By Manny Fernandez

March 17, 2026

Monkey Bites – LLDP and LLDP-MED on Various Platforms

LLDP; What is it

The Link Layer Discovery Protocol (LLDP) is a vendor-neutral Layer 2 protocol (IEEE 802.1AB) used by network devices to advertise their identity, capabilities, and neighbors on a local area network. Unlike proprietary alternatives like Cisco’s CDP (some will argue that is was Cabletron Discovery Protocol), LLDP ensures interoperability between hardware from different manufacturers, making it essential in diverse enterprise environments.

How It Works

Devices equipped with LLDP periodically send Ethernet frames containing Type-Length-Value (TLV) structures. These packets include critical information such as:
System Name and Description – Identifying the device.
Port ID – Specifying the physical interface.
Management IP – Assisting in remote access.
Capabilities – Identifying if the device is a bridge, router, or WLAN access point.

Why It Matters

For network engineers, LLDP is a powerful troubleshooting and automation tool. It allows for the dynamic mapping of physical topologies without manual cable tracing. Furthermore, its extension, LLDP-MED (Media Endpoint Discovery), is vital for VoIP deployments, as it automatically negotiates PoE (Power over Ethernet) requirements and assigns VLANs to IP phones. By providing a who is next to me directory, LLDP simplifies management and enhances visibility across the fabric.

LLDP-MED

LLDP-MED is an extension of LLDP developed by the TIA (ANSI/TIA-1057) specifically for Voice over IP (VoIP) and other multimedia devices. It provides a more sophisticated exchange of information between a network switch and an endpoint.

Primary Goal “Plug-and-play” deployment of specialized endpoints.

Capabilities beyond standard LLDP:

Network Policy Automatically tells a phone which VLAN to use (e.g., Voice VLAN) and sets the Layer 2 (802.1p) or Layer 3 (DSCP) priority.

Power Management Allows for more granular PoE (Power over Ethernet) negotiations than standard hardware-based handshakes.

Inventory Management The switch can pull the phone’s serial number, firmware version, and hardware revision.

Location Identification The switch can tell a phone its physical location (e.g., floor or room number) for emergency services like E911

Enabling LLDP on a FortiGate Firewall

Globally (all ports)

config system global

  set lldp-reception enable

  set lldp-transmission enable

end

# Enabling on all interface should be considered from a risk perspective.

Per Interface 

config system interface

edit %port%

set lldp-reception enable

set lldp-transmission enable

next

end

# I will normally enable it on outside interfaces temporarily when trying to identify cross-connects and upstream ISP equipment.

LLDP-Med (for VoIP)

config switch lldp profile
     edit "voice-phone"
          set med-network-policy-voice vlan 130
          set med-network-policy-voice-vlan-cos 5
          set med-network-policy-voice-dscp 46
      next
end

Verification Commands

diagnose lldprx neighbor {summary | details | clear}

diagnose lldprx port {details | summary | neighbor | filter}

diagnose lldprx port neighbor {summary | details}

Enabling LLDP on a Cisco Device

To enable LLDP on a Cisco device, you generally need to activate it globally and then ensure it is running on the specific interfaces where you want to discover neighbors. Unlike Cisco’s proprietary CDP, LLDP is often disabled by default on older IOS versions.

Global Configuration
First, enter configuration mode and enable the LLDP process globally. This allows the device to start processing LLDP packets.

configure terminal

lldp run

Per Interface 
While lldp run usually enables it on all supported interfaces, you can granularly control whether an interface transmits, receives, or does both. This is useful for security or multi-tenant environments.

interface GigabitEthernet0/1
lldp transmit
lldp receive

Verification Commands
Once configured, use these commands to verify that your device is seeing its neighbors.

show lldp – Confirms if LLDP is active globally and shows the advertisement frequency.
show lldp neighbors – Provides a summary of connected devices, including their Local Intf, Hold-time, Capability, and Port ID.
show lldp neighbors detail Displays verbose information, including the neighbor’s Management IP address, VTP Management Domain, and system description.
show lldp interface Shows the status of LLDP on specific physical ports.

Enabling LLDP on a Juniper Device

On Juniper devices running Junos OS, LLDP is configured as a protocol under the [edit protocols lldp] hierarchy. Unlike Cisco IOS, where you might use a single global command, Junos typically requires you to specify the interfaces you want to participate in the protocol.

Globally
The most common way to enable LLDP is to apply it to all active interfaces at once.

[edit]
set protocols lldp interface all

Per Interface 
If you want to limit LLDP to certain uplinks or ports for security reasons, you can specify them individually:

[edit]
set protocols lldp interface ge-0/0/0
set protocols lldp interface ge-0/0/1

LLDP-MED (for VoIP)

If you are connecting IP phones to your Juniper switch, you’ll likely want to enable the Media Endpoint Discovery (MED) extension to handle Power over Ethernet (PoE) and Voice VLAN assignments.

[edit]
set protocols lldp-med interface all

Verification Commands
Junos provides excellent visibility into what the switch is “seeing” on its ports.

show lldp neighbors -Displays a table of all discovered neighbors, their local interface, and their chassis ID.
show lldp neighbors interface ge-0/0/0 – Filters the neighbor list to a specific port.
show lldp neighbors detail – Provides the “deep dive”—including the neighbor’s Management IP, system description, and specific capabilities.
show lldp statistics – Useful for troubleshooting if you suspect frames are being dropped or not sent.

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • At work, they wanted us to keep track of... Full Story

  • Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story

  • These are two distinct mechanisms on FortiOS, and conflating... Full Story