Monkey Bites – LLDP and LLDP-MED on Various Platforms

LLDP; What is it

The Link Layer Discovery Protocol (LLDP) is a vendor-neutral Layer 2 protocol (IEEE 802.1AB) used by network devices to advertise their identity, capabilities, and neighbors on a local area network. Unlike proprietary alternatives like Cisco’s CDP (some will argue that is was Cabletron Discovery Protocol), LLDP ensures interoperability between hardware from different manufacturers, making it essential in diverse enterprise environments.

How It Works

Devices equipped with LLDP periodically send Ethernet frames containing Type-Length-Value (TLV) structures. These packets include critical information such as:
System Name and Description – Identifying the device.
Port ID – Specifying the physical interface.
Management IP – Assisting in remote access.
Capabilities – Identifying if the device is a bridge, router, or WLAN access point.

Why It Matters

For network engineers, LLDP is a powerful troubleshooting and automation tool. It allows for the dynamic mapping of physical topologies without manual cable tracing. Furthermore, its extension, LLDP-MED (Media Endpoint Discovery), is vital for VoIP deployments, as it automatically negotiates PoE (Power over Ethernet) requirements and assigns VLANs to IP phones. By providing a who is next to me directory, LLDP simplifies management and enhances visibility across the fabric.

LLDP-MED

LLDP-MED is an extension of LLDP developed by the TIA (ANSI/TIA-1057) specifically for Voice over IP (VoIP) and other multimedia devices. It provides a more sophisticated exchange of information between a network switch and an endpoint.

Primary Goal “Plug-and-play” deployment of specialized endpoints.

Capabilities beyond standard LLDP:

Network Policy Automatically tells a phone which VLAN to use (e.g., Voice VLAN) and sets the Layer 2 (802.1p) or Layer 3 (DSCP) priority.

Power Management Allows for more granular PoE (Power over Ethernet) negotiations than standard hardware-based handshakes.

Inventory Management The switch can pull the phone’s serial number, firmware version, and hardware revision.

Location Identification The switch can tell a phone its physical location (e.g., floor or room number) for emergency services like E911

Enabling LLDP on a FortiGate Firewall

Globally (all ports)

config system global

  set lldp-reception enable

  set lldp-transmission enable

end

# Enabling on all interface should be considered from a risk perspective.

Per Interface 

config system interface

edit %port%

set lldp-reception enable

set lldp-transmission enable

next

end

# I will normally enable it on outside interfaces temporarily when trying to identify cross-connects and upstream ISP equipment.

LLDP-Med (for VoIP)

config switch lldp profile
     edit "voice-phone"
          set med-network-policy-voice vlan 130
          set med-network-policy-voice-vlan-cos 5
          set med-network-policy-voice-dscp 46
      next
end

Verification Commands

diagnose lldprx neighbor {summary | details | clear}

diagnose lldprx port {details | summary | neighbor | filter}

diagnose lldprx port neighbor {summary | details}

Enabling LLDP on a Cisco Device

To enable LLDP on a Cisco device, you generally need to activate it globally and then ensure it is running on the specific interfaces where you want to discover neighbors. Unlike Cisco’s proprietary CDP, LLDP is often disabled by default on older IOS versions.

Global Configuration
First, enter configuration mode and enable the LLDP process globally. This allows the device to start processing LLDP packets.

configure terminal

lldp run

Per Interface 
While lldp run usually enables it on all supported interfaces, you can granularly control whether an interface transmits, receives, or does both. This is useful for security or multi-tenant environments.

interface GigabitEthernet0/1
lldp transmit
lldp receive

Verification Commands
Once configured, use these commands to verify that your device is seeing its neighbors.

show lldp – Confirms if LLDP is active globally and shows the advertisement frequency.
show lldp neighbors – Provides a summary of connected devices, including their Local Intf, Hold-time, Capability, and Port ID.
show lldp neighbors detail Displays verbose information, including the neighbor’s Management IP address, VTP Management Domain, and system description.
show lldp interface Shows the status of LLDP on specific physical ports.

Enabling LLDP on a Juniper Device

On Juniper devices running Junos OS, LLDP is configured as a protocol under the [edit protocols lldp] hierarchy. Unlike Cisco IOS, where you might use a single global command, Junos typically requires you to specify the interfaces you want to participate in the protocol.

Globally
The most common way to enable LLDP is to apply it to all active interfaces at once.

[edit]
set protocols lldp interface all

Per Interface 
If you want to limit LLDP to certain uplinks or ports for security reasons, you can specify them individually:

[edit]
set protocols lldp interface ge-0/0/0
set protocols lldp interface ge-0/0/1

LLDP-MED (for VoIP)

If you are connecting IP phones to your Juniper switch, you’ll likely want to enable the Media Endpoint Discovery (MED) extension to handle Power over Ethernet (PoE) and Voice VLAN assignments.

[edit]
set protocols lldp-med interface all

Verification Commands
Junos provides excellent visibility into what the switch is “seeing” on its ports.

show lldp neighbors -Displays a table of all discovered neighbors, their local interface, and their chassis ID.
show lldp neighbors interface ge-0/0/0 – Filters the neighbor list to a specific port.
show lldp neighbors detail – Provides the “deep dive”—including the neighbor’s Management IP, system description, and specific capabilities.
show lldp statistics – Useful for troubleshooting if you suspect frames are being dropped or not sent.