LLDP + source mac address

Unanswered Question
Mar 2nd, 2009

Hi,

Does anyone know what the source mac address of an LLDP frame should be according to the IEEE standard ?

We connected some devices that use LLDP to our network, and we noticed that they were using two MAC addresses: MAC A for ARP and IP higher layer protocol and MAC B (which was MAC A + 1) for LLDP advertisements. I am not sure if a device is free to do this.

This generates problems with our port security policy which allows only one MAC per port in the data vlan.

I only see the following solutions:

- change our policy to allow two macs/port

- ask the device manager to disable LLDP on that device

- put a VLAN ACL on all ports to drop LLDP frames (??)

- others..

regards,

Geert

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Bobby Thekkekandam Mon, 03/02/2009 - 08:09

Here's clause 8.2 from the 802.1AB spec:

"8.2 Source address

The source address shall be the MAC address of the sending station or port."

http://standards.ieee.org/getieee802/download/802.1AB-2005.pdf

The statement seems to assume that a given device will only have one MAC address, so using another MAC address may not necessarily be a violation.

What platform(s) and IOS version(s) are you seeing this on?

-Bobby

gnijs Mon, 03/02/2009 - 08:34

The device is a Siemens S7-300 PLC, it uses different MAC addresses for ARP broadcasts and LLDP advertisements (very strange to me, but i have a capture proving it).

It also send an LLDP advertisment every 5 seconds (not sure if this also is "within specification")

PS. What exactly does the command:

"no lldp receive" do on an interface ?

Does it filter off LLDP protocol messages (and therefore also prevents the port from learning an additional MAC address) ?

Actions

This Discussion