Lawrence Law wrote: > > Dear Priscilla, > > Thank you for your clear explaination. > > May be it is better to disable cdp for low speed link, and > security issue.
CDP uses very little bandwidth, so unless it's a really low-speed link, I wouldn't turn it off for that reason. Regarding security, if it's a private point-to-point HDLC link, then security probably isn't too much of an issue. It would be hard for a hacker to see the packets. On the other hand, if the hacker somehow got into a router that was running CDP on any of its interfaces, then the hacker could learn about one or more additional routers, and that's not good. You want to limit how much a hacker can learn. It's sort of a close call since CDP is so helpful for troubleshooting, though. How about the rest of you out there? Do you disable CDP like some security documents say to do? If often occurs to me these days that we spent the '80s and '90s developing all sorts of cool protocols to share info of all sorts, and were spending the '00s disabling most of them for security reasons. It's a crazy world we live in. Priscilla > > Regards, > Lawrence > > > > ""Priscilla Oppenheimer"" wrote in > message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Cisco Discovery Protocol (CDP) is a managment protocol that > allows routers > > and switches to tell each other about their IOS version, > hardware > platform, > > and basic config info. Some security experts say to disable > it because it > > tells too much. > > > > It has nothing to do with bringing the serial interface > up/up. You could > use > > it or you could not. The two routers on the HDLC link don't > have to agree. > > One could send CDP while the other doesn't and the link > should still come > > up/up, assuming everything is OK at the physical and > data-link layers. > > > > It's too bad they used "no cdp enable" in that simple example > with no > > explanation. I don't think it's the default? So someone had > to type it in, > > so they should have explained it. > > > > Priscilla > > > > > > Lawrence Law wrote: > > > > > > Dear all, > > > > > > > > > From cisco configuration example > > > > > > > > > http://www.cisco.com/en/US/tech/tk713/tk317/technologies_configuration_examp > > > le09186a00800944ff.shtml > > > > > > I'm wondering that the line "no cdp enable" is required > for > > > both router > > > in order to make a serial connection up for back-to-back > > > connection. > > > > > > Regards, > > > Lawrence > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62817&t=62798 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
