CDP is a Cisco proprietary Layer 2 protocol that is used to gather information about Cisco devices which share the same data link. CDP is media and protocol independent and runs on all Cisco devices, such as routers, switches, and access servers.
The device sends periodic CDP advertisements to connected devices. These advertisements share information about the type of device that is discovered, the name of the devices, and the number and type of the interfaces.
Link Layer Discovery Protocol (LLDP) is a vendor-neutral neighbor discovery protocol similar to CDP. LLDP works with network devices, such as routers, switches, and wireless LAN access points. This protocol advertises its identity and capabilities to other devices and receives the information from a physically-connected Layer 2 device.
This protocol allows routers on the network to synchronize their time settings with an NTP server, which provides more consistent time settings.
NTP can be set up to synchronize to a private master clock, or it can synchronize to a publicly available NTP server on the internet. NTP uses UDP port 123 and is documented in RFC 1305.
NTP networks use a hierarchical system of time sources. Each level in this hierarchical system is called a stratum. The stratum level is defined as the number of hop counts from the authoritative source. The synchronized time is distributed across the network by using NTP.
The max hop count is 15. Stratum 16, the lowest stratum level, indicates that a device is unsynchronized.
Syslog uses UDP port 514 to send event notification messages across IP networks to event message collectors, as shown in the figure.
The syslog logging service provides three primary functions, as follows:
The syslog protocol starts by sending system messages and debug output to a local logging process. Syslog configuration may send these messages across the network to an external syslog server, where they can be retrieved without needing to access the actual device.
Alternatively, syslog messages may be sent to an internal buffer. Messages sent to the internal buffer are only viewable through the CLI of the device.
The network administrator may specify that only certain types of system messages be sent to various destinations. Popular destinations for syslog messages include the following:
Cisco devices produce syslog messages as a result of network events. Every syslog message contains a severity level and a facility.
By default, the format of syslog messages on the Cisco IOS Software is as follows:
%facility-severity-MNEMONIC: description
For example, sample output on a Cisco switch for an EtherChannel link changing state to up is:
%LINK-3-UPDOWN: Interface Port-channel1, changed state to up
Here the facility is LINK and the severity level is 3, with a MNEMONIC of UPDOWN.
By default, log messages are not timestamped. Log messages should be timestamped so that when they are sent to another destination, such as a Syslog server, there is record of when the message was generated. Use the command service timestamps log datetime to force logged events to display the date and time.