Walking the Network – the Cisco Discovery Protocol (CDP)

11 09 2010

Thought I’d write about “walking the network”, using the Cisco Discovery Protocol. This is not exactly high-level Cisco stuff, but useful for those with little experience of using Cisco gear.

Walking the network is a useful way of verifying that network diagrams are up to date, and diagramming the network if no documentation exists.

CDP is a layer 2 protocol running by default on most Cisco gear. It can be disabled, because of potential security risks (I’ll expand on that later). It reports the directly connected Cisco devices. It shows which ports the devices are connected to, the IP addresses of the devices.

My methodology for walking the network is:

1. Connect to a Cisco device, using a rollover cable, or telnet / SSH if you have login details.

2. Use “show CDP neighbors” to show a concise list of Cisco devices connected, and which port they’re connected to. For the purposes of documenting the network, I normally sketch it out on paper first, then transfer to electronic format once I have all the information I need.

3. Once you have device and port information for connected devices, you could then use “show cdp neighbors detail“. This shows much more information about each connected device, including its’ IP address.

Now you can add the IP address information to the devices on your sketch.

4. Once you’ve gathered the information you need from the first device, connect to the first directly connected device via Telnet, using the IP address information gained from step 3. Repeat the “show cdp neighbors” and update your network sketch accordingly.

5. Repeat this for all devices until all devices are accounted for. Provided the CDP protocol is enabled on all devices, you’ll have an accurate diagram of the Cisco connections on your network.

Back to those security issues – this is a potential issue in two circumstances; firstly if an edge device has been compromised, and secondly if someone has already gained unauthorised access to an item of kit on your network internally. All kit should be physically secured, and logically secured with well protected passwords to prevent this.

However, in the circumstance that unauthorised access has been gained, a malicious user can use the exact techniques described above to walk the network and potentially gain access to other devices.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: