LLDP + source mac address

gnijs · ‎03-02-2009

Hi,

Does anyone know what the source mac address of an LLDP frame should be according to the IEEE standard ?

We connected some devices that use LLDP to our network, and we noticed that they were using two MAC addresses: MAC A for ARP and IP higher layer protocol and MAC B (which was MAC A + 1) for LLDP advertisements. I am not sure if a device is free to do this.

This generates problems with our port security policy which allows only one MAC per port in the data vlan.

I only see the following solutions:

- change our policy to allow two macs/port

- ask the device manager to disable LLDP on that device

- put a VLAN ACL on all ports to drop LLDP frames (??)

- others..

regards,

Geert

Bobby Thekkekandam · ‎03-02-2009

Here's clause 8.2 from the 802.1AB spec:

"8.2 Source address

The source address shall be the MAC address of the sending station or port."

http://standards.ieee.org/getieee802/download/802.1AB-2005.pdf

The statement seems to assume that a given device will only have one MAC address, so using another MAC address may not necessarily be a violation.

What platform(s) and IOS version(s) are you seeing this on?

-Bobby

gnijs · ‎03-02-2009

The device is a Siemens S7-300 PLC, it uses different MAC addresses for ARP broadcasts and LLDP advertisements (very strange to me, but i have a capture proving it).

It also send an LLDP advertisment every 5 seconds (not sure if this also is "within specification")

PS. What exactly does the command:

"no lldp receive" do on an interface ?

Does it filter off LLDP protocol messages (and therefore also prevents the port from learning an additional MAC address) ?

Bobby Thekkekandam · ‎03-02-2009

correct, it will disable receipt of LLDP messages. See:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_40_se/configuration/guide/swlldp.html

HTH,

Bobby