CDP (Cisco Discovery Protocol) and LLDP (Link Layer Discovery Protocol) advertise device identity and capabilities to directly connected neighbors. They are your best tools for building a Layer 2 topology map without getting up from your desk.

CDP — Cisco Discovery Protocol

CDP is Cisco proprietary and enabled by default on all Cisco IOS interfaces. It sends advertisements every 60 seconds to the multicast address 01:00:0c:cc:cc:cc.

CDP Configuration

! Enable CDP globally (default)
cdp run
 
! Disable CDP globally
no cdp run
 
! Enable CDP on a specific interface (default for all)
interface Gi0/1
 cdp enable
 
! Disable CDP on an interface
interface Gi0/1
 no cdp enable

CDP Verification Commands

show cdp
show cdp interface
show cdp neighbors
show cdp neighbors detail
show cdp entry *
show cdp traffic

show cdp neighbors provides a table of directly connected devices:

Device ID        Local Intf  Holdtme  Capability    Platform     Port ID
ACCESS-SW-2      Gi0/24      157      S             WS-C2960     Gi0/24
CORE-SW          Gi0/23      176      S I           WS-C3850     Gi1/0/1
ROUTER-1         Gi0/22      143      R             ISR-4331     Gi0/0/0

Capability codes: R = Router, S = Switch, I = IGMP, T = Trans bridge.

CDP Neighbor Detail

show cdp neighbors detail

Returns the full detail including IP address, platform, IOS version, and native VLAN:

-----------------------
Device ID: CORE-SW
Entry address(es):
  IP address: 192.168.1.1
Platform: cisco WS-C3850-24T, Capabilities: Switch IGMP
Interface: GigabitEthernet0/23, Port ID (outgoing port): GigabitEthernet1/0/1
Holdtime: 176 sec

Version:
Cisco IOS Software, IOS-XE Software (Cat3k-CAA-UNIVERSALK9-M)
Version 16.12.5

advertisement version: 2
VTP Management Domain: ''
Native VLAN: 99
Duplex: full

This is invaluable for inventory documentation without logging into every device.

LLDP — Link Layer Discovery Protocol

LLDP is the IEEE standard (802.1AB) and works with any vendor. It is disabled by default on Cisco IOS.

LLDP Configuration

! Enable LLDP globally
lldp run
 
! Enable LLDP transmit/receive on an interface
interface Gi0/1
 lldp transmit
 lldp receive
 
! Disable on interface
interface Gi0/1
 no lldp transmit
 no lldp receive

LLDP Verification Commands

show lldp
show lldp interface
show lldp neighbors
show lldp neighbors detail
show lldp traffic
show lldp entry *

LLDP neighbor output:

Device ID: DIST-SW-MDF-01
Local Intf: Gi0/24
Chassis id: aabb.ccdd.eeff
Port id: Gi0/24
Port Description: GigabitEthernet0/24
System Name: DIST-SW-MDF-01
System Description: Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M)
Time remaining: 107 seconds
Hold Time: 120 sec
Capabilities: Bridge, Router
Management Addresses:
  IPv4: 192.168.1.5

Building a Topology Map

Step 1: Run CDP/LLDP on every switch

ssh CORE-SW "show cdp neighbors detail" > cdp-core.txt
ssh DIST-SW-1 "show cdp neighbors detail" > cdp-dist1.txt
ssh DIST-SW-2 "show cdp neighbors detail" > cdp-dist2.txt

Step 2: Extract the connection matrix

The critical fields for each neighbor entry:

Step 3: Cross-reference both ends

A valid connection must be confirmed from both sides. If CORE-SW shows ACCESS-SW-2 via Gi0/24, ACCESS-SW-2 must show CORE-SW via Gi0/24. Mismatches mean cabling errors.

Step 4: Visualize

Build a simple text adjacency list:

CORE-SW
  ├─ Gi0/23 ── DIST-SW-1 (Gi0/24)
  └─ Gi0/24 ── DIST-SW-2 (Gi0/24)
DIST-SW-1
  ├─ Gi0/1  ── ACCESS-SW-1 (Gi0/24)
  ├─ Gi0/2  ── ACCESS-SW-2 (Gi0/24)
  └─ Gi0/24 ── CORE-SW (Gi0/23)

CDP/LLDP for Troubleshooting

Verify Cabling

! On Switch A
show cdp neighbors Gi0/24 detail | include Device ID|Port ID
 
! On Switch B
show cdp neighbors Gi0/24 detail | include Device ID|Port ID

If the Device ID or Port ID does not match expectations, the cable is patched wrong.

Identify Unauthorized Devices

CDP reveals device model and capabilities. A “Linux” or “Windows” device showing up as a CDP neighbor on a trunk port is a red flag.

Check Native VLAN Mismatch

CDP reports native VLAN mismatch as a separate notification:

%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/24

But you can also see it in show cdp neighbors detail output — compare the native VLAN field on both ends.

Speed and Duplex Verification

show cdp interface Gi0/24

CDP reports the interface speed and duplex. If one end reports full duplex and the other half, you have a mismatch.

Security Considerations

Disable on Edge Ports

interface range Gi0/1-22
 no cdp enable
 no lldp transmit
 no lldp receive

CDP/LLDP leak device type, IOS version, IP addresses, and native VLANs. Attackers use this information for targeted exploits.

Disable Globally if Not Needed

Some organizations disable CDP/LLDP entirely on external-facing or DMZ switches.

CDP vs LLDP Comparison

Scripting Topology Collection

#!/bin/bash
# Quick topology dump — run from a management host
SWITCHES="CORE-SW DIST-SW-1 DIST-SW-2 ACCESS-SW-1 ACCESS-SW-2"
 
for switch in $SWITCHES; do
    echo "=== $switch ==="
    ssh $switch "show cdp neighbors detail" 2>/dev/null || echo "Unreachable"
    echo ""
done

For a more structured output, parse with:

ssh CORE-SW "show cdp neighbors detail" | grep -E "Device ID:|Interface:|Port ID|IP address|Platform"

Best Practices

• Enable LLDP in multi-vendor networks — CDP is Cisco-only. Use LLDP for consistent discovery across Juniper, Arista, HP, and others.
• Disable on edge ports — Prevent information leakage to end-user devices.
• Verify both directions — A one-sided neighbor entry indicates a problem.
• Document topology — Run a CDP/LLDP sweep quarterly and compare against your documented topology.
• Monitor neighbor changes — New or missing CDP/LLDP neighbors should trigger investigation.
• Keep holdtime consistent — CDP holdtime defaults to 180 sec (3 x 60). Changing it can cause unnecessary flapping.
• Use CDP for first-hop redundancy — HSRP and VRRP use CDP for virtual IP advertisement.

Quick Reference