ICND1 100-105

ICND1 100-105

Discovering Neighbors on the Network

The Cisco Discovery Protocol is an information gathering tool used by network administrators to obtain information about directly connected Cisco devices. It is a very powerful tool to start understanding your network topology by looking at the neighbors of a certain device. This protocol runs at layer 2 and so that is why it can only detect and discover the directly connected devices. However, the advantage is that it is independent from any upper layer or layer 3 protocols.

In fact, knowing that most of our networks are TCP/IP only these days, still if TCP/IP is not configured or not configured properly, then CDP will still be able to discover devices and give you several pieces of information about them including their IP address. This is a proprietary protocol which requires the SNAP encapsulation.

Discovering Neighbors with CDP

As a layer 2 protocol, you can only discover directly connected neighbors. If you are connected to the console of switch and wanted to learn about the capabilities of a router which is connected behind other device, you would have to discover your directly connected neighbor, telnet to it, and then discover its directly connected neighbor - the router. In any case, the information gathered includes important pieces that allow you to identify the type of device in terms of the hardware platform, for example, a Cisco 2800 Series Router.

Its capabilities in the form of supported features, but also the device identifier and this would be the host name of the device. The ports that you are using to connect and see it and even a list of network layer addresses for each one of their protocols supported and so even though this is a layer 2 protocol, it can gather information about layer 3 and display IP addresses.

Using CDP

CDP is a very simple protocol with low overhead. It is enabled by default on Cisco-capable devices. You can disable it at the global configuration level with a no cdp run command and then enable it again globally with a cdp run command. You can also enable it or disable it on an interface level by issuing the cdp enable command or no cdp enable. In order to enable at the interface, you have to have it enabled globally. Other than that, displaying information is fairly simple. You only have to use the show cdp neighbors command and start seeing the information on your neighbors.

Here is a sample of the show cdp neighbors command. It will display the directly connected neighbors, namely RouterA and RouterB, and you can see the host names, local interfaces where you are seeing that device, and their own interface where they are seeing you. The platform is listed as well as capabilities and you can see the legend there in terms of the capabilities and what they mean. You will be able to tell whether the devices are layer 3 device acting as a router or simply a switch and support for certain other capabilities.

The hold time tells you that this is a dynamic protocol. In fact, it will advertise frequently the capabilities of a certain device. It does it every 60 seconds by default. The hold time is an ageing time for the receiving devices to hold CDP information before discarding it. This is just to age out information that may have changed.

RouterB#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
RouterA.lab.local
                 Ser 0/0            169        R S I      2691      Ser 0/0
RouterC.lab.local
                 Ser 0/1            130        R S I      2691      Ser 0/0

The previous output was more of a summary that displayed each neighbor line by line. If you want to see more details about that neighbor, then you can use either the show cdp neighbors detail command or show cdp entry command. When you do the output here shows all of the details of one particular device, this time RouterB as seen by RouterA. So it shows on top of the platform and capabilities, which were shown by the summary version, also the network layer addresses this time an IP address 10.1.1.2 and a glimpse of the show version command of the neighbor device. It shows just a few lines enough to tell you about the version of the operating system, the feature set, and copyright information.

RouterA#show cdp neighbors detail
-------------------------
Device ID: RouterB.lab.local
Entry address(es):
  IP address: 10.1.1.2
Platform: Cisco 2691,  Capabilities: Router Switch IGMP
Interface: Serial0/0,  Port ID (outgoing port): Serial0/0
Holdtime : 126 sec

Version :
Cisco IOS Software, 2600 Software (C2691-ADVENTERPRISEK9-M), Version 12.4(25d), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 18-Aug-10 05:35 by prod_rel_team

advertisement version: 2
VTP Management Domain: ''

Additional Cisco Discovery Protocol Commands

In terms of troubleshooting CDP, you can use the show cdp traffic command. This will display total packets input and output, also total packets for the different versions of CDP, and counters related to errors on those packets, which could be a signal of a corrupted CDP process or a software bug. Also, encapsulation errors if the encapsulation is not supported by the underlying media.

RouterA#sh cdp traffic
CDP counters :
        Total packets output: 82, Input: 41
        Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
        No memory: 0, Invalid packet: 0, Fragmented: 0
        CDP version 1 advertisements output: 0, Input: 0
        CDP version 2 advertisements output: 82, Input: 41

The problem may well be that CDP is simply not enabled on interfaces; in fact, some security policies call for disabling CDP on perimeter and edge devices, so that external networks cannot see information on your device. You want to see if the protocol is enabled, then you can do show cdp interface and either display all of them or display one by one and determine whether a CDP is running and whether the timers to send packets or advertise CDP info and the timers to hold that info are appropriate according to your needs.

RouterA#sh cdp interface serial 0/0
Serial0/0 is up, line protocol is up
  Encapsulation HDLC
  Sending CDP packets every 60 seconds
  Holdtime is 180 seconds

Creating a Network Map

CDP is useful in troubleshooting scenarios just to determine whether layer 2 is working and whether devices are located and advertising CDP info on the other side. It is very useful in obtaining information, just a simple piece like the IP address, so that you can Telnet from device to device and start navigating the network. It could also be used to draft certain documentation topologies and lay out the physical and logical topologies to document your network.

With the simple information on interfaces, IP addresses, and device capabilities, you can start building a simple topology that can be the basis of your final documentation. It is highly recommended to use automated tools though and additional tools to complete your documentation, maintain it, and make it evolve in time.