{"id":169293,"date":"2026-06-20T20:11:40","date_gmt":"2026-06-20T17:11:40","guid":{"rendered":"https:\/\/computingforgeeks.com\/?p=169293"},"modified":"2026-06-20T20:11:40","modified_gmt":"2026-06-20T17:11:40","slug":"cisco-cdp-lldp-network-discovery","status":"publish","type":"post","link":"https:\/\/computingforgeeks.com\/cisco-cdp-lldp-network-discovery\/","title":{"rendered":"CDP and LLDP Network Discovery on Cisco Switches"},"content":{"rendered":"

On an undocumented network, the fastest way to learn what is connected to a switch is to ask the switch. CDP and LLDP are the two protocols that answer. Each device announces itself to its directly connected neighbors, so from one switch you can read the hostname, the port, the platform, and often the IP address of everything one hop away, without touching a cable or opening a diagram.<\/p>\n\n

The two protocols do the same job from opposite philosophies. CDP is Cisco’s own, runs by default, and only talks to other Cisco gear. LLDP is the open IEEE standard that works across vendors but stays off until you switch it on. This guide explains what each one reveals, how to read the output, how they differ, and where you should turn discovery off. The timers and output here were captured on two Cisco IOS 15.2 switches in June 2026.<\/p>\n\n

What CDP tells you about your neighbors<\/h2>\n\n

CDP, the Cisco Discovery Protocol, is a Layer 2 protocol that runs by default on Cisco routers and switches. Every device sends a small advertisement out each interface every 60 seconds describing itself: its hostname, the local and remote port, what kind of device it is, its hardware platform, its IOS version, and its management IP. A neighbor stores that information for a holdtime of 180 seconds, so if three advertisements in a row go missing the entry ages out. The key insight is that this happens with no configuration at all. Connect two Cisco switches and each one already knows the other.<\/p>\n\n

Because it is Cisco-proprietary, CDP only ever shows you Cisco devices. That is both its strength, since it carries Cisco-specific detail like the native VLAN and VTP domain, and its limit, since a Juniper or Aruba switch is invisible to it. If you want a refresher on the device types it reports, the network devices overview<\/a> covers what a router, switch, and host each are.<\/p>\n\n\n

\"Topology<\/figure>\n\n\n

The lab is two switches, SW1 and SW2, joined on Gi0\/0. The same topology, running in GNS3, produced every capture in this guide:<\/p>\n\n\n

\"GNS3<\/figure>\n\n\n

Both switches have CDP on by default and a management IP on a Vlan1 interface, so the detailed output later has an address to show. This is the same Layer 2 link that the MAC address table<\/a> is built on; discovery just adds a description of who is on the other end.<\/p>\n\n

Reading the CDP tables<\/h2>\n\n

Start with the summary. show cdp neighbors<\/code> lists every directly connected Cisco device, one line each:<\/p>\n\n\n

show cdp neighbors<\/code><\/pre>\n\n\n
SW1 sees exactly one neighbor, SW2, reached through Gi0\/0:<\/p>\n\n\n
\"show<\/figure>\n\n\n
The columns are worth learning. Device ID is the neighbor’s hostname. Local Intrfce is your port, and Port ID is the neighbor’s port, so you can trace a cable in both directions. Holdtme counts down from 180. Capability uses the codes printed in the legend at the top: R for router, S for switch, I for IGMP, so the R S I<\/code> here is a multilayer switch. Platform is the hardware model; on these lab IOSvL2 images it shows a generic Cisco<\/code> or stays blank, while on real gear it reads something like WS-C2960<\/code>.<\/p>\n\n
The summary tells you what is connected where. For the details that matter while troubleshooting, add the keyword detail<\/code>:<\/p>\n\n\n
show cdp neighbors detail<\/code><\/pre>\n\n\n
Now each neighbor gets a full block:<\/p>\n\n\n
\"show<\/figure>\n\n\n
This is where CDP earns its place. What you are actually reading is the neighbor telling you its management IP (10.10.10.2), its full IOS version, its VTP domain, the native VLAN on the link (VLAN 1), and the duplex. That native VLAN field is the same one a trunk depends on, which is why CDP is the protocol that flags a native VLAN mismatch. If you are building an 802.1Q trunk<\/a>, CDP is what warns you when the two ends disagree.<\/p>\n\n
Why LLDP exists<\/h2>\n\n
CDP works beautifully right up to the moment you add a switch from another vendor. Because it is Cisco-only, it cannot describe a mixed network, and most real networks are mixed. That is the problem LLDP solves. LLDP, the Link Layer Discovery Protocol, is the IEEE 802.1AB standard: the same idea as CDP, but published openly so that Cisco, Juniper, Aruba, and anyone else can speak it.<\/p>\n\n
The trade-off is that Cisco leaves LLDP off by default. You turn it on globally with one command, which fits naturally into a switch’s base configuration<\/a>:<\/p>\n\n\n
configure terminal\nlldp run\nend<\/code><\/pre>\n\n\n
Run it on both ends of a link. Until you do, show lldp neighbors<\/code> stays empty even though the link is up and CDP is already showing the neighbor. LLDP advertises every 30 seconds with a 120-second holdtime, so it reacts a little faster than CDP when a neighbor disappears.<\/p>\n\n
Reading the LLDP tables<\/h2>\n\n
The LLDP commands mirror the CDP ones. show lldp neighbors<\/code> gives the summary, and adding detail<\/code> gives the full record:<\/p>\n\n\n
show lldp neighbors\nshow lldp neighbors detail<\/code><\/pre>\n\n\n
The summary shows SW2 with capability R, and the detail block adds its system name, description, capabilities, and management address:<\/p>\n\n\n
\"show<\/figure>\n\n\n
Notice that LLDP uses its own capability letters, listed in its own legend: here SW2 advertises B and R (bridge and router) and has R enabled. The summary column shows only the enabled capability (R), while the detail block separates what is advertised (B,R) from what is enabled (R). The detail block also carries a chassis ID and a system description string. On a real multi-vendor link, that system description is how you identify a non-Cisco neighbor that CDP could never have shown you at all.<\/p>\n\n
CDP and LLDP compared<\/h2>\n\n
Side by side, the two protocols line up cleanly:<\/p>\n\n\n
\n
Property<\/th>CDP<\/th>LLDP<\/th><\/tr><\/thead>
Origin<\/td>Cisco-proprietary<\/td>IEEE 802.1AB (open standard)<\/td><\/tr>\n
Default state<\/td>Enabled<\/td>Disabled (needs lldp run)<\/td><\/tr>\n
Works with other vendors<\/td>No<\/td>Yes<\/td><\/tr>\n
Advertisement interval<\/td>60 seconds<\/td>30 seconds<\/td><\/tr>\n
Holdtime<\/td>180 seconds<\/td>120 seconds<\/td><\/tr>\n
Enable command<\/td>on by default (cdp run)<\/td>lldp run<\/td><\/tr>\n<\/tbody><\/table><\/figure>\n\n\n
The timers are visible globally with show cdp<\/code> and show lldp<\/code>:<\/p>\n\n\n
\"show<\/figure>\n\n\n
The practical rule is simple. On an all-Cisco network, CDP is already on and tells you more. The moment another vendor sits in the path, enable LLDP so the whole topology is visible. Plenty of networks run both at once, and the two do not conflict.<\/p>\n\n
Turning discovery off where it should not run<\/h2>\n\n
Discovery is a convenience for you and a gift to an attacker. Every advertisement broadcasts the device model, IOS version, port, native VLAN, and management IP to whatever is on the wire. On an uplink between your own switches that is fine. On a port facing a user, a guest, or a customer, it is information you should not hand out. The same caution applies when you are chasing a problem with interface counters<\/a>: discovery is for trusted links, not edge ports.<\/p>\n\n
Turn CDP off on a single interface without disabling it across the switch:<\/p>\n\n\n
interface GigabitEthernet0\/1\n no cdp enable<\/code><\/pre>\n\n\n
LLDP is controlled per direction, so you can stop advertising while still listening, or both:<\/p>\n\n\n
interface GigabitEthernet0\/1\n no lldp transmit\n no lldp receive<\/code><\/pre>\n\n\n
One caution before you reach for no cdp run<\/code>: do not disable CDP globally if you run Cisco IP phones. What is actually happening there is the phone uses CDP to learn which voice VLAN to tag its traffic into, so a blanket disable breaks voice. Switch discovery off on the ports that face untrusted devices, not on the whole switch.<\/p>\n\n
Practice CDP and LLDP<\/h2>\n\n
This topic sits in the Network Access section of the CCNA 200-301 study roadmap<\/a>. The two-switch lab, paste-ready for GNS3, Cisco Packet Tracer, or real gear, is in the companion repo: c4geeks\/ccna-labs<\/a>. Build SW1 and SW2, connect Gi0\/0 to Gi0\/0, paste the configs, and the neighbor tables fill in on their own.<\/p>\n\n
Check that the defaults, timers, and commands have stuck with the quiz:<\/p>\n\n
Loading quiz...<\/div><\/div>\n\n\n
Then drill the facts with the flashcards, or take the deck into Anki:<\/p>\n\n
Loading flashcards...<\/div><\/div>\n\n\n
Common misconceptions about CDP and LLDP<\/h2>\n\n
A few ideas trip people up, and clearing them is the fastest way to actually understand these protocols:<\/p>\n\n\n
    \n
  • Discovery does not give you connectivity.<\/strong> CDP and LLDP are pure information. They never forward user traffic or change how a link behaves. A neighbor can sit in the table while the VLANs on the link are completely misconfigured.<\/li>\n
  • LLDP does not replace CDP.<\/strong> On a Cisco switch the two coexist happily. Running both is normal, and is exactly what you want on a network that mixes Cisco with other vendors.<\/li>\n
  • A neighbor in the table does not prove the link is healthy.<\/strong> An entry lingers for the holdtime after the neighbor goes down, up to 180 seconds for CDP. A stale entry is not live confirmation.<\/li>\n
  • Discovery is not harmless.<\/strong> It advertises precisely the details an attacker wants. Treat it as something to scope to trusted links and disable toward anything you do not control.<\/li>\n<\/ul>\n\n\n
    Keep that mental model and the two protocols become what they are meant to be: a fast, honest map of what is one hop away, switched on for the links where you want a map and switched off on the ones where you do not.<\/p>\n","protected":false},"excerpt":{"rendered":"
    Configure and read CDP and LLDP on Cisco switches: see what is on each port, run show cdp neighbors and show lldp neighbors, and compare the two.<\/p>\n","protected":false},"author":3,"featured_media":169292,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[299,55],"tags":[524,525],"cfg_series":[39888],"class_list":["post-169293","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-how-to","category-networking","tag-ccna","tag-cisco","cfg_series-ccna-200-301"],"_links":{"self":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/169293","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/comments?post=169293"}],"version-history":[{"count":1,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/169293\/revisions"}],"predecessor-version":[{"id":169294,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/169293\/revisions\/169294"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media\/169292"}],"wp:attachment":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media?parent=169293"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/categories?post=169293"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/tags?post=169293"},{"taxonomy":"cfg_series","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/cfg_series?post=169293"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}