2.3 Layer 2 Discovery Protocols (CDP and LLDP)

Purpose of Discovery Protocols

Discovery protocols let a device learn about its directly connected neighbors without any IP configuration. They run at Layer 2, sending advertisements to a multicast MAC address, so a brand-new switch with no IP can still tell you what it is plugged into. Network engineers use them to map topology, find which switch port a phone connects to, and detect cabling errors. On the CCNA, the two you must compare are CDP and LLDP.

CDP — Cisco Discovery Protocol

CDP is Cisco-proprietary and enabled by default on Cisco routers and switches. It advertises to multicast MAC 0100.0CCC.CCCC. The information it shares includes device ID (hostname), local and remote interface, platform/model, capabilities (router, switch), the IOS version, and the management IP address.

Memorize CDP's default timers, a favorite exam fill-in:

If a neighbor stops sending, its entry is purged after 180 seconds. Disable CDP globally with no cdp run or per-interface with no cdp enable.

LLDP — Link Layer Discovery Protocol

LLDP is the IEEE 802.1AB open standard, so it works between any vendors' equipment — essential in mixed Cisco/HP/Aruba networks. Unlike CDP it is disabled by default on Cisco gear and must be turned on globally with lldp run. LLDP uses different default timers:

LLDP can be controlled per-direction with lldp transmit and lldp receive, so a port can listen without advertising. LLDP-MED (Media Endpoint Discovery) is the extension that lets IP phones learn their voice VLAN and PoE requirements — the LLDP analog to CDP's phone support.

Configuration and Verification

The summary show cdp neighbors output does not include neighbor IP addresses — you must add detail (or use show cdp entry *) to see the management IP and software version. This distinction is a recurring exam question.

Security Considerations

Because discovery protocols leak model, IOS version, and IP data, leaving them on edge ports facing users or the internet aids an attacker's reconnaissance. The best-practice rule the exam expects: keep CDP/LLDP enabled on trusted inter-switch and management links for troubleshooting, but disable them on access ports facing untrusted hosts and on any interface facing an external/ISP connection. A balanced answer disables on edge ports rather than disabling the protocol globally, since you still want neighbor visibility inside the infrastructure.

Practical Uses of Discovery Data

Discovery protocols are not just trivia — engineers lean on them daily. To find which switch port a misbehaving phone or PC connects to, you read CDP/LLDP on the upstream switch and match the remote device ID and port. To detect a miscabled link, you compare the expected neighbor against what CDP reports; if show cdp neighbors on Gi0/1 lists the wrong switch, someone patched the cable incorrectly. Discovery output also exposes a native VLAN mismatch and a duplex mismatch between Cisco neighbors, because CDP exchanges that data and IOS logs a warning when the two ends disagree.

For IP telephony, CDP and LLDP-MED let the switch tell the phone which voice VLAN to use and how much PoE (Power over Ethernet) it may draw, so the phone boots, joins the right VLAN, and powers up without manual per-phone configuration. This is why discovery is left enabled on ports facing Cisco phones even in security-conscious designs.

CDP vs LLDP Quick Reference and Traps

Memorize this side-by-side comparison; the exam loves to swap the two protocols' attributes:

The top traps: the basic show cdp neighbors output omits IP addresses (you need detail); LLDP is off by default so a missing-neighbor symptom in a multivendor network is often just LLDP never being enabled; and disabling CDP globally with no cdp run removes it everywhere, whereas no cdp enable scopes it to one interface — choose the per-interface form when the requirement is to hide only an edge or external link. Finally, neither protocol routes or requires IP, so they keep working on a switch with no management address at all, which is exactly why they are the first tool for mapping an unfamiliar topology.