Cisco Network Academy students, Cisco certified folks, and network professionals know what Cisco Discovery Protocol (CDP) is. Ask them what LLDP is then there’s a good chance that majority of them will say “what’s that?”. For simplicity’s sake, Link Layer Discovery Protocol (LLDP) is an IEEE standard discovery protocol that is similar to Cisco Discovery Protocol (CDP). Need to learn more about it? Please head over to Cisco’s documentation and here’s one that I found.
Usage
For the most part, I think you’re going to see more of CDP than LLDP. However, if you work in an organization that has multivendor network devices then you may be solely going to use LLDP. Some of organizations that do have multivendor network devices run both of CDP and LLDP concurrently. I’d tell you this much though, out of the three organizations I work(ed) for, my current employer is the only one that is running LLDP for majority of the network devices.
Configuration
Configuring LLDP is pretty much exactly the same as CDP. You just need to change the cdp part to lldp of the commands. While CDP is enabled by default, LLDP is not – at least that’s what it says on Cisco’s documentation. When I tried it on a Catalyst 3750, the LLDP was globally enabled by default. It doesn’t really matter if it is globally enabled or not. Entering the command twice doesn’t affect anything. If you are really curious what’s going to happen when it is not globally enabled then it should look like the one shown below.
--- System Configuration Dialog --- Would you like to enter the initial configuration dialog? [yes/no]: no Would you like to terminate autoinstall? [yes]: yes Switch>sho lldp neigh % LLDP is not enabled
As you can see, it is pretty much exactly the same as the CDP equivalent command in the verification standpoint. As mentioned, the configuration part is pretty much the same as well, as shown below.
Switch2(config)#lldp ? holdtime Specify the holdtime (in sec) to be sent in packets reinit Delay (in sec) for LLDP initialization on any interface run Enable LLDP timer Specify the rate at which LLDP packets are sent (in sec) tlv-select Selection of LLDP TLVs to send Switch2(config)#lldp run Switch2(config)#end
Verification
Once LLDP is running, you can now do some show commands. Again, the commands are pretty much the same as the CDP, so whatever you can think of the commands that you use with CDP just replace the “cdp” to “lldp”. While the commands are pretty much the same, the output is slightly different. One interesting field is the capability column. With LLDP, it doesn’t say what type of a device and/or platform that is connected to the local switch, unlike CDP. If you are really curious about what type the device is connected to the local switch then you can always use the show lldp neighbor with the detail keyword as shown below. With the detail keyword, the system capability is now listed.
Switch2#sh lldp neigh Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold-time Capability Port ID Switch1 Fa1/0/48 120 Gi4/0/48 Switch2#sh cdp neigh Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID Switch1 Gig 4/0/48 123 S I WS-C3750- Fas 1/0/48
Switch5>sh lldp neigh g1/0/7 d Chassis id: 0000.1111.2222 Port id: Gi0/1 Port Description: GigabitEthernet0/1 System Name: Switch3 System Description: Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(37)SE1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Thu 05-Jul-07 22:22 by antonino Time remaining: 115 seconds System Capabilities: B,R Enabled Capabilities - not advertised Management Addresses: IP: 192.168.0.55 Auto Negotiation - supported, enabled Physical media capabilities: Other/unknown Media Attachment Unit type: 22 --------------------------------------------- Total entries displayed: 1
Here’s another show lldp neighbor output on a different switch that is in production (changed hostname and other information to protect the innocent) with Juniper switch connected to it.
Cisco>sh lldp neigh Capability codes: (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other Device ID Local Intf Hold-time Capability Port ID Cisco-switch-1 Gi1/0/7 120 Gi0/1 Juniper-switch1 Gi2/0/1 120 B,R 666 Juniper-switch1 Gi1/0/1 120 B,R 531 Total entries displayed: 3 Cisco>sh lldp neigh g2/0/1 d Chassis id: 1234.1234.1234 Port id: 666 Port Description: System Name: Juniper-switch1 System Description: Juniper Networks, Inc. ex4200-24f , version 10.4R5.5 Build date: 2011-06-14 04:09:33 UTC Time remaining: 111 seconds System Capabilities: B,R Enabled Capabilities: B,R Management Addresses: IP: 192.168.1.100 OID: 01 03 06 01 02 01 1F 01 01 01 01 24 Auto Negotiation - supported, enabled Physical media capabilities: 1000baseX(FD) 1000baseT(FD) Media Attachment Unit type - not advertised MED Information: MED Codes: (NP) Network Policy, (LI) Location Identification (PS) Power Source Entity, (PD) Power Device (IN) Inventory Inventory information - not advertised Capabilities: NP, LI, PS Device type: Network connectivity Network Policies - not advertised Power requirements - not advertised --------------------------------------------- Total entries displayed: 1
This time, the capability column did include B (Bridge) and R (Router) for a non-Cisco device on show lldp neighbor output. If you need to know the model of the device connected to the local switch, then you need to issue the detail command also shown above.
LLDP is also useful when you’re running non-Cisco IP phones in a Cisco switched environment. This would’ve been perfect in my old employer since the switches were Cisco and the IP phones were Avaya. Even though we run mostly Cisco switches and IP phones in my current employer, the devices are generally not using CDP but LLDP.
Thoughts
Some network professionals would be tempted to run both CDP and LLDP concurrently, I do not recommend it. I’d say just stick with one protocol so you’re not starting another service that may be vulnerable with exploits. Most Information Security folks are not so fond of people just turning services just for the heck of it. That being said, pick one that is suitable with your environment and stick with it. If you need to add devices in the future that is not Cisco then I’d suggest to explore turning LLDP globally and disabling CDP globally.
Disclosure
NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.