NetworkJutsu

Network Security Consulting | San Francisco Bay Area

Link Layer Discovery Protocol (LLDP)

By Leave a Comment

Cisco Network Academy students, Cisco certified folks, and network professionals know what Cisco Discovery Protocol (CDP) is. Ask them what LLDP is then there’s a good chance that majority of them will say “what’s that?”. For simplicity’s sake, Link Layer Discovery Protocol (LLDP) is an IEEE standard discovery protocol that is similar to Cisco Discovery Protocol (CDP). Need to learn more about it? Please head over to Cisco’s documentation and here’s one that I found.

Usage

For the most part, I think you’re going to see more of CDP than LLDP. However, if you work in an organization that has multivendor network devices then you may be solely going to use LLDP. Some of organizations that do have multivendor network devices run both of CDP and LLDP concurrently. I’d tell you this much though, out of the three organizations I work(ed) for, my current employer is the only one that is running LLDP for majority of the network devices.

Configuration

Configuring LLDP is pretty much exactly the same as CDP. You just need to change the cdp part to lldp of the commands. While CDP is enabled by default, LLDP is not – at least that’s what it says on Cisco’s documentation. When I tried it on a Catalyst 3750, the LLDP was globally enabled by default. It doesn’t really matter if it is globally enabled or not. Entering the command twice doesn’t affect anything. If you are really curious what’s going to happen when it is not globally enabled then it should look like the one shown below.

         --- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Would you like to terminate autoinstall? [yes]: yes
Switch>sho lldp neigh
% LLDP is not enabled

As you can see, it is pretty much exactly the same as the CDP equivalent command in the verification standpoint. As mentioned, the configuration part is pretty much the same as well, as shown below.

Switch2(config)#lldp ?
  holdtime    Specify the holdtime (in sec) to be sent in packets
  reinit      Delay (in sec) for LLDP initialization on any interface
  run         Enable LLDP
  timer       Specify the rate at which LLDP packets are sent (in sec)
  tlv-select  Selection of LLDP TLVs to send
Switch2(config)#lldp run
Switch2(config)#end

Verification

Once LLDP is running, you can now do some show commands. Again, the commands are pretty much the same as the CDP, so whatever you can think of the commands that you use with CDP just replace the “cdp” to “lldp”. While the commands are pretty much the same, the output is slightly different. One interesting field is the capability column. With LLDP, it doesn’t say what type of a device and/or platform that is connected to the local switch, unlike CDP. If you are really curious about what type the device is connected to the local switch then you can always use the show lldp neighbor with the detail keyword as shown below. With the detail keyword, the system capability is now listed.

Switch2#sh lldp neigh
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID           Local Intf     Hold-time  Capability      Port ID
Switch1             Fa1/0/48       120                        Gi4/0/48
Switch2#sh cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Switch1          Gig 4/0/48        123           S I      WS-C3750- Fas 1/0/48
Switch5>sh lldp neigh g1/0/7 d
Chassis id: 0000.1111.2222
Port id: Gi0/1
Port Description: GigabitEthernet0/1
System Name: Switch3
System Description: 
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(37)SE1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 05-Jul-07 22:22 by antonino
Time remaining: 115 seconds
System Capabilities: B,R
Enabled Capabilities - not advertised
Management Addresses:
    IP: 192.168.0.55
Auto Negotiation - supported, enabled
Physical media capabilities:
    Other/unknown
Media Attachment Unit type: 22
---------------------------------------------
Total entries displayed: 1

Here’s another show lldp neighbor output on a different switch that is in production (changed hostname and other information to protect the innocent) with Juniper switch connected to it.

Cisco>sh lldp neigh
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other
Device ID           Local Intf     Hold-time  Capability      Port ID
Cisco-switch-1      Gi1/0/7        120                        Gi0/1
Juniper-switch1     Gi2/0/1        120        B,R             666
Juniper-switch1     Gi1/0/1        120        B,R             531
Total entries displayed: 3
Cisco>sh lldp neigh g2/0/1 d
Chassis id: 1234.1234.1234
Port id: 666
Port Description:
System Name: Juniper-switch1
System Description: 
Juniper Networks, Inc. ex4200-24f , version 10.4R5.5 Build date: 2011-06-14 04:09:33 UTC 
Time remaining: 111 seconds
System Capabilities: B,R
Enabled Capabilities: B,R
Management Addresses:
    IP: 192.168.1.100
    OID:
        01 03 06 01 02 01 1F 01 01 01 01 24
Auto Negotiation - supported, enabled
Physical media capabilities:
    1000baseX(FD)
    1000baseT(FD)
Media Attachment Unit type - not advertised
MED Information:
    MED Codes:
          (NP) Network Policy, (LI) Location Identification
          (PS) Power Source Entity, (PD) Power Device
          (IN) Inventory
    Inventory information - not advertised
    Capabilities: NP, LI, PS
    Device type: Network connectivity
    Network Policies - not advertised
    Power requirements - not advertised
---------------------------------------------
Total entries displayed: 1

This time, the capability column did include B (Bridge) and R (Router) for a non-Cisco device on show lldp neighbor output. If you need to know the model of the device connected to the local switch, then you need to issue the detail command also shown above.

LLDP is also useful when you’re running non-Cisco IP phones in a Cisco switched environment. This would’ve been perfect in my old employer since the switches were Cisco and the IP phones were Avaya. Even though we run mostly Cisco switches and IP phones in my current employer, the devices are generally not using CDP but LLDP.

Thoughts

Some network professionals would be tempted to run both CDP and LLDP concurrently, I do not recommend it. I’d say just stick with one protocol so you’re not starting another service that may be vulnerable with exploits. Most Information Security folks are not so fond of people just turning services just for the heck of it. That being said, pick one that is suitable with your environment and stick with it. If you need to add devices in the future that is not Cisco then I’d suggest to explore turning LLDP globally and disabling CDP globally.

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

About Andrew Roderos

I am a network security engineer with a passion for networking and security. Follow me on Twitter, LinkedIn, and Instagram.