Dec
31

One of the things you have to really watch out for in life (and the CCENT exam) is ensuring that you are not sending CDP information to devices that you do not trust. The last thing you want to do is advertise to potential hackers of your network exactly what Cisco devices you are running and what Layer 3 addressing they possess.

Turning off CDP in certain areas of your network is referred to as trimming CDP. Understand that whenever we eliminate security problems with our management protocols we typically reduce the effectiveness of our ability to manage the network.  For example, trimming CDP for security reasons might impact your ability to manage the network with CiscoWorks. Fortunately, there tend to be workarounds available, especially with Cisco generated network management applications.

The first (and most common) form of trimming CDP involves turning the protocol off for a particular interface. Perhaps you have an interface that faces the public Internet on a border router in your network. This interface is a prime candidate for having CDP turned off. In the exam environment, how to do this is going to require some memorization, unless you get lucky and have a simulation where you can lean on the use of context-sensitive help. Here is the procedure for turning off CDP on an interface:

RouterA# configure terminal
RouterA(config)# interface serial 0/0
RouterA(config-if)# no cdp enable

You are going to need to memorize this against how you turn off CDP globally on the entire device. This will of course disable CDP on all interfaces on the device. This procedure is as follows:

RouterA# configure terminal
RouterA(config)# no cdp run

I am sure some of our faithful readers out there have an easy way to memorize which command is needed when...be sure to comment if you do! I remember this just by thinking the whole router will no longer RUN CDP with the second command.

INE
About INE

INE is the premier provider of technical training for the IT industry. INE is revolutionizing the digital learning industry through the implementation of adaptive technologies and a proven method of hands on training experiences. Our portfolio of trainings is built for all levels of technical learning, specializing in advanced networking technologies, next generation security and infrastructure programming and development. Want to talk to a training advisor about our course offerings and training plans? Give us a call at 877-224-8987 or email us at sales@ine.com

Subscribe to INE Blog Updates

New Blog Posts!