Cisco Discovery Protocol (CDP)

1. What is CDP?

CDP (Cisco Discovery Protocol) is a Layer 2 protocol developed by Cisco. It helps Cisco devices (like switches and routers) discover directly connected neighbors.

Imagine you're connected via console cable to a router (R1), but you have no idea what other devices are connected.

$CDP disabled on router R1, no neighbor information available, unknown devices on both interfaces\n\n$

Figure 1 – CDP disabled: R1 cannot see any directly connected neighbors

If CDP is disabled, R1 stays blind it sees no neighbors.
But when CDP is enabled, R1 automatically learns about its directly connected Cisco neighbors such as R2 and R3.

CDP enabled on router R1, discovering directly connected neighbors R2 and R3 via CDP packets on both interfaces

Figure 2 – CDP enabled: neighbors R2 and R3 discovered

CDP is especially useful when you're in an undocumented or unknown network. With just one command, you can start discovering connected devices and mapping the topology.

2. How CDP Works

CDP works in a simple and efficient way:
Cisco devices exchange messages on active interfaces to discover their directly connected Cisco neighbors.

CDP Advertisements

Each Cisco device periodically sends CDP messages on its active interfaces. These messages contain:

CDP packets exchanged between Cisco devices for neighbor discovery with hostname, interface, and platform info

Figure 3 – CDP advertises neighbor info on all active interfaces

Device ID: Hostname of the neighbor (example, R1)
Local Interface: Port used on your device (example, Gig0/0)
Port ID: Port used by the neighbor (example, Gig0/1)
Platform: Neighbor’s model (example, ISR4451)
Capabilities: Whether it's a router, switch, IP phone, etc.
IP Address: Management IP (if configured)

These messages are sent as Layer 2 frames and don’t require IP addressing. The information is stored locally in CDP Table.

CDP Table

Each Cisco device builds and maintains a CDP table of its discovered neighbors.

CDP table displayed on Cisco devices R1, R2, SW1, and SW2 showing neighbor details like device ID, port ID, and management IP

Figure 4 – CDP tables list details of directly connected neighbors

You can view it by using the show cdp neighbors command on a device like SW1:

SW1# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R1               Gig 0/0           157              R B             Gig 0/1

This tells us:

SW1 is connected to R1
Using local port Gig0/0
R1 uses port Gig0/1
R1 is a Router/Bridge
Its platform is ISR4451

On SW1, we clearly see that it has a directly connected Cisco neighbor which is R1.

3. Default CDP Timers

CDP uses two timers to manage how long neighbor information is stored and how often it is refreshed:

CDP update and hold timers shown on Cisco devices with messages sent every 60 seconds and default hold time of 180 seconds

Figure 5 – CDP sends updates every 60s; hold time is 180s

1. Update Timer

By default, CDP sends advertisements every 60 seconds on all active interfaces.
This regular interval ensures devices consistently share their presence with directly connected neighbors.

2. Hold Timer

Each device applies a hold time of 180 seconds to neighbor entries.
If no new CDP advertisement is received before this timer expires, the neighbor is removed from the CDP table.
This helps prevent outdated or incorrect data from remaining in the network.

Both timers can be adjusted if needed.

4. How to Configure CDP

Enable CDP Globally

CDP is enabled by default on Cisco devices.
But if, for any reason, it was disabled, you can turn it back on using cdp run command:

Cisco Discovery Protocol enabled on R1, R2, SW1, and SW2 using cdp run command to activate CDP globally and allow neighbor discovery

Figure 6 – The cdp run command enables CDP globally

Once CDP is running, your device will start sending and receiving CDP packets on all active interfaces.
This means it can begin discovering its Cisco neighbors immediately.

View CDP Neighbors

To see which neighbors your device has discovered, use the following command:

SW1# show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R1               Gig 0/0           157              R B             Gig 0/1

Let’s break this down:

Device ID: The name of the neighbor device — here, it's R1.
Local Interface: The port on your device — Gig0/0 on SW1.
Holdtime: The time (in seconds) the neighbor will remain in the table if no update is received — 157.
Capability: What the device can do. Here, R means router, B means bridge.
Platform: The neighbor's model — ISR4451.
Port ID: The interface used by the neighbor — Gig0/1 on R1.

With a single command, you instantly gain visibility into who you're connected to and how.

View Detailed Neighbor Information

If you want to go further and see more details, use:

SW1# show cdp neighbors detail
-------------------------
Device ID: R1
Entry address(es): 
  IP address: 192.168.1.2
Platform: Cisco ,  Capabilities: Router Source-Route-Bridge 
Interface: GigabitEthernet0/0,  Port ID (outgoing port): GigabitEthernet0/1
Holdtime : 135 sec

Version :
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.5(3)M, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 22-Jul-15 23:04 by prod_rel_team

advertisement version: 2
Management address(es):
  IP address: 192.168.1.2


Total cdp entries displayed : 1

This command gives you even more useful details:

Management IP
Displays the neighbor’s IP address, useful for remote access (SSH, Telnet).
→ IP address: 192.168.1.2
IOS Version
Shows the exact software version running on the neighbor device.
→ Version 15.5(3)M
CDP Advertisement Version
Indicates the version of the CDP protocol used.
→ advertisement version: 2

These extra details help you identify devices more precisely and prepare for remote access in case you want to connect to the connected device.

5. Enable or Disable CDP per Interface

You can choose to enable or disable CDP on specific interfaces, depending on how those interfaces are used in your network.

Enable CDP on an Interface (Example Uplink)

If you want to allow CDP on a port for example, one that connects to another switch or router use:

Enable CDP on a Cisco uplink interface between switch and router for neighbor discovery

Figure 7 – Enabling CDP on a specific interface using cdp enable

SW1(config)# interface GigabitEthernet0/0
SW1(config-if)# cdp enable

This is useful on uplink ports, where discovering neighboring routers or switches helps build network visibility.

Disable CDP on a User-Facing Interface

To improve security, you can disable CDP on ports connected to end-user devices, where CDP information should not be exposed:

Disable CDP on a Cisco switch port connected to a user device to improve network security

Figure 8 – Disabling CDP on user-facing ports with no cdp enable

SW1(config)# interface GigabitEthernet0/1
SW1(config-if)# no cdp enable

This stops CDP messages on that port and hides details about your device from users.

Disable CDP Globally

If you want to completely disable CDP, meaning no CDP packets are sent or received on any interface, you can turn it off globally:

Disable CDP globally on a Cisco switch to block CDP packets on all interfaces and hide device details

Figure 9 – The no cdp run command disables CDP globally

CDP is now fully disabled on the device. Even if a neighbor like R1 continues sending CDP advertisements, SW1 will ignore them.

But be careful: if you disable CDP globally, you lose the ability to discover your Cisco Neighbors automatically.

6. Is CDP Dangerous?

CDP might seem harmless. After all, it just helps devices discover each other, right?

But here is the problem:
CDP shares a lot of internal information and does not protect any of it!

CDP security risk showing a hacker device connected to a Cisco switch port and collecting network information

Figure 10 – CDP can expose sensitive info to rogue devices.

If someone plugs a rogue device into one of your switch ports and CDP is active, they can immediately see valuable data:

Device names
IP addresses
VLAN assignments
Platform and software version

A rogue device connected to a user port could silently extract all this information using CDP.

This is why many companies disable CDP entirely in production environments or turn it off on access ports where no Cisco device should be connected.
Cisco also recommends disabling CDP on any interface that connects to untrusted devices.

CDP is useful for discovery and troubleshooting, but it introduces a real security risk if left enabled everywhere.

7. Summary

CDP only works between Cisco devices. If your network includes devices from other vendors, you should use LLDP (Link Layer Discovery Protocol), which is an open standard defined by IEEE.