Network Management

Configure CDP, LLDP, and NTP

Company: NETWORK TECHNICIAN (STUDENT)

CDP, LLDP, and NTP Configuration – Cisco Packet Tracer Lab

This lab demonstrates my ability to configure Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP), and Network Time Protocol (NTP) across a simulated enterprise network. The objective was to control discovery protocol traffic for security and visibility, while synchronizing router time using an external NTP server.

Project Goals

  • Configure CDP and LLDP selectively across routers and switches

  • Adjust LLDP to operate in receive-only or send-only modes on specific interfaces

  • Restrict discovery traffic on access ports to reduce attack surfaces

  • Configure the HQ router to synchronize with an NTP server

Topology Summary

The network consisted of:

  • HQ Router with interfaces to LAN (192.168.1.0/24, 192.168.2.0/24) and WAN (192.168.3.0/30)

  • Branch Router with a direct WAN link to HQ and a LAN segment

  • HQ Switches (HQ-SW-1, HQ-SW-2) and Branch Switches (BR-SW1, BR-SW2, BR-SW3)

  • NTP Server located on the HQ LAN: 192.168.1.254

  • PCs attached to HQ and Branch LANs

Configuration Steps

LLDP and CDP Configuration

HQ Router:

  • Disabled CDP globally to reduce discovery exposure:

no cdp run

  • Enabled LLDP globally:

lldp run

  • Configured G0/0/0 and G0/0/1 (connections to switches) to only receive LLDP:

interface g0/0/0 lldp receive no lldp transmitinterface g0/0/1 lldp receive no lldp transmit

HQ Switches (HQ-SW-1 and HQ-SW-2):

  • Disabled CDP globally:

no cdp run

  • Enabled LLDP globally:

lldp run

  • Configured uplinks (to HQ router) to only send LLDP:

interface [uplink] no lldp receive lldp transmit

  • Disabled LLDP on active access ports to avoid exposing host information:

interface [access-port] no lldp transmit no lldp receive

Branch-Side CDP Configuration via SSH

The Branch switches were only accessible through SSH sessions from the Branch router using the following credentials:

 
Switch Username Password Enable Secret
BR-SW1 admin SW1admin# SW1EnaAccess#
BR-SW2 admin SW2admin# SW2EnaAccess#
BR-SW3 admin SW3admin# SW3EnaAccess#

Branch Router:

  • Enabled CDP globally for discovery between Branch and switches:

cdp run

BR-SW1, BR-SW2, BR-SW3:

  • Accessed via SSH from the Branch router

  • Disabled CDP on access ports only, preserving CDP on uplinks:

interface [access-port] no cdp enable

NTP Configuration on HQ Router

The HQ router was configured to synchronize time with the NTP server at 192.168.1.254:

ntp server 192.168.1.254

Verification:

show ntp associations show clock

The output confirmed the HQ router successfully synchronized its clock with the NTP server.

Skills Demonstrated

  • Discovery protocol configuration and restriction (CDP, LLDP)

  • Remote access configuration and secure switch management via SSH

  • NTP server configuration and time synchronization

  • Interface-level protocol tuning to minimize exposure

  • Cisco IOS CLI navigation and verification commands

Key Takeaways

  • Discovery protocols can help map the network but must be controlled to avoid leaking infrastructure details.

  • LLDP and CDP provide flexible control on a per-interface basis (send, receive, or both).

  • Configuring NTP ensures accurate logging, scheduling, and time-sensitive security protocols.

  • Managing devices remotely using SSH and role-based access is a vital skill in enterprise networking environments.