CDP and LLDP Explained: Discovering Devices in Your Network

When you’re managing a network, one of the first things you need to know is what devices are connected and how they’re linked together. Instead of guessing or tracing cables one by one, you can use discovery protocols to get this information quickly. Two of the most common are CDP and LLDP. In this post, we’ll talk about what they are, how they work, and when you might use each one.

---

Before we dive into CDP and LLDP, it’s important to understand what a Layer 2 Discovery Protocol is.

These protocols work at Layer 2 of the OSI model, also called the Data Link layer. This means they don’t rely on IP addresses to function. Instead, they send small data packets, often called advertisements, directly to neighboring devices over the link they share.

The main job of a Layer 2 Discovery Protocol is to let connected devices share basic information about themselves. This can include:

• Device name and model

• IP addresses (if available)

• Interface details (which ports are being used)

• Capabilities (switch, router, phone, etc.)

Why is this useful?
It helps network administrators quickly identify what’s connected where, without having to manually trace cables or guess based on device labels. This is especially helpful when:

• Troubleshooting network issues

• Mapping or documenting the network

• Working with multiple vendors’ equipment

In short, Layer 2 Discovery Protocols act like a quick introduction between devices, so you know what you’re dealing with right away.

---

One of the most well-known Layer 2 Discovery Protocols is CDP, short for Cisco Discovery Protocol.

What is CDP?

CDP stands for Cisco Discovery Protocol. It’s a Layer 2 protocol that Cisco devices use to announce themselves to directly connected neighbors and to learn about those neighbors. It’s handy for mapping, troubleshooting, and finding device info without tracing cables.

How it Sends Information
CDP runs at the Data Link layer. It sends small frames using the SNAP header format. Devices that support CDP listen on the link, collect the TLV (type-length-value) fields in CDP packets, and store that information in a local table you can check with commands.

Important Defaults and Addresses

• CDP frames are sent to the multicast MAC address 01:00:0C:CC:CC:CC.

• By default, devices send CDP advertisements every 60 seconds.

• The default hold time is 180 seconds, meaning if no updates are received, the neighbor entry will stay in the table for that long before being removed.

• You can change these defaults with the commands:

  • cdp timer <seconds> – Changes the advertisement interval.

  • cdp holdtime <seconds> – Changes how long information is kept after the last update.

Versions and TLVs

• There are two versions: CDPv1 and CDPv2.

• CDPv2 adds more TLVs and reporting features, and is enabled by default on modern Cisco devices.

• Common TLVs include: Device ID (hostname), IP address, Port ID, Capabilities (switch, router, phone, etc.), Software version, Native VLAN, duplex setting, and VTP domain.

Where CDP Runs
CDP runs on interfaces that support SNAP headers, including Ethernet, PPP, Frame Relay, and others. It only works with directly connected neighbors and does not get forwarded beyond the first hop.

Common Commands

• show cdp – Shows global CDP status, including timers.

• show cdp neighbors – Quick list of neighbors and connected interfaces.

• show cdp neighbors detail – Detailed information, including IPs and software version.

• show cdp interface – CDP settings per interface.

• cdp run / no cdp run – Enable or disable CDP globally.

• cdp enable / no cdp enable – Enable or disable CDP on an interface.

• cdp advertise-v2 / no cdp advertise-v2 – Control whether CDPv2 advertisements are sent.

Security Note
CDP reveals device details like names, IP addresses, and OS versions, which can be useful for troubleshooting but also valuable to attackers. In security-sensitive environments, disable CDP on ports that face untrusted networks or devices.

---

CDP Configuration Example in Cisco IOS

Enable CDP Globally
CDP is usually enabled by default, but if it’s disabled, you can enable it with:

Switch(config)# cdp run

Enable CDP on a Specific Interface
If CDP is disabled on an interface, you can turn it on with:

Switch(config)# interface gigabitEthernet0/1
Switch(config-if)# cdp enable

Disable CDP Globally
If you need to turn CDP off completely:

Switch(config)# no cdp run

Disable CDP on a Specific Interface
To disable CDP on just one interface:

Switch(config)# interface gigabitEthernet0/1
Switch(config-if)# no cdp enable

Change CDP Timers
To adjust how often CDP advertisements are sent and how long they’re held:

Switch(config)# cdp timer 30       ! Send CDP packets every 30 seconds
Switch(config)# cdp holdtime 90    ! Keep info for 90 seconds if no updates are received

Verify CDP Information
To check which devices are discovered using CDP:

Switch# show cdp neighbors
Switch# show cdp neighbors detail
Switch# show cdp

---

Now that we’ve covered CDP, let’s talk about another discovery protocol you might encounter; LLDP, or Link Layer Discovery Protocol.

What is LLDP?

LLDP is an open-standard Layer 2 discovery protocol defined by IEEE 802.1AB. Unlike CDP, which is Cisco-only, LLDP works across devices from different vendors. This makes it ideal in environments where switches, routers, IP phones, and other devices come from multiple manufacturers.

How LLDP Works

Like CDP, LLDP sends advertisements at regular intervals to share information with directly connected neighbors. These advertisements contain TLVs (type-length-value fields) that describe details about the device. Neighboring devices store this information in a table that you can view with simple commands.

LLDP Default Settings

• Advertisements are sent every 30 seconds by default.

• The default hold time is 120 seconds.

• LLDP uses a different multicast MAC address from CDP:

  • Ethernet: 01:80:C2:00:00:0E

You can adjust the timers and control LLDP on a per-interface or global basis.

Information LLDP Can Provide

• Device name

• Port ID (the interface it’s connected to)

• Capabilities (switch, router, phone, etc.)

• Management IP address

• System description (software/firmware details)

Where LLDP is Commonly Used

Because it’s vendor-neutral, LLDP is widely used in:

• Multi-vendor networks

• VoIP phone deployments (phones can learn VLAN and power settings from switches)

• Data centers with equipment from different brands

Common LLDP Commands in Cisco IOS

• lldp run – Enable LLDP globally.

• no lldp run – Disable LLDP globally.

• lldp transmit – Enable LLDP advertisements on an interface.

• lldp receive – Allow LLDP information to be received on an interface.

• show lldp – Displays global LLDP status.

• show lldp neighbors – Lists LLDP neighbors.

• show lldp neighbors detail – Detailed information about neighbors.

---

LLDP Configuration Example in Cisco IOS

Enable LLDP Globally
LLDP is disabled by default on most Cisco devices. To enable it:

Switch(config)# lldp run

Enable LLDP on a Specific Interface
If you want to control LLDP per interface, you can enable transmit and receive separately:

Switch(config)# interface gigabitEthernet0/1
Switch(config-if)# lldp transmit
Switch(config-if)# lldp receive

Disable LLDP Globally
If you need to turn LLDP off completely:

Switch(config)# no lldp run

Disable LLDP on a Specific Interface
You can stop sending and/or receiving LLDP packets on a specific port:

Switch(config)# interface gigabitEthernet0/1
Switch(config-if)# no lldp transmit
Switch(config-if)# no lldp receive

Change LLDP Timers
To adjust how often LLDP sends advertisements and how long information is kept:

Switch(config)# lldp timer 20      ! Send LLDP packets every 20 seconds
Switch(config)# lldp holdtime 90   ! Keep info for 90 seconds if no updates are received
Switch(config)# lldp reinit 2      ! Wait 2 seconds before reinitializing LLDP after changes

Verify LLDP Information
To check which devices are discovered using LLDP:

Switch# show lldp neighbors
Switch# show lldp neighbors detail
Switch# show lldp

---

CDP vs LLDP – Side-by-Side Comparison

---

When to Use CDP or LLDP

• Use CDP if you are in a Cisco-only environment. It’s already enabled on most Cisco devices, so it will work without extra configuration. CDP can also share some Cisco-specific information that LLDP won’t include.

• Use LLDP if your network includes devices from multiple vendors. Since LLDP is an open standard, it ensures all compatible devices can exchange neighbor information regardless of manufacturer.

• Use Both if you manage a mixed environment but still want Cisco devices to exchange Cisco-specific details. Just remember that each protocol’s advertisements are independent and can run side-by-side without issues.

---

Wrap Up

CDP and LLDP might seem like simple tools, but they can make a big difference in how you understand and manage your network. With just a few commands, you can discover valuable details about connected devices without physically tracing a single cable.

If you’re in a Cisco-only environment, CDP is ready to help right out of the box. In a mixed-vendor network, LLDP is your go-to for universal compatibility. And in some cases, running both can give you the best of both worlds. Just remember to manage them wisely and disable them where security matters.

Learning these protocols is more than just memorizing commands. It’s about building confidence in your ability to see the bigger picture of your network. The more you practice, the faster you’ll be at troubleshooting, mapping, and making decisions. So keep exploring, keep testing, and you’ll find that every bit of knowledge adds up to making you a stronger network professional.

Thanks for taking the time to read through this guide, and I hope it helps you on your learning journey. Keep going, you’ve got this.