LAN CDP Reconnaissance

CDP information is unencrypted

To mitigate the exploitation of CDP, limit the use of CDP on devices or ports

For example, disable CDP on edge ports that connect to untrusted devices

• To disable CDP globally on a device, use the no cdp run global configuration mode command
• To disable CDP on a port, use the no cdp enable interface configuration command

Note: Link Layer Discovery Protocol (LLDP) is also vulnerable to reconnaissance attacks. Configure no lldp run to disable LLDP globally. To disable LLDP on the interface, configure no lldp transmit and no lldp receive