1 00:00:07,025 --> 00:00:08,560 - [Instructor] Cisco introduced, 2 00:00:08,560 --> 00:00:13,040 the Cisco Discovery Protocol, CDP, in 1994, 3 00:00:13,040 --> 00:00:16,810 to provide a mechanism for the management system, 4 00:00:16,810 --> 00:00:19,180 to automatically learn about devices, 5 00:00:19,180 --> 00:00:20,890 connected to the network. 6 00:00:20,890 --> 00:00:24,970 CDP runs on Cisco devices, routers, switches, 7 00:00:24,970 --> 00:00:28,010 phones and so on, and is also licensed, 8 00:00:28,010 --> 00:00:31,534 to run on some network devices from other vendors. 9 00:00:31,534 --> 00:00:35,760 Using CDP network devices periodically advertise, 10 00:00:35,760 --> 00:00:40,070 their own information to a multicast address on the network, 11 00:00:40,070 --> 00:00:42,790 making it available to any device 12 00:00:42,790 --> 00:00:46,440 or application that wishes to listen and collect it. 13 00:00:46,440 --> 00:00:48,330 Over time, enhancements have been made, 14 00:00:48,330 --> 00:00:52,680 to discovery protocols to provide greater capabilities. 15 00:00:52,680 --> 00:00:54,980 Applications such as voice, 16 00:00:54,980 --> 00:00:57,410 have become dependent on these capabilities, 17 00:00:57,410 --> 00:00:59,180 to operate properly, 18 00:00:59,180 --> 00:01:03,070 leading to interoperability problems between vendors, 19 00:01:03,070 --> 00:01:07,817 therefore to allow inter working between vendor equipment, 20 00:01:07,817 --> 00:01:09,690 it has become necessary, 21 00:01:09,690 --> 00:01:13,010 to have a single standardized discovery protocol. 22 00:01:13,010 --> 00:01:17,005 Cisco has been working with other leaders in the internet 23 00:01:17,005 --> 00:01:19,770 and IEEE community, 24 00:01:19,770 --> 00:01:23,583 to develop a new standardized discovery protocol, 802.1AB, 25 00:01:25,520 --> 00:01:30,380 Station and Media Access Control, Connectivity, Discovery 26 00:01:30,380 --> 00:01:34,910 or Link Layer Discovery Protocol, LLDP. 27 00:01:34,910 --> 00:01:38,910 LLDP, which defines basic discovery capabilities, 28 00:01:38,910 --> 00:01:43,910 was enhanced to specifically address the voice application. 29 00:01:43,964 --> 00:01:48,370 This extension to LLDP is called LLDP-MED 30 00:01:49,690 --> 00:01:54,210 or LLDP for Media Endpoint Devices. 31 00:01:54,210 --> 00:01:55,677 As mentioned previously, 32 00:01:55,677 --> 00:01:59,360 a recommended best practice is to disable CDP, 33 00:01:59,360 --> 00:02:03,040 on any ports facing untrusted or unknown networks, 34 00:02:03,040 --> 00:02:04,911 that do not require CDP. 35 00:02:04,911 --> 00:02:07,820 CDP operates at layer two 36 00:02:07,820 --> 00:02:11,141 and can provide attackers with information. 37 00:02:11,141 --> 00:02:16,141 For example, device types, hardware and software versions, 38 00:02:17,110 --> 00:02:20,320 VLAN, and IP address details and so on. 39 00:02:20,320 --> 00:02:23,741 This is information that you would rather not disclose. 40 00:02:23,741 --> 00:02:27,510 The example here, details the configuration steps necessary, 41 00:02:27,510 --> 00:02:32,510 to disable CDP on a global and per interface basis. 42 00:02:34,400 --> 00:02:37,890 In the same way it is recommended to disable CDP, 43 00:02:37,890 --> 00:02:41,290 it is also a best practice to disable LLDP, 44 00:02:41,290 --> 00:02:46,090 in areas of the network that is not needed. 45 00:02:46,090 --> 00:02:47,800 The example also includes, 46 00:02:47,800 --> 00:02:52,222 the configuration steps necessary to disable LLDP, 47 00:02:52,222 --> 00:02:54,163 on a global basis.