Solved: Re: Strange value of LLDP device sensor entry

Marco__89 · ‎07-13-2022

Hi all,

i'm facing a problem with Profiling and device sensor. In particoular, using show device-sensor cache all command i see that some stranger values are appended in front of the expected value. The figure shows the output.

Proto Type:Name                       Len Value
DHCP    60:class-identifier             9 3C 07 79 65 61 6C 69 6E 6B
DHCP    12:host-name                   10 0C 08 53 49 50 2D 54 32 33 47
DHCP    55:parameter-request-list      18 37 10 01 02 03 04 06 07 0C 0F 1C 2A 42 43 2B 64
                                          65 78
DHCP    61:client-identifier            9 3D 07 01 00 15 65 E5 7A 51
LLDP     7:system-capabilities          6 0E 04 00 24 00 24
LLDP     6:system-description          13 0C 0B 34 34 2E 38 34 2E 30 2E 31 34 30
LLDP     5:system-name                 10 0A 08 53 49 50 2D 54 32 33 47
LLDP     2:port-id                      9 04 07 03 00 15 65 E5 7A 51
CDP      6:platform-type                8 00 06 00 08 54 32 33 47
CDP      5:version-type                15 00 05 00 0F 34 34 2E 38 34 2E 30 2E 31 34 30
CDP      4:capabilities-type            8 00 04 00 08 00 00 00 90
CDP      2:address-type                17 00 02 00 11 00 00 00 01 01 01 CC 00 04 AC 1D 07 C5
CDP      1:device-name                 20 00 01 00 14 54 32 33 47 30 30 31 35 36 35 45 35

Referring to LLDP port-id field, i expect to see only the MAC address of the device. Instead there are 3 bytes "04 07 03" in front of the actual MAC address. Due to this problem i cannot use the Ports ID starts with condition in ISE for profiling. While using contains condition it works.

Capturing packets i don't see these extra bytes. Does someone knwos where they come from and how can i resolve this problem in ISE?

Thanks

hslai · ‎07-14-2022

I added port-id to the filter-list for LLDP in one of our lab switches and I got a similar value as yours that started with "04 07 03". However, ISE profiler got only the MAC address and showed it as the value for lldpPortId. By enabling DEBUG on profiler, the debug log profiler.log also giving the same evidence.

2022-07-14 17:43:50,470 DEBUG [RADIUSParser-1-thread-1][] cisco.profiler.probes.radius.RadiusParser -::::- Parsed IOS Sensor 1: lldpPortId=[03:3c:fd:fe:8b:39:59]

"04 07 03" seems likely representing the types of the identifiers and my guess is that the values representing the subtypes as in the LLDAP MIB:

LldpPortIdSubtype ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
            "This TC describes the source of a particular type of port
            identifier used in the LLDP MIB.

            The enumeration 'interfaceAlias(1)' represents a port
            identifier based on the ifAlias MIB object, defined in IETF
            RFC 2863.

            The enumeration 'portComponent(2)' represents a port
            identifier based on the value of entPhysicalAlias (defined in
            IETF RFC 2737) for a port component (i.e., entPhysicalClass
            value of 'port(10)'), within the containing chassis.

            The enumeration 'macAddress(3)' represents a port identifier
            based on a unicast source address (encoded in network
            byte order and IEEE 802.3 canonical bit order), which has
            been detected by the agent and associated with a particular
            port (IEEE Std 802-2001).

            The enumeration 'networkAddress(4)' represents a port
            identifier based on a network address, detected by the agent
            and associated with a particular port.

            The enumeration 'interfaceName(5)' represents a port
            identifier based on the ifName MIB object, defined in IETF
            RFC 2863.

            The enumeration 'agentCircuitId(6)' represents a port
            identifier based on the agent-local identifier of the circuit
            (defined in RFC 3046), detected by the agent and associated
            with a particular port.

            The enumeration 'local(7)' represents a port identifier
            based on a value locally assigned."

    SYNTAX  INTEGER {
            interfaceAlias(1),
            portComponent(2),
            macAddress(3),
            networkAddress(4),
            interfaceName(5),
            agentCircuitId(6),
            local(7)
    }

If you are still seeing this issue, please engage Cisco TAC to troubleshoot.

View solution in original post

hslai · ‎07-14-2022

I added port-id to the filter-list for LLDP in one of our lab switches and I got a similar value as yours that started with "04 07 03". However, ISE profiler got only the MAC address and showed it as the value for lldpPortId. By enabling DEBUG on profiler, the debug log profiler.log also giving the same evidence.

2022-07-14 17:43:50,470 DEBUG [RADIUSParser-1-thread-1][] cisco.profiler.probes.radius.RadiusParser -::::- Parsed IOS Sensor 1: lldpPortId=[03:3c:fd:fe:8b:39:59]

"04 07 03" seems likely representing the types of the identifiers and my guess is that the values representing the subtypes as in the LLDAP MIB:

LldpPortIdSubtype ::= TEXTUAL-CONVENTION
    STATUS      current
    DESCRIPTION
            "This TC describes the source of a particular type of port
            identifier used in the LLDP MIB.

            The enumeration 'interfaceAlias(1)' represents a port
            identifier based on the ifAlias MIB object, defined in IETF
            RFC 2863.

            The enumeration 'portComponent(2)' represents a port
            identifier based on the value of entPhysicalAlias (defined in
            IETF RFC 2737) for a port component (i.e., entPhysicalClass
            value of 'port(10)'), within the containing chassis.

            The enumeration 'macAddress(3)' represents a port identifier
            based on a unicast source address (encoded in network
            byte order and IEEE 802.3 canonical bit order), which has
            been detected by the agent and associated with a particular
            port (IEEE Std 802-2001).

            The enumeration 'networkAddress(4)' represents a port
            identifier based on a network address, detected by the agent
            and associated with a particular port.

            The enumeration 'interfaceName(5)' represents a port
            identifier based on the ifName MIB object, defined in IETF
            RFC 2863.

            The enumeration 'agentCircuitId(6)' represents a port
            identifier based on the agent-local identifier of the circuit
            (defined in RFC 3046), detected by the agent and associated
            with a particular port.

            The enumeration 'local(7)' represents a port identifier
            based on a value locally assigned."

    SYNTAX  INTEGER {
            interfaceAlias(1),
            portComponent(2),
            macAddress(3),
            networkAddress(4),
            interfaceName(5),
            agentCircuitId(6),
            local(7)
    }

If you are still seeing this issue, please engage Cisco TAC to troubleshoot.