Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
919293949596979899100
92
OL-11615-01
Note Before disabling a service, first verify that the service is not needed.
This section describes how to disable some services that might not be needed.
Unneeded Services in Cisco IOS and Catalyst OS
The following is a list of services available in both Cisco IOS (native) and Catalyst OS (hybrid):
Cisco Discovery Protocol (CDP), page 92
ICMP Redirects, page 93
ICMP Unreachables, page 93
Cisco Discovery Protocol (CDP)
Cisco Discovery Protocol is a Cisco proprietary Layer 2 protocol designed to facilitate the
administration and troubleshooting of network devices by providing information on neighboring
equipment. With CDP enabled, network administrators can run CDP commands that provide them with
the platform, model, software version, and even the IP addresses of adjacent equipment.
CDP is a useful protocol, but could clearly reveal important information to an attacker. CDP is enabled
by default and can be disabled globally or for each interface. The best practice is to disable CDP globally
when the service is not used, or per interface when CDP is still required. In cases where CDP is used for
troubleshooting, CDP should be left enabled globally, and should be disabled only on those interfaces
on which the service could represent a risk, for example, interfaces connecting to the Internet. As a
general practice, CDP should not be enabled on interfaces that connect to external networks, such as the
Internet.
To disable CDP globally:
On systems running Catalyst OS use the set cdp disable command, as shown in the following
example:
Console> (enable) set cdp disable
On systems running Cisco IOS use the no cdp run command from global configuration mode, as
shown in the following example:
Router(config)# no cdp run
To disable CDP on one or more interfaces:
On systems running Catalyst OS, use the set cdp disable{
mod/ports
...} command, as shown in the
following example:
Console> (enable) set cdp disable 2/1
On systems running Cisco IOS, use the no cdp enable command from interface configuration mode,
as shown in the following example:
Router(config-if)# no cdp enable
Note Features such as ODR (on demand routing) depend on CDP, so check for dependencies prior to disabling
CDP.