Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1519
Views
2
Helpful
2
Replies

C9300 LLDP

Go to solution
nathanmonteyne0
Level 1
Level 1

‎11-09-2023 01:13 AM

Hi All,

Most of the time i'm working with CDP but the customer wants to have that disabled and start using LLDP.
They asked if it's possible to hide the hostname and management addresses in LLDP is it possible to fine tune LLDP more?
Or is it just it is on or off?
the reason why they want it is because they say security

Kind regards,

Nathan

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎11-09-2023 01:25 AM - edited ‎11-09-2023 01:28 AM

Hello @nathanmonteyne0,

Unlike CDP, LLDP provides more flexibility when it comes to fine-tuning and securing the information it advertises. You can control the information sent by LLDP, including the hostname and management addresses.

LLDP uses TLVs to convey information. By default TLVs are enable. So, you can selectively  disable specific TLVs to control the information exchanged:

Router(config-if)# no lldp tlv-select management-address

To hide the system name (hostname) TLV in LLDP:

Router(config-if)# no lldp tlv-select system-name

Note, depend of the model/platoform you don't have the same TLVs.

In terms of security, better is to disable CDP and LLDP...except for a specific goal (VoIP).

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

2 Replies 2

Go to solution
M02@rt37
VIP
VIP

‎11-09-2023 01:25 AM - edited ‎11-09-2023 01:28 AM

Hello @nathanmonteyne0,

Unlike CDP, LLDP provides more flexibility when it comes to fine-tuning and securing the information it advertises. You can control the information sent by LLDP, including the hostname and management addresses.

LLDP uses TLVs to convey information. By default TLVs are enable. So, you can selectively  disable specific TLVs to control the information exchanged:

Router(config-if)# no lldp tlv-select management-address

To hide the system name (hostname) TLV in LLDP:

Router(config-if)# no lldp tlv-select system-name

Note, depend of the model/platoform you don't have the same TLVs.

In terms of security, better is to disable CDP and LLDP...except for a specific goal (VoIP).

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
Blue_Bird
VIP
VIP

‎11-09-2023 04:49 AM - edited ‎11-09-2023 04:50 AM

The following configuration example shows how to enable LLDP on a device; disable LLDP on some interfaces; configure optional parameters such as hold time, delay time, and update frequency; and disable several LLDP TLVs:

switch(config)# feature lldp
switch(config)# interface ethernet 7/9
switch(config-if)# no lldp transmit
switch(config-if)# no lldp receive
switch(config-if)# exit
switch(config)# interface ethernet 7/10
switch(config-if)# no lldp transmit
switch(config-if)# no lldp receive
switch(config-if)# exit
switch(config)# lldp holdtime 200
switch(config)# lldp reinit 5
switch(config)# lldp timer 50
switch(config)# no lldp tlv-select port-vlan
switch(config)# no lldp tlv-select system-name

Best regards
******* If This Helps, Please Rate *******

0 Helpful
Customers Also Viewed These Support Documents