What is Secure CDP and how does Secure CDP work ?

décembre 29, 2022 Mourad ELGORMA

Happy New Year!
Don’t assume CDP can’t be secure and just turn it off. Take a look at Secure CDP, it’s easy !

Not sure what CDP is yet or need a refresher ? Watch this and get caught up.

Welcome to Network Engineer Pro. I’m Rafael, CCIE #64356 in routing and switching.

I’m working on ton of content (videos, labs and more) to help you learn networking. If you want to stay up to date on what I’m working on and be the first to know then head to my website where you can sign up and get notified:
➤ https://www.networkengineerpro.com/

You can also follow me on Facebook:
➤ https://www.facebook.com/NetworkEngineerPro

Amazon affiliate links to recommended reading material

The CCNA 200-301 Official Cert Guide Volume 1
➤ https://amzn.to/3AWwjXh

The CCNA 200-301 Official Cert Guide Volume 2
➤ https://amzn.to/3wv81QQ

For those of you who want to take your studies to the CCIE level, here are the first two books(of many) you should get your hands on.

Routing TCP/IP, Volume 1
➤ https://amzn.to/3ARnVZj

Routing TCP/IP, Volume 2
➤ https://amzn.to/3k8wfxB

The Cisco Discovery Protocol does not possess inherent security mechanisms and is vulnerable to attacks. The Secure Cisco Discovery Protocol feature allows users to select the type, length, value (TLV) fields that are sent on a particular interface to filter information sent through Cisco Discovery Protocol packets.

In a lab environment with Cisco switches and routers, I show you how to configure and verify Secure CDP to make sure our Cisco switches by filtering and only advertising the TLV’s we want, making it more secure.

The config I used in this video to configure Secure Cisco Discovery Protocol:

Step 1: Configure the TLV Filter
cdp tlv-list SECURE-CDP
address
mgmt-address
ip-prefix
vtp-mgmt-domain
native-vlan
capability
platform

Step 2: Apply it to an interface or globally
sw1(config)
interface GigabitEthernet0/0
cdp filter-tlv-list SECURE-CDP

Or Globally on all interfaces:
sw1(config)
cdp filter-tlv-list SECURE-CDP

*The show cdp tlv-list and show cdp interface commands display information about the TLV list.

Step 3: Verify! Verify! Verify!
Verify by doing “show cdp nei detail” on the neighbor to ensure sensitive info is not being
displayed. Verification can also be accomplished by examining the Wireshark capture (because
packet captures never lie) of a CDP advertisement and making sure the right TLV’s are not
being sent.

Secure CDP Config Guide can be viewed here:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cdp/configuration/15-mt/cdp-15-mt-book/nm-cdp-secure-cdp.html

Any questions or comments let me know, I hope you all enjoy this video.
Happy new year !
#CCNA #CCNP #CCIE

Views : 392
network engineer

Source by Network Engineer Pro