Mental model
You walk into a new network. You SSH into one switch. You don’t know what’s connected to which port. CDP / LLDP solves that — every neighbor introduces itself, periodically and unsolicited.
A Cisco switch broadcasts a multicast frame every 60 seconds saying “I’m SW1, a Catalyst 9300, IOS 17.6, my Gi0/24 is on this wire.” Every neighbor records it. You run show cdp neighbors and see a table of who’s on every port — model, IOS version, IP, peer’s port number.
That’s the entire concept. Different name (CDP / LLDP / FDP for Foundry / EDP for Extreme), same idea.
CDP vs LLDP
| CDP | LLDP | |
|---|---|---|
| Origin | Cisco-proprietary | IEEE 802.1AB (industry standard) |
| Default state on Cisco | Enabled globally + per interface | Disabled globally; needs enabling |
| Carries | Device ID, platform, capabilities, IP, IOS, native VLAN, port-ID, duplex | Same kind of info |
| Hello interval | 60s (default) | 30s (default) |
| Hold time | 180s (3× hello) | 120s (4× hello) |
| Best when | Pure Cisco environments | Multi-vendor environments |
Most production networks run both. CDP works between Cisco devices. LLDP fills in for non-Cisco gear (printers, IP cameras, Aruba APs, anything not made by Cisco).
Commands
CDP
SW1# show cdp neighbors ! one-line per neighbor (most useful)
SW1# show cdp neighbors detail ! verbose — IOS version, IP address
SW1# show cdp interface ! which interfaces have CDP active
SW1# show cdp entry R1 ! deep info about one specific neighbor
! Globally enable / disable
SW1(config)# cdp run ! default on Cisco — keep it
SW1(config)# no cdp run ! turn off entirely
! Per-interface
SW1(config-if)# cdp enable
SW1(config-if)# no cdp enable ! disable on this port only
LLDP
SW1# show lldp neighbors
SW1# show lldp neighbors detail
SW1# show lldp ! global status
! Enable globally (Cisco IOS default is OFF for LLDP)
SW1(config)# lldp run
! Per-interface — direction matters!
SW1(config-if)# lldp transmit ! send LLDP
SW1(config-if)# lldp receive ! accept incoming LLDP
SW1(config-if)# no lldp transmit ! mute outbound
LLDP separates transmit and receive — useful for “listen but don’t reveal” scenarios.
Sample output — what you’ll see
SW1# show cdp neighbors
Device ID Local Intrfce Holdtme Capability Platform Port ID
R1.corp Gig 0/24 168 R ISR4331 Gig 0/0
SW2.corp Gig 0/23 151 S WS-C2960-48 Gig 0/1
AP-12.corp Gig 0/15 122 T AIR-AP3802 Gig 0
In 5 seconds you know: R1 is a router on Gi0/24, SW2 is a switch on Gi0/23, and AP-12 is an access point on Gi0/15.
Security implications
CDP / LLDP leaks information. Any device on the LAN running tcpdump can read:
- Device hostname → guess at naming convention
- Platform → “Cisco 9300, IOS 17.6 — what vulnerabilities affect that version?”
- Native VLAN ID → VLAN hopping attack hint
- Power consumption, duplex, port-ID — info that helps an attacker map the network
The fix: disable on user-facing ports. Keep enabled on inter-switch / inter-router trunks where you actually need it.
SW1(config)# interface range GigabitEthernet0/1 - 23 ! access ports
SW1(config-if-range)# no cdp enable
SW1(config-if-range)# no lldp transmit
SW1(config-if-range)# no lldp receive
Then leave it on for uplinks where adjacent devices need to discover each other.
Voice VLANs and CDP
A specific case where you can’t simply disable CDP: Cisco IP phones use CDP to learn their voice VLAN ID from the switch automatically.
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10 ! data VLAN
SW1(config-if)# switchport voice vlan 100 ! voice VLAN
SW1(config-if)# cdp enable ! phone needs this
The phone sends CDP toward the switch, asking “what’s my voice VLAN?” The switch replies with VLAN 100. The phone tags voice traffic accordingly. Without CDP, manual phone config is needed.
LLDP-MED (Media Endpoint Discovery) is the multi-vendor equivalent — modern IP phones support it. Polycom, Yealink, and modern Cisco phones use LLDP-MED.
Common mistakes
-
Leaving CDP on every port. Security risk on user-facing ports. Disable on access ports unless they connect to IP phones / APs / specific devices that need it.
-
Disabling CDP everywhere. Now you’ve lost a key troubleshooting tool. Targeted disable, not global.
-
Forgetting LLDP is off by default on Cisco. You add a third-party device, can’t see it in CDP. Solution: turn on LLDP globally.
-
Trusting CDP/LLDP info as authoritative. It’s whatever the neighbor claims to be. Spoofable. Use as a hint, not a source of truth for ACLs / security policies.
-
Voice VLAN doesn’t work after CDP disable. Forgot the phone uses CDP. Re-enable on phone ports.
-
Confusing CDP frame multicast address. CDP uses
01:00:0c:cc:cc:cc. LLDP uses01:80:c2:00:00:0e. Both reach all bridges that support the protocol on the segment.
Lab to try tonight
- Two Cisco devices connected by a single cable.
- Wait ~2 minutes after boot. Run
show cdp neighborson each side. Verify each shows the other. - Run
show cdp neighbors detail— note all the info disclosed (IOS, IP, native VLAN, etc.). - Capture with Wireshark on a span port: filter
cdp. See the periodic CDP frames every 60 seconds. - Enable LLDP globally on both:
lldp run. Re-verify withshow lldp neighbors. - Disable CDP on one interface:
no cdp enable. Re-check — only the other side still sees this device. - Bonus: connect a third-party device (any non-Cisco router/switch). Try CDP — doesn’t work. Try LLDP — works.
Cheat strip
| Concept | Plain English |
|---|---|
| CDP | Cisco-proprietary discovery. Default on. |
| LLDP | IEEE 802.1AB. Vendor-neutral. Default off on Cisco. |
| Hello interval | CDP 60s, LLDP 30s |
show cdp neighbors | Daily-driver troubleshooting command |
detail | Adds IOS version, IP, native VLAN — more useful, more leakage |
| Security risk | Leaks platform/version info — disable on user ports |
| Voice VLAN | Cisco IP phones use CDP. Keep CDP on phone ports. |
| LLDP-MED | Multi-vendor voice equivalent |
| Multicast MACs | CDP 01:00:0c:cc:cc:cc · LLDP 01:80:c2:00:00:0e |