• All Courses

      Categories

      • Cisco Certifications
      • Juniper Certifications

      Recommended Courses

      Cisco CCDA – 200-310 – Network Design Complete Course
      Cisco CCNA – 200-301 Complete Course
      Juniper JNCIA-DevOps – JN0-222 – Network Automation
      Juniper JNCIA-Junos – NEW JN0-104 Complete Course
  • More
    • Become a Teacher
    • About Us
    • FAQs
  • Blog
  • Contact
  • Have any question?
  • (+1) 410 635 0231
  • help@ciscolessons.com
RegisterLogin

Login with your site account

Lost your password?

Not a member yet? Register now

Register a new account

Are you a member? Login now

CiscoLessons
  • All Courses

      Categories

      • Cisco Certifications
      • Juniper Certifications

      Recommended Courses

      Juniper JNCIA-DevOps – JN0-222 – Network Automation
      Cisco CCNA – 200-301 Complete Course
      Juniper JNCIA-Junos – NEW JN0-104 Complete Course
      Cisco CCDA – 200-310 – Network Design Complete Course
  • More
    • Become a Teacher
    • About Us
    • FAQs
  • Blog
  • Contact

    CCNA

    • Home
    • Blog
    • CCNA
    • Layer 2 Discovery Protocols

    Layer 2 Discovery Protocols

    • Posted by Ben Jacobson
    • Categories CCNA, Lessons, Network Access
    • Date May 4, 2022
    • Comments 0 comment

    From a very practical perspective, the layer 2 discovery protocols have been invaluable to me as a network engineer. There are a lot of times when you will come into a situation, depending upon what kind of position that you have and where you work, you may come into a situation where you don’t know what the topology is or how it’s connected at all. You may have some basic information but you may not have a detailed and up-to-date network diagram to know how the network is connected. Usually this means you’ll need to do some investigative work to work out the topology.

    Cisco Discovery Protocol

    This is where the layer 2 discovery protocols really come in, is that they give you a lot of information about your directly connected devices when these protocols are running. So let’s first jump into CDP. This is the Cisco Discovery Protocol. It is a proprietary discovery protocol by Cisco. Like many of the proprietary protocols, CDP was implemented by Cisco prior to the release of the similar industry standard protocol, LLDP. Cisco being the innovative company that they are, thought it would be a really great idea to be able to identify other directly connected Cisco devices. CDP exchanges a lot of information, it allows us to see what kind of device is connected, what software it’s running, what interface it’s connected on ,what the management IP address is, and a whole lot more.

    CDP neighbor information

    Another vendor out there, HP, did support CDP for a little while, though not anymore. CDP advertisement are sent using a layer 2 multicast destination address 01:00:0C:CC:CC:CC. It’s a multicast layer 2 frame that is sent out, although it’s only intended to go to one directly connected device, however if you’re running a hub you may see multiple CDP neighbors. The default advertising interval is 60 seconds with a default hold time of three times that, 180 seconds. So what does that mean? Say you have 2 switches that are connected, as soon as the interfaces come up, they will go ahead and send out a CDP frame to each other so that they will discover each other. It will not send another CDP frame for another 60 seconds.

    Example list of CDP neighbors

    Let’s say one of the switches crash, so that the physical interface is still up, and it may even still be forwarding traffic but just any CPU tasks, like generating CDP frames or participating in Spanning Tree Protocol aren’t working. After 180 seconds where the connected has not received a CDP frame, the neighbor will be removed from the neighbors list.

    The actual information that is shared over CDP does vary by the device and OS version. As time has gone on, Cisco has updated CDP and allowed it to include more information. A lot of that ability to include more information comes from its TLV format.

    CDP header format

    Here we have the CDP header, and then just these TLV fields, these Type Length Value fields. The Type field is a 2 byte field which describes the type of information in the Value field. The Length field is also 2 bytes, and describes the length of the data in the Value field. The Value field contains the actual data of the TLV. This could be the management address of the device, the hostname, or any other information included in the CDP advertisement. It can add as many of these TLVs as they see fit, which is very extensible. Because of that, as software revisions have occurred and gone on, Cisco has included and removed some information here or there and been able to really customize this as they see fit.

    Packet capture of a CDP frame showing the TLVs contained

    CDP must be enabled globally, and can be enabled or disabled on a per-interface basis. CDP is enabled with the cdp run command. Similar it can be disabled with no cdp run. This is done at global configuration mode for the global enable or disable. The same commands are used at the interface configuration mode to enable or disable on a per-interface basis.

    Link Layer Discovery Protocol

    LLDP is the industry standard, IEEE, response to CDP. It does a whole lot of the same stuff, and it operates in very much the same manner. It’s defined in the standard 802.1ab. The timers are a little different, here with LLDP we have a default advertising interval of 30 seconds, and a default hold time interval of four times that 120 seconds.

    LLDP header format

    LLDP is formatted very similarly to CDP, using TLVs to describe the advertised data. Only the Chassis ID and Port ID have their own dedicated fields. Let’s take a look at the output of show lldp neighbor and show lldp entry.

    show LLDP neighbor command output on a Cisco device

    The output of show lldp neighbor is very similar to the output of the show cdp neighbor command. Being that these protocols perform very similar functions, this is not unexpected. Similarly the show lldp entry command has a very similarly formatted output.

    Sample output of show lldp entry

    Being that LLDP is an industry standard protocol, the exact output can vary pretty significantly from vendor to vendor. Additionally the information that each vendor chooses to advertise and expose via LLDP can vary significantly. However, it can still be a lifesaver when performing discovery on a network, to be able to map out the topology without having to physically trace cables. Finally, let’s take a look at a packet capture of an LLDP frame, showing the TLVs contained.

    Example LLDP advertisement packet capture showing the TLVs contained

    Tag:ccna, cdp, cisco discovery protocol, layer 2 discovery, link layer discovery, lldp

    • Share:
    author avatar
    Ben Jacobson

    Previous post

    802.1Q Fundamentals and Configuration
    May 4, 2022

    Next post

    VLAN Fundamentals and Configuration
    May 6, 2022

    You may also like

    lab.png
    Using Ansible
    4 June, 2022
    example_playbook_run.png
    Ansible Playbooks
    4 June, 2022
    sample_usage.png
    Ansible Inventory
    4 June, 2022

    Leave A Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    Popular Courses

    Cisco CCNA – 200-301 Complete Course

    Cisco CCNA – 200-301 Complete Course

    $39.99
    Juniper JNCIA-DevOps – JN0-222 – Network Automation

    Juniper JNCIA-DevOps – JN0-222 – Network Automation

    $39.99
    Juniper JNCIA-Junos – NEW JN0-104 Complete Course

    Juniper JNCIA-Junos – NEW JN0-104 Complete Course

    $49.99

    Categories

    • 410 635 0231
    • Owings Mills, MD USA
    • contact@ciscolessons.com

    Company

    • About Us
    • Blog
    • Contact
    • Become a Teacher

    Links

    • Courses
    • Events
    • FAQs

    Support

    • Documentation
    • Forums

    All rights reserved CiscoLessons®

    • Privacy
    • Terms
    • Sitemap
    • Purchase