[c-nsp] Deferred packets on 2950 10/full interface
Michael K. Smith
mksmith at noanet.net
Sat Jan 15 16:52:20 EST 2005
On 1/15/05 1:45 PM, "Gert Doering" <gert at greenie.muc.de> wrote:
> Hi,
>
> On Sat, Jan 15, 2005 at 01:26:03PM -0800, Michael K. Smith wrote:
>> In a network with a lot of customer facing ports I find it is a bit too
>> chatty about topology.
>
> So what are you customers going to do with the information "I'm connected
> to a switch named $foo, on a port named 3/17, and the switch's IP address
> is $bar"?
>
> While I value security, the urge to switch off CDP is something I've never
> fully understood - it's quite useful (think "customer has a box with two
> serial ports and has hooked up the wrong one to his T1") in troubleshooting.
>
> There are IOS releases with CDP bugs, of course, and you don't want to
> run these with CDP enabled.
>
> gert
I agree, it is certainly a matter of degrees of paranoia. It's just another
one of those automatic information technologies we've decided against
running because it releases information that may or may not be outside of
our obfuscation model. :-)
CDP bugs are not to be overlooked either, as you say. Rather than worry
about it, it's just easier to turn off. If CDP were able to tell me that a
customer had crossed their T-1's, what would my high-powered Electrical
Engineer have to do with his time?
Mike
More information about the cisco-nsp
mailing list