LLDP + source mac address

Unanswered Question
Mar 2nd, 2009
User Badges:
  • Bronze, 100 points or more

Hi,


Does anyone know what the source mac address of an LLDP frame should be according to the IEEE standard ?


We connected some devices that use LLDP to our network, and we noticed that they were using two MAC addresses: MAC A for ARP and IP higher layer protocol and MAC B (which was MAC A + 1) for LLDP advertisements. I am not sure if a device is free to do this.


This generates problems with our port security policy which allows only one MAC per port in the data vlan.


I only see the following solutions:

- change our policy to allow two macs/port

- ask the device manager to disable LLDP on that device

- put a VLAN ACL on all ports to drop LLDP frames (??)

- others..


regards,

Geert

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Bobby Thekkekandam Mon, 03/02/2009 - 08:09
User Badges:
  • Cisco Employee,

Here's clause 8.2 from the 802.1AB spec:


"8.2 Source address

The source address shall be the MAC address of the sending station or port."


http://standards.ieee.org/getieee802/download/802.1AB-2005.pdf


The statement seems to assume that a given device will only have one MAC address, so using another MAC address may not necessarily be a violation.


What platform(s) and IOS version(s) are you seeing this on?


-Bobby


gnijs Mon, 03/02/2009 - 08:34
User Badges:
  • Bronze, 100 points or more

The device is a Siemens S7-300 PLC, it uses different MAC addresses for ARP broadcasts and LLDP advertisements (very strange to me, but i have a capture proving it).

It also send an LLDP advertisment every 5 seconds (not sure if this also is "within specification")


PS. What exactly does the command:

"no lldp receive" do on an interface ?


Does it filter off LLDP protocol messages (and therefore also prevents the port from learning an additional MAC address) ?

Actions

This Discussion