How to Discover Neighboring Cisco Devices Using Cisco Discovery Protocol (CDP)

CDP is a very useful yet potentially dangerous protocol. It lets you gather information about all neighboring devices. That can help a sysadmin find the right router, but it can also help an attacker map the target network. For that reason, CDP is usually disabled on outward-facing ports.

Use the show cdp neighbors command to view neighboring devices. The output will appear as a table.

To get more detailed information about neighbors, add the detail parameter to the command:

The output will be more verbose:

It shows the device’s IP address, the IOS version, and the ports on both ends, which is very handy when you need to trace a specific cable.

CDP operates at OSI Layer 2, and its mechanism works roughly as follows. A device sends a multicast advertisement to the MAC address 01-00-0c-cc-cc-cc. By default, advertisements are sent every 60 seconds on Ethernet, Frame Relay, and ATM interfaces. A device that understands these advertisements stores them in its CDP table. If a device misses three consecutive advertisements, it’s automatically removed from the table.

You can view the protocol settings with the command show cdp. The output will look something like this:

To adjust settings (for example, the CDP advertisement interval), use the cdp timer 10 command.

Because CDP is a Cisco protocol, in multivendor networks you should expect neighbor lists to be incomplete. For example, 3Com and D-Link switches don’t play nicely with CDP, while MikroTik tends to interoperate with Cisco quite well.