It's a feature supported in 12.2. http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087aeb.html
Hal > -----Original Message----- > From: Monu Sekhon [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, February 12, 2003 1:30 AM > To: [EMAIL PROTECTED] > Subject: \31 Mak could it be used on leased lines(serial) [7:62853] > > > Hi Harold/all, > > In your description u mentioned that u can use /31 mask also, > > Your comments: > "Since the point-to-point link is likely to have a /30 (or > /31 if they're > running 12.2) mask on it" > > > questions is > ------------- > > -will the connection work , till now i only know that 30 is > the max mask > used on serial lines .how will we use this 31 mask > - Does this applies only in ios version 12.2 or later as mentioned. > - Do people use these 31 mask > - Can anybody provide me any inf & link > > Thanx in Advance > (Please refer the description below in thread he mentioned that.) > > > -------------------- > Over a leased line I can't see the harm in leaving it > running. If someone > manages to get into your router, there's very little target > enumeration they > can do with CDP that can't be done by other means. Since the > point-to-point > link is likely to have a /30 (or /31 if they're running 12.2) > mask on it, > it's not going to be a stretch to figure out the other router's IP. > > While disabling CDP is certainly a sound practice on LAN > interfaces, we also > disable it on our switched WAN connections on general > principles. That isn't > a magic bullet by any means though, disabling CDP is security through > obscurity more than anything else. If you're concerned about > unauthorized > access to your routers, then you should consider running > access classes on > your vty lines and AAA so you can audit access to the > routers, if you aren't > already. > > > > > -----Original Message----- > > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, February 11, 2003 1:12 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Why disable cdp for back-to-back serial connec > [7:62798] > > > > > > Lawrence Law wrote: > > > > > > Dear Priscilla, > > > > > > Thank you for your clear explaination. > > > > > > May be it is better to disable cdp for low speed link, and > > > security issue. > > > > CDP uses very little bandwidth, so unless it's a really > > low-speed link, I > > wouldn't turn it off for that reason. Regarding security, if > > it's a private > > point-to-point HDLC link, then security probably isn't too > > much of an issue. > > It would be hard for a hacker to see the packets. > > > > On the other hand, if the hacker somehow got into a router > > that was running > > CDP on any of its interfaces, then the hacker could learn > > about one or more > > additional routers, and that's not good. You want to limit > > how much a hacker > > can learn. > > > > It's sort of a close call since CDP is so helpful for > troubleshooting, > > though. How about the rest of you out there? Do you disable > > CDP like some > > security documents say to do? > > > > If often occurs to me these days that we spent the '80s and > > '90s developing > > all sorts of cool protocols to share info of all sorts, and > > were spending > > the '00s disabling most of them for security reasons. It's a > > crazy world we > > live in. > > > > Priscilla > > > > > > > > > > Regards, > > > Lawrence > > > > > > > > > > > > ""Priscilla Oppenheimer"" wrote in > > > message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Cisco Discovery Protocol (CDP) is a managment protocol that > > > allows routers > > > > and switches to tell each other about their IOS version, > > > hardware > > > platform, > > > > and basic config info. Some security experts say to disable > > > it because it > > > > tells too much. > > > > > > > > It has nothing to do with bringing the serial interface > > > up/up. You could > > > use > > > > it or you could not. The two routers on the HDLC link don't > > > have to agree. > > > > One could send CDP while the other doesn't and the link > > > should still come > > > > up/up, assuming everything is OK at the physical and > > > data-link layers. > > > > > > > > It's too bad they used "no cdp enable" in that simple example > > > with no > > > > explanation. I don't think it's the default? So someone had > > > to type it in, > > > > so they should have explained it. > > > > > > > > Priscilla > > > > > > > > > > > > Lawrence Law wrote: > > > > > > > > > > Dear all, > > > > > > > > > > > > > > > From cisco configuration example > > > > > > > > > > > > > > > > > > > http://www.cisco.com/en/US/tech/tk713/tk317/technologies_confi > guration_examp > > > > le09186a00800944ff.shtml > > > > > > > > I'm wondering that the line "no cdp enable" is required > > for > > > > both router > > > > in order to make a serial connection up for back-to-back > > > > connection. > > > > > > > > Regards, > > > > Lawrence Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62866&t=62853 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
