Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

3.3. Layer 2 Discovery Protocols

đź’ˇ First Principle: Discovery protocols let network devices advertise their identity to neighbors, enabling automated topology mapping and troubleshooting. They answer the question: "What's connected to my port?" CDP is Cisco-proprietary; LLDP is the open standard.

Consider this scenario: You inherit a network with no documentation. Hundreds of ports, no cable labels, no topology diagram. How do you figure out what connects to what? You could trace every cable by hand (hours of work), or run show cdp neighbors and have the network tell you the entire topology in seconds. CDP saved network engineers countless hours before automated documentation tools existed.

What happens when discovery protocols are misused: An attacker gains access to a switch port—maybe through an open jack in a conference room. They run show cdp neighbors detail and now know every device in your network: model numbers, IP addresses, IOS versions. They know which switches are running old, vulnerable firmware. That reconnaissance cost them nothing. Disable CDP/LLDP on untrusted ports.

Why discovery protocols matter:
  • Troubleshooting: "What's actually plugged into this port?"
  • Documentation: Auto-generate topology maps from CDP/LLDP data
  • Verification: Confirm physical connectivity matches logical design

The security trade-off: These protocols broadcast device details to anyone listening. An attacker on your network can run show cdp neighbors (if they gain access) to map your infrastructure. That's why security-conscious organizations disable CDP on ports facing untrusted networks—the convenience isn't worth the exposure.