Dec
31

One of the things you have to really watch out for in life (and the CCENT exam) is ensuring that you are not sending CDP information to devices that you do not trust. The last thing you want to do is advertise to potential hackers of your network exactly what Cisco devices you are running and what Layer 3 addressing they possess.

Turning off CDP in certain areas of your network is referred to as trimming CDP. Understand that whenever we eliminate security problems with our management protocols we typically reduce the effectiveness of our ability to manage the network.  For example, trimming CDP for security reasons might impact your ability to manage the network with CiscoWorks. Fortunately, there tend to be workarounds available, especially with Cisco generated network management applications.

The first (and most common) form of trimming CDP involves turning the protocol off for a particular interface. Perhaps you have an interface that faces the public Internet on a border router in your network. This interface is a prime candidate for having CDP turned off. In the exam environment, how to do this is going to require some memorization, unless you get lucky and have a simulation where you can lean on the use of context-sensitive help. Here is the procedure for turning off CDP on an interface:

RouterA# configure terminal
RouterA(config)# interface serial 0/0
RouterA(config-if)# no cdp enable

You are going to need to memorize this against how you turn off CDP globally on the entire device. This will of course disable CDP on all interfaces on the device. This procedure is as follows:

RouterA# configure terminal
RouterA(config)# no cdp run

I am sure some of our faithful readers out there have an easy way to memorize which command is needed when...be sure to comment if you do! I remember this just by thinking the whole router will no longer RUN CDP with the second command.

INE Instructor
About INE Instructor

Subscribe to INE Blog Updates

New Blog Posts!