Link Layer Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP) are network discovery protocols that perform similar functions. These protocols operate at the Data Link layer and are used by network devices to discover information about neighboring devices connected to a local network.
Although LLDP and CDP operate in a similar manner, they differ in terms of standardization and vendor-specific features.
In this article, we’ll explore and compare these two protocols, and we’ll discover their usefulness as well as their vulnerabilities.
Network Discovery Protocols
Both LLDP and CDP are used by switches, routers, firewalls, IP phones, access points, and many other network devices to discover other network devices that are connected to the same network segment and to exchange information about themselves.
Exchange of information
A whole multitude of information can be exchanged between such devices in a whole series of categories, including:
- Device Identification: This includes the name of the device, its IP address, and sometimes a unique identifier like a MAC address. It helps in uniquely identifying each device on the network.
- Device Type: Information about whether the device is a router, switch, wireless access point, computer, printer, etc. Knowing the type of device helps in understanding its role in the network.
- Port Information: Details about the network ports on the device, including port numbers and types. This is important for understanding how devices are physically connected and communicating within the network.
- Software and Firmware Versions: Information about the operating system or firmware running on the device. This can be important for compatibility and security purposes.
- Device Capabilities: Information about the features and capabilities of the device, such as supported network protocols, speeds, and other functionalities. This helps in assessing the capabilities of the network as a whole.
- VLAN Information: For devices like switches and routers, information about VLAN configurations can be shared. This is important for understanding and managing network segmentation and traffic management.
- Power Settings: In the case of devices like VoIP phones or wireless access points, information about PoE settings might be exchanged.
Layer 2 Communication
Network discovery protocols operate at Layer 2 of the OSI model. As such, they are able to discover neighboring network devices that are directly connected.
These protocols use MAC addresses for communication, ensuring that the messages are directed and processed by the appropriate devices within the same network segment.
Unlike protocols that operate at Layer 3, these protocols do not involve IP at all for their communication. As such, device discovery does not involve routing, and cannot take place across multiple LANs or VLANs.
Typically, network discovery protocols use Layer 2 broadcast or multicast to exchange messages. Broadcasting sends messages to all devices in the network segment, while multicasting targets a specific group of devices. This type of communication is limited to a single broadcast domain.
The information exchanged by these Layer 2 discovery protocols is encapsulated in Ethernet frames. These frames are structured packets of data that include the discovery protocol information, the MAC addresses of the sender and receiver, and other control information necessary for Layer 2 communication.
Network discovery protocols essentially standardize the message types that can be exchanged between devices, and for this reason, the devices in question must support and be configured to use the same network discovery protocol.
Link Layer Discovery Protocol (LLDP)
LLDP is an open standard protocol defined in IEEE 802.1AB. It allows network devices from different manufacturers to learn about each other’s identity, capabilities, and other critical details.
This universal compatibility makes LLDP widely applicable in diverse network environments. It operates by sending out LLDP Data Units (LLDPDUs) to directly connected devices. LLDP is particularly useful in complex networks for mapping and troubleshooting purposes.
LLDP operates using attributes known as TLVs, which stand for Type, Length, and Value. These TLVs are utilized by devices supporting LLDP to exchange information with their directly connected neighbors. Basic examples of TLVs include:
- Port Description TLV
- System Name TLV
- System Description TLV
- System Capabilities TLV
- Management Address TLV
Many network devices support LLDP including Cisco products. Its multi-vendor approach means that it provides seamless interoperability between network devices of different manufacturers, allowing network administrators more flexibility in their network designs.
LLDP on Cisco Devices
On Cisco devices, using the “show lldp neighbors” and “show lldp neighbors detail” commands, you can display information about the neighboring network devices. The following examples are from a Cisco switch connected to a second switch:
SwitchA# show lldp neighbors
(R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
(W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID Local Intf Hold-time Capability Port ID
SwitchB Fa0/1 120 B Fa0/2
Total entries displayed: 1
From the above output on SwitchA, you can see that the SwitchB device has been discovered, and it also displays the interfaces on both devices via which the discovery is made. To show more details of this neighbor, use the detail keyword:
SwitchA# show lldp neighbors detail
Chassis id: 0011.bb0b.fb12
Port id: Fa0/2
Port Description: Connection to SwitchA
System Name: SwitchB.cisco.com
Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Thu 21-Aug-08 15:26 by nachen
Time remaining: 77 seconds
System Capabilities: B,R
Enabled Capabilities: B
Management Addresses – not advertised
Auto Negotiation – supported, enabled
Physical media capabilities:
Media Attachment Unit type: 16
From the above output, you can immediately see more information about SwitchB including the IOS software version, the various capabilities of the device as well as the type of media capabilities it has (copper/fiber connections).
Cisco Discovery Protocol (CDP)
CDP is a proprietary protocol developed by Cisco. It is specifically designed for Cisco devices, enabling them to discover and learn about nearby Cisco equipment.
While it serves a similar purpose as LLDP, in terms of device discovery and network mapping, its use is limited to Cisco environments or networks where Cisco devices are prevalent.
Although it is a proprietary protocol, because of Cisco’s influence on networking, several third-party vendors have adopted the use of CDP on their equipment as well to deliver more seamless compatibility with Cisco devices.
Using the “show cdp neighbors” and “show cdp neighbors detail” commands, you can display information about the discovered neighbors. The following output is from a Cisco router this time.
RouterA# show cdp neighbors
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
S – Switch, H – Host, I – IGMP, r – Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
RouterB Ser 0/0 147 R S I 3640 Ser 0/1
The interfaces via which RouterB has been discovered is displayed and you can also see that RouterB is a 3640 model router. To see more details, use the detail keyword like so:
RouterA# show cdp neighbors detail
Device ID: RouterB
IP address: 192.168.1.2
Platform: Cisco 3640, Capabilities: Router Switch IGMP
Interface: Serial0/0, Port ID (outgoing port): Serial0/1
Holdtime : 102 sec
Cisco IOS Software, 3600 Software (C3640-JK9O3S-M), Version 12.4(16), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 20-Jun-07 11:43 by prod_rel_team
More detailed information about the remote router can be seen in this output.
Use cases and security concerns
One particularly useful scenario where CDP and LLDP can be used is when installing IP Phones. These protocols can be used to allow an IP phone to negotiate with the switch concerning configurations dealing with voice VLANs as well as Power over Ethernet (PoE) requirements.
Cisco IP phones have this capability built into the use of CDP. To facilitate this in non-Cisco phones, an extension known as MED (Media Endpoint Discovery) was developed for LLDP, often referred to as LLDP-MED.
Strictly speaking, if network discovery protocols are not needed on particular interfaces, it is a good idea to disable them.
CDP and LLDP can reveal detailed information about network devices, including device types, configurations, and connections.
In environments where security is a high priority, such as in networks handling sensitive data, it’s often safer to disable these protocols to prevent potential attackers from easily mapping the network and identifying targets.
Comparison Table of LLDP vs CDP
The following table compares these two protocols further revealing their similarities, differences, and characteristics.
|Standardization||Proprietary (Cisco)||IEEE Standard (802.1AB)|
|Vendor Compatibility||Cisco devices primarily||Multi-vendor, industry-wide compatibility|
|Primary Use||Discovering information about directly connected Cisco devices||Discovering information about directly connected devices from various vendors|
|Information Exchanged||Device ID, port ID, capabilities, software version, platform, IP address, VLAN information, etc.||Device ID, port ID, capabilities, system name, system description, system capabilities, management address, etc.|
|Operational Layer||Layer 2 of the OSI model||Layer 2 of the OSI model|
|Protocol Extensions||Supports extensions specific to Cisco devices||Supports LLDP-MED for enhanced network device discovery|
|Security||Can be a security risk if not properly managed due to the detailed information it provides||Same as CDP; can expose network details, hence requires proper management|
|Configuration||Enabled by default on most Cisco devices; requires configuration for specific functionalities||Must be enabled and configured on devices; not enabled by default on all devices|
|Application Context||Best suited for Cisco-dominated environments||Suitable for diverse, multi-vendor network environments|
CDP and LLDP play an important role in managing, maintaining, and troubleshooting network infrastructure, especially in larger and more complex networks.
While they both serve similar purposes in network discovery, their differences in standardization, vendor compatibility, and certain operational specifics make each more suitable for different network environments.
CDP is ideal for Cisco-centric networks, whereas LLDP offers broader compatibility across various vendors’ devices.
- Comparison of BGP Confederations vs Route Reflectors
- What are BGP Confederations-Explanation and Discussion (With Cisco Example)
- What is BGP Route Reflector – Explanation and Discussion (with Cisco Example)
- Guide to Cisco Bandwidth Command Parameter (With Configuration Example)
- What is a Wildcard Mask – All About Wildcard Masks Used in Networking