Layer 2 discovery protocols introduction

 Layer 2 discovery protocols are so called because they operate at Layer 2.

Layer 2 discovery protocols such as CDP and LLDP share information with,
and discover information about, neighboring connected devices.
 CDP and LLDP shared information includes host name, IP address, and device
type. Although CDP and LLDP are Layer 2 discovery protocols, they can be
used to share Layer 3 information such as IP addresses.
 CDP is a Cisco proprietary protocol. CDP was the original, and LLDP was
later invented to have an industry standard version. LLDP is an industry
standard protocol, IEEE 802.1AB.
 If you are using only Cisco devices in your network, using only CDP is fine.
However if there is a mix of vendors, such as Cisco routers, Juniper switches,
and Palo Alto firewalls, you will have to use LLDP.
 Because these protocols share information about the devices in the network,
they can be a security risk. Whether to use them or not is a decision that will
have to be made by the network engineer.
To demonstrate how these protocols work, here are two directly connected devices,
R1 and SW1.

R1 will periodically send frames to SW1, telling it information like R1‟s hostname,
device type, interface ID, and interface IP address. SW1 likewise will periodically
send frames to R1 telling R1 about SW1.
CDP (Cisco Discovery Protocol) introduction
 CDP is enabled by default on Cisco devices, such as Cisco routers, Cisco
switches, Cisco firewalls, and Cisco IP phones.
 CDP messages are periodically sent to multicast MAC address
0100.0CCC.CCCC.
 CDP messages use a multicast MAC address but the messages are not
forwarded to other devices. When a device receives a CDP message, it
processes and then discards the message. It does not forward it to other
devices. Only directly connected neighbors can become CDP neighbors.
 CDP messages are sent once every 60 seconds by default out of all interfaces
which are in an up state. These are the messages that contain information such
as host name and IP address. When a device receives the CDP messages from
a neighboring device, it adds an entry for the device in its CDP neighbor table.
 If a neighbor is disconnected, there is a default CDP holdtime of 180 seconds.
If a message is not received from a neighbor for 180 seconds, the neighbor is
removed from the CDP neighbor table.
 There are two versions of CDP, version 1 and version 2. Version 2 is used by
default. Version 2 provides some additional advanced features such as the
ability to identify native VLAN mismatches. CDP version 1 is very old so
you‟ll probably never need to use it.
Let‟s get right into the CLI to see exactly what information is shared by CDP.
CDP verification (show commands)
Here is our demo network. Two routers and two multilayer switches. We are not
using any Layer 3 functions on the switches.
Let‟s look at a few CDP show commands before looking at the CDP neighbor
table. We will look at three CDP show commands, SHOW CDP, SHOW CDP
TRAFFIC, and SHOW CDP INTERFACE.
SHOW CDP tells us the CDP timer, 60 seconds by default, the CDP holdtime, 180
seconds by default, and which version of CDP is being used.

The SHOW CDP TRAFFIC command tells us how many CDP packets, how many
CDP advertisements, the device has sent and received.

>In this case, R1 sent 105 CDP messages and received 112 CDP messages, and all
of those messages were CDP version 2 messages.
If you enter SHOW CDP INTERFACE you will get some basic information about
all interfaces. You can also specify a certain interface when entering the command.
>In the blue rectangle in the above CLI output, you can see the information for
G0/0. You can see the same CDP message timer and holdtime as above. Notice the
entry “Encapsulation ARPA”. ARPA is a type of Ethernet encapsulation. This type
of Ethernet is also known as Ethernet 2. Ethernet types are beyond the scope of the
CCNA.
>Note at the bottom of the above CLI output how many CDP enabled interfaces
are there, and how many interfaces are in an up state and a down state.
Now let‟s look at R1‟s CDP neighbor table.
Use the command SHOW CDP NEIGHBORS to view it.
>Device ID column lists the host name of each of R1‟s CDP neighbors. R1 has
received CDP messages from SW1 and R2.
>Local interface column gives the interface on the local device, R1. SW1 is
connected to R1‟s G0/0 interface, and R2 is connected to R1‟s G0/1 interface, as
shown in the network diagram (our demo network).
>Holdtime column: holdtime will reset to 180 each time R1 receives a CDP
message from the neighbor. With the default timers, the hold timer should count
down to 120, by this time, normally, R1 would receive a CDP message and reset
the timer to 180. This cycle repeats. If this timer reaches 0, the neighbor will be
removed from the CDP neighbor table.
>Capability column helps you identify what kind of device you are connected to.
SW1 has the letters R, S, and I. R is router. S is switch. I is IGMP. SW1 is listed as
both R and S because SW1 is a multilayer switch, so it has routing capabilities.
IGMP is related to multicast and is beyond the CCNA. R2 has two letters, R and B.
B is source route bridge. Source route bridge is beyond the scope of the CCNA.
>Platform column displays the model of the neighboring device. Cisco has various
models of routers, switches, firewalls, etc., and the model will be displayed here.
But nothing is showing because the CLI is a virtual device running in GNS3, with
its own limitations.
>Port ID column tells you the port ID on the neighboring device. So R1 is
connected to SW1‟s G0/0 interface and R2‟s G0/0 interface.
We can use SHOW CDP NEIGHBORS DETAIL to view more information for
each neighbor. Here‟s SW1‟s entry.
>The SHOW CDP NEIGHBORS DETAIL command lets you see the IOS version
running on the neighbor device. This information does not show up with the
regular SHOW CDP NEIGHBORS command.
>Because SW1 is a switch, you can also see VTP information here. VTP is a Cisco
proprietary protocol.
>You can also see the native VLAN of SW1‟s interface, currently it‟s the default
of 1.
>The duplex setting of SW1‟s interface is also displayed.
There is another command which lets you view this detailed information for a
single neighbor, SHOW CDP ENTRY, followed by the neighbor‟s host name, R2
in this case. The output here is exactly the same as in SHOW CDP NEIGHBORS
DETAIL, but it only shows the specified neighbor.

CDP show commands summary

R#show cdp
→to display basic information about CDP (timer, holdtime, CDP version)
R#show cdp traffic
→to display the number of messages sent and received
R#show cdp interface
→to display the interfaces CDP is enabled on
R#show cdp neighbors
→to display information about CDP neighbors
R#show cdp neighbors detail
→to list CDP neighbors with more detailed information
R#show cdp entry host-name
→to display the same information as above for a specified neighbor
CDP configuration
If you want to use CDP in your network you typically do not have to do any
configurations, since Cisco devices have CDP activated by default.
Here are the CDP configuration commands you should know for the CCNA: CDP
RUN, CDP ENABLE, CDP TIMER, CDP HOLDTIME, and CDP ADVERTISE-
V2.
*CDP is globally enabled on Cisco devices by default. Each interface also has
CDP enabled by default.
*To enable or disable CDP globally, use the CDP RUN command from global
config mode. Use CDP RUN to enable it, and NO CDP RUN to disable it.
R(config)#[no] cdp run
*You can enable or disable CDP on a per-interface basis. To enable CDP on an
interface, from interface config mode, use CDP ENABLE. Use NO in front of the
command to disable it.
R(config-if)#[no] cdp enable
*You can configure the CDP timer, how often CDP messages are sent, with the
CDP TIMER command from global config mode.
R(config)#cdp timer seconds
*You can configure the holdtime with cdp holdtime.
R(config)#cdp holdtime seconds
*You can enable CDP version 2, which is the default state, with cdp advertise-v2,
or use no in front of the command to disable it and use version 1.
R(config)#[no] cdp advertise-v2
LLDP (Link Layer Discovery Protocol) introduction
*LLDP is a vendor-neutral protocol that is defined in the IEEE 802.1AB standard.
This means that all network devices that support LLDP will be able to
communicate with each other, regardless of the manufacturer of the device.
Here is a quote from the IEEE 802.1AB standard that describes LLDP:
“LLDP is a link layer protocol that provides a means for devices on a network to
exchange information about their capabilities, management addresses, and other
pertinent information. This information can be used by network management
applications to build a topology map of the network, as well as to troubleshoot
problems.”
LLDP is a valuable tool for network administrators because it can help them to:
 Build a topology map of the network: LLDP can be used to collect
information about the devices that are connected to a network, as well as the
links between those devices. This information can be used to create a map of
the network, which can be helpful for troubleshooting problems and
planning network changes.
 Troubleshoot network problems: LLDP can be used to identify devices that
are not responding or that are not connected to the network properly. This
information can be helpful for troubleshooting network problems and
restoring service.
*LLDP is usually disabled on Cisco devices by default, so it must be manually
enabled.
*A device can run CDP and LLDP at the same time, although usually only one of
them is used.
*LLDP messages are periodically sent to multicast MAC address 0180.C200.000E.
*Like in CDP, only directly connected devices can become LLDP neighbors.
When a device receives an LLDP message, it processes and discards the message.
It does not forward it to other devices.
*By default, LLDP messages are sent once every 30 seconds, half the time of
CDP‟s default 60 seconds.
*LLDP‟s default holdtime is 120 seconds.
*LLDP also has an additional timer called the reinitialization delay, set at 2
seconds by default. If LLDP is enabled, either globally or on a specific interface,
this timer will delay the actual initialization of LLDP. This timer may help in cases
of flapping, when LLDP is rapidly enabled or disabled for some reason.
LLDP configuration
Let‟s look at the LLDP configuration commands first, and then look at the SHOW
commands.
LLDP is globally disabled by default, and it‟s also disabled on each interface by
default. To enable LLDP you need to enable it globally and then enable it on each
interface.
LLDP configuration commands are similar to the CDP commands, the biggest
difference is the interface configuration.
*To enable LLDP globally use LLDP RUN. This is the same as CDP, just replace
the word CDP with LLDP.
R(config)#lldp run
If you want to disable it, use NO in front of the command.
Now let‟s see the interface configurations.
CDP had only one command to enable the interface to send and receive CDP
messages, CDP ENABLE. But in LLDP, you need to use two separate commands.
*To enable LLDP transmissions (tx) on an interface, use LLDP TRANSMIT on
the interface. This causes the interface to start sending LLDP messages.
R(config-if)#lldp transmit
*To enable LLDP in the receive direction (rx) on an interface, use the LLDP
RECEIVE command on the interface.
R(config-if)#lldp receive
Now let‟s see how to configure each LLDP timer.
*The timer used to send messages is configured with LLDP TIMER, then the timer
in seconds.
R(config)#lldp timer seconds
*The LLDP holdtime is configured with LLDP HOLDTIME, then the holdtime in
seconds.
R(config)#lldp holdtime seconds
*The LLDP reinitialization timer is configured with LLDP REINIT, then the timer
in seconds.
R(config)#lldp reinit seconds
Configuring LLDP, LLDP-MED, and Wired Location Service / default LLDP
configuration (cisco.com)
LLDP verification (show commands)
LLDP has been enabled on all of these devices with the command LLDP RUN
from global config mode, and LLDP TRANSMIT and LLDP RECEIVE on all
interfaces. They are now running both CDP and LLDP.

Let‟s check out some LLDP show commands, the LLDP equivalents of the ones
we used for CDP. Those commands are very similar to their CDP equivalents.
>First, SHOW LLDP gives the same information as SHOW CDP does for CDP. It
shows that LLDP is enabled, and displays each of the LLDP timers, currently at
the default settings of 30, 120, and 2 seconds.

>SHOW LLDP TRAFFIC, similar to SHOW CDP TRAFFIC, shows statistics

about how many LLDP frames were sent and received. In this case, 4 frames have
been sent and 3 have been received by R1.
>Then we used SHOW LLDP INTERFACE. This shows whether TRANSMIT and
RECEIVE are enabled or disabled on each interface, as well as the current Tx and
Rx state. For example, for G0/0 both Tx and Rx are enabled. The Tx state is IDLE,
waiting before it sends the next LLDP frame to SW1. And the Rx state is WAIT
FOR FRAME, waiting to receive the next LLDP frame from SW1.
Now let‟s check R1‟s LLDP neighbor table.
The command is SHOW LLDP NEIGHBORS.

>First up, the device ID, the host name, of each neighbor is displayed.
>Then the local interface. Just like in SHOW CDP NEIGHBORS, this is the
interface of the local device, R1 in this case.
>Then the hold time. This is a little different than in SHOW CDP NEIGHBORS.
In SHOW CDP NEIGHBORS, you could watch the timer count down from 180,
and then reset to 180 when a CDP message is received. However SHOW LLDP
NEIGHBORS just displays the holdtime that is configured on this device, 120
seconds.
>Then the capability column. Notice, there is no entry for SW1. You would
normally expect to see B for Bridge as an entry for SW1 (there is no SWITCH
capability code). But B is not displaying for SW1. This is likely because these
virtual devices are being run in GNS3 so it is not detecting that SW1 is an active
switch, but when we look at SHOW LLDP NEIGHBORS DETAIL, in the below
diagram, we will see this bridge code for SW1.
>Just like in SHOW CDP NEIGHBORS, the last column is the port ID, the
interface ID of the neighboring device. R1 is connected to SW1‟s G0/0 interface
and R2‟s G0/0 interface.
Here‟s SHOW LLDP NEIGHBORS DETAIL on R1. The output is too long. For
convenience, R2‟s entry is cut off a little at the bottom.
>Notice SW1‟s entry gives us additional information, such as the operating system
version running on SW1.
>We can also see the „time remaining‟ in the countdown to the default holdtime of
120 seconds.
>Notice, LLDP has two fields for the device‟s capabilities, shown when you use
SHOW LLDP NEIGHBORS DETAIL: System capabilities and enabled
capabilities.
If you look at system capabilities, you can see B and R. B is for bridge, meaning
switch. And R is for Router. This is what you would expect because SW1 is a
multilayer switch. It has the functions of both a router and a switch. However, in
this case the “enabled capabilities” field displays “not advertised”.
If we use the IP ROUTING command on SW1, SW1‟s router functionality will be
enabled and the “R” from “system capabilities” will show in “enabled
capabilities”. However, the reason B is not displayed next to enabled capabilities is
likely because SW1 is a virtual device running in GNS3 and it‟s not recognized as
an active switch.
*Like in CDP, there is a command you can use to view the exact same output as
SHOW LLDP NEIGHBORS DETAIL but for a single neighbor instead of all
neighbors. Use SHOW LLDP ENTRY, followed by the neighbor‟s host name.

Before using this command IP ROUTING was enabled on SW1, and now you can
see R is displayed next to enabled capabilities for SW1.
LLDP show commands summary
The LLDP show commands are the same as the CDP show commands, just replace
the word CDP with LLDP.
R#show lldp
→to display basic information about LLDP (timers, version)
R#show lldp traffic
→to display how many LLDP messages were sent and received
R#show lldp interface
→to display which interfaces have tx/rx enabled
R#show lldp neighbors
→to display basic information about LLDP neighbors
R#show lldp neighbors detail
→to list LLDP neighbors with more detailed information
R#show lldp entry host-name
→to display the same information as above for a specified neighbor
Command review (CDP and LLDP)
1. CDP (Cisco Discovery Protocol)
1.1. CDP verification (show commands)
R#show cdp
→to display basic information about CDP (timer, holdtime, CDP version)
R#show cdp traffic
→to display the number of CDP messages (advertisements) the device has sent and
received
R#show cdp interface
→to display basic information about the interfaces CDP is enabled on. You can
also specify a certain interface when entering the command
R#show cdp neighbors
→to display the CDP neighbor table
R#show cdp neighbors detail
→to view more information for each CDP neighbor – the IOS version running on
the neighbor device, VTP information, and the native VLAN and duplex setting of
the neighbor interface
R#show cdp entry host-name
→to display the same information as above for a specified neighbor
1.2. CDP configuration
R(config)#[no] cdp run
→to enable or disable CDP globally
CDP is globally enabled on Cisco devices by default. Each interface also has CDP
enabled by default.
R(config-if)#[no] cdp enable
→to enable/disable CDP on a specific interface
R(config)#cdp timer seconds
→to configure the CDP timer
R(config)#cdp holdtime seconds
→to configure the CDP holdtime
R(config)#[no] cdp advertise-v2
→to enable/disable CDPv2
2. LLDP (Link Layer Discovery Protocol)
2.1. LLDP configuration
LLDP configuration commands are similar to the CDP commands, the biggest
difference is the interface configuration.
LLDP is globally disabled by default, and it‟s also disabled on each interface by
default. To enable LLDP you need to enable it globally and then enable it on each
interface.
R(config)#lldp run
→to enable LLDP globally. To disable it, use NO in front of the command
In LLDP, you need to use two separate commands to enable the interface to send
and receive LLDP messages.
R(config-if)#lldp transmit
→to enable LLDP on specific interfaces in the transmit direction (tx)
R(config-if)#lldp receive
→to enable LLDP on specific interfaces in the receive direction (rx)
Now let‟s see how to configure each LLDP timer.
R(config)#lldp timer seconds
→to configure the LLDP timer
R(config)#lldp holdtime seconds
→to configure the LLDP holdtime
R(config)#lldp reinit seconds
→to configure the LLDP reinitialization timer
2.2. LLDP verification (show commands)
The LLDP show commands are the same as the CDP show commands, just replace
the word CDP with LLDP.
R#show lldp
→gives the same information as SHOW CDP does for CDP. It shows that LLDP is
enabled, and displays each of the LLDP timers
R#show lldp traffic
→to display statistics about how many LLDP frames were sent and received
R#show lldp interface
→to show whether TRANSMIT and RECEIVE are enabled or disabled on each
interface, as well as the current Tx and Rx state
R#show lldp neighbors
→to check the router‟s LLDP neighbor table
R#show lldp neighbors detail
→to list LLDP neighbors with more detailed information
R#show lldp entry host-name
→to display the same information as above for a specified neighbor