- Bronze, 100 points or more
Does anyone know what the source mac address of an LLDP frame should be according to the IEEE standard ?
We connected some devices that use LLDP to our network, and we noticed that they were using two MAC addresses: MAC A for ARP and IP higher layer protocol and MAC B (which was MAC A + 1) for LLDP advertisements. I am not sure if a device is free to do this.
This generates problems with our port security policy which allows only one MAC per port in the data vlan.
I only see the following solutions:
- change our policy to allow two macs/port
- ask the device manager to disable LLDP on that device
- put a VLAN ACL on all ports to drop LLDP frames (??)