Cisco CCNA Exam Tutorial: Cisco Discovery Protocol (CDP)

Bookmark and Share
The Cisco Discovery Protocol (CDP) certain appears easy sufficient, but there are fairly a few particulars to know for success on the CCNA exam. In your CCNP research, you'll be introduced to additional makes use of for CDP, but for now it is enough to know that CDP is designed to present you data concerning directly connected Cisco routers and switches.

CDP runs by default between all immediately linked Cisco devices. CDP can be a Cisco-proprietary protocol - if the directly connected device is just not a Cisco machine, you won't see the data you wanted.

The basic CDP command to show details about the immediately related neighbor is "present cdp neighbor".

R2show cdp neighbor

Functionality Codes: R - Router, T - Trans Bridge, B - Supply Route Bridge

S - Change, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Functionality Platform Port ID

R1 BRI0 167 R 2521 Dialer1

This command is particularly helpful when troubleshooting Cisco switches. There's no have to hint wiring in a rack of Cisco units to see what routers are related to a Cisco swap when show cdp neighbor can be used. Within the above output, you'll be able to see the remote machine's hostname, what interface on the remote system is linked to the native system, the potential of the remote device, the distant device's hardware platform, and the native interface that is related to the remote device.

CDP could be disabled at each the global and interface level. To disable CDP on the interface degree, run no cdp allow on the interface, and cdp allow to turn it again on.

cdp timer defines how often CDP packets are transmitted, and cdp holdtime defines how lengthy a tool will hold an acquired packet.

To show CDP off for the entire router, run no cdp run. To view the present global standing of CDP, run show cdp.

R2show cdp

World CDP information:

Sending CDP packets each 60 seconds

Sending a holdtime value of 180 seconds

CDP is running by default.

R2conf t

R2(config)cdp timer 45

R2(config)cdp holdtime a hundred

The CDP timers are changed.

R2show cdp

World CDP data:

Sending CDP packets each forty five seconds

Sending a holdtime value of one hundred seconds

The CDP values have been efficiently changed. "show cdp interface" will give the timer info for each interface on the router.

R2conf t

R2(config)interface bri0

R2(config-if)no cdp allow

CDP is disabled on the BRI interface. This does NOT must be performed to maintain the line from dialing.

R2conf t

R2(config)no cdp run

CDP is disabled globally.

R2show cdp

% CDP is just not enabled

CDP has been successfully disabled.

Show cdp neighbor offers you an excessive amount of information, however what for those who need the neighbor's IP address? Simply run present cdp neighbor detail. You'll get even more details about that directly related neighbor, together with its IP address.

SW2show cdp neighbor detail


Machine ID: R4

Entry tackle(es):

IP handle:

Platform: cisco 2520, Capabilities: Router

Interface: FastEthernet0/four, Port ID (outgoing port): Ethernet0

Holdtime : 158 sec

The main points of CDP are vital to you on the job and in the CCNA examination room. When you find yourself negotiating a badly documented community, you can use CDP to "walk" through the network and create a community map for your client as well. Sometimes the only protocols are essentially the most useful!

Access Control Lists (ACLs) enable a router to permit or deny packets based mostly on quite a lot of criteria. The ACL is configured in international mode, but is utilized on the interface level. An ACL doesn't take impact till it's expressly utilized to an interface with the ip access-group command. Packets will be filtered as they enter or exit an interface.

If a packet enters or exits an interface with an ACL utilized, the packet is compared in opposition to the factors of the ACL. If the packet matches the primary line of the ACL, the appropriate "allow" or "deny" action is taken. If there isn't a match, the second line's criterion is examined. Again, if there's a match, the appropriate action is taken; if there is no such thing as a match, the third line of the ACL is compared to the packet.

This process continues till a match is discovered, at which period the ACL stops running. If no match is discovered, a default "deny" takes place, and the packet will not be processed. When an ACL is configured, if a packet just isn't expressly permitted, will probably be subject to the implicit deny on the end of each ACL. That is the default behavior of an ACL and cannot be changed.

A typical ACL is anxious with only one factor, the supply IP tackle of the packet. The destination is just not considered. Prolonged ACLs contemplate both the source and destination of the packet, and may contemplate the port number as well. The numerical vary used for each is totally different: normal ACLs use the ranges 1-99 and 1300-1399; prolonged lists use a hundred-199 and 2000 to 2699.

There are a number of points worth repeating before beginning to configure normal ACLs.

Standard ACLs take into account only the supply IP address for matches.

The ACL traces are run from top to bottom. If there isn't a match on the first line, the second is run; if no match on the second, the third is run, and so on till there is a match, or the tip of the ACL is reached. This prime-to-bottom process locations special importance on the order of the lines.

There's an implicit deny on the end of every ACL. If packets are not expressly permitted, they're implicitly denied.

If Router 3's Ethernet interface ought to only accept packets with a supply network of, the ACL will be configured like this:

R3conf t

R3(config)entry-listing 5 permit

The ACL consists of just one specific line, one that allows packets from source IP deal with /24. The implicit deny, which isn't configured or seen in the running configuration, will deny all packets not matching the first line.

The ACL is then utilized to the Ethernet0 interface:

R3conf t

R3(config)interface e0

R3(config-if)ip entry-group 5 in

But before you write any ACLs, it's an actually good idea to see what other ACLs are already working on the router! To see the ACLs running on the router, use the command show entry-list.

R1show access-record

Commonplace IP entry record 1


Normal IP entry list 5


Commonplace IP entry record 7

permit 23.3.3.three

Extended IP access checklist one hundred

{ 0 comments... Views All / Send Comment! }

Post a Comment