Use of no CDP enable and no CDP run with examples
No CDP run and no CDP enable do the same thing which is disabling the CDP protocol on the device however on different levels.
No CDP enable is an interface command that is executed from the interface configuration mode and it disables the CDP on that particular interface from where we have executed the command.
No CDP run is executed from the global configuration mode and it completely disables the CDP on the device.
CDP is a useful protocol however we may have to disable the CDP in some cases. Below are the examples where we have to disable the CDP protocol.
Example scenarios for disabling the CDP on the interface level.
We should disable the CDP on the interfaces that are connected to endpoints like PCs and servers because CDP packets are of no use for these devices and they will be dropping this traffic anyhow so it’s better to disable the CDP as it also poses a security threat. Hackers can use the end devices to steal information about the network through the endpoints.
CDP is a Cisco proprietary protocol so we must disable the CDP on interfaces that are connecting to the non Cisco devices.
In the image above, two interfaces on the Cisco router are connected to the non-Cisco devices so we can disable the CDP on those interfaces while running the CDP on the interface connecting to the Cisco switch.
We must disable the CDP on the interfaces connecting to the external network as we don’t want to send our internal device’s information to the external world. Giving out internal information to the external network poses a security risk.
We can disable the CDP on the 1941 router’s interface connecting to the ISP router.
Example scenarios for disabling the CDP completely
We can completely disable the CDP if the Cisco device is only connecting to the non-cisco devices.
Even if we are using the Cisco devices, we can still disable CDP if we don’t want to use this service as it poses a security risk.
In the following network diagram, we have disabled the CDP on router1 and switch1. CDP has been disabled globally on router 1 and switch 1, and CDP has been disabled on the interface connecting to the switch.
We can see in the output of the show CDP neighbor command that switch0 has the information available for 3 devices only while there is no information about router1 and switch1