2000 or 2003 system, with Cisco Call Manager (CCM). When introducing CCM into environments with an exsiting DHCP infrastructure, problems may occur because Cisco IP phones require additional informatio
H3This Tech Recipe describes using an external DHCP server, in this case from a Windows Server 2000 or 2003 system, with Cisco Call Manager (CCM). When introducing CCM into environments with an exsiting DHCP infrastructure, problems may occur because Cisco IP phones require additional informatio
Optimize Cisco CallManager - Use IP address, not servername
H3In systemserver, the default name for each server is it's hostname. These names will be passed along to the phones, requiring a DNS lookup before a phone can contact CallManager./H3PTo prevent the phones from needing to contact DNS, change each server's name in systemserver to its IP addr
H3In systemserver, the default name for each server is it's hostname. These names will be passed along to the phones, requiring a DNS lookup before a phone can contact CallManager./H3PTo prevent the phones from needing to contact DNS, change each server's name in systemserver to its IP addr
Cisco switch: 802.1q trunk to router, aka router-on-a-stick
H3Connect a Cisco switch and router via 802.1q trunking. This configuration is known as a router on a stick./H3PFirst, let's start with the switch. VLAN 1 exists by default, so we'll add a couple of other VLANs: br / br /div class="code"vlan 100 br /name data br /state active br /
H3Connect a Cisco switch and router via 802.1q trunking. This configuration is known as a router on a stick./H3PFirst, let's start with the switch. VLAN 1 exists by default, so we'll add a couple of other VLANs: br / br /div class="code"vlan 100 br /name data br /state active br /
SSH configuration on PIX Firewall
H3Encrypted remote sessions to PIX Firewalls with SSH./H3PSecure SHell (SSH) provides encrypted terminal sessions, along with a lot of other neat features. br / br /a href="http://www.cisco.com" target="_blank" class="postlink" rel="nofollow"www.cisco.com/a has configuration examples f
H3Encrypted remote sessions to PIX Firewalls with SSH./H3PSecure SHell (SSH) provides encrypted terminal sessions, along with a lot of other neat features. br / br /a href="http://www.cisco.com" target="_blank" class="postlink" rel="nofollow"www.cisco.com/a has configuration examples f