SonicOS 7.0 Switching
Table of Contents
Managing L2 Discovery and LLDP/LLTDV
- About Layer 2 Discovery and LLDP
- Associating an LLDP Profile with a L2 Discovery Interface
- Refreshing the Page
- Globally Enabling/Disabling LLDP
- Discovering Neighbors
- Viewing L2 Discovery and LLDP/LLTD Interfaces
About Layer 2 Discovery and LLDP
To discover neighboring devices and their capabilities, the SonicWall Security Appliance uses:
- IEEE 802.1AB (LLDP: Link Layer Discovery Protocol)/Microsoft LLTD (Link Layer Topology Discovery)
- IEEE 802.3-2012 protocols
- A switch-forwarding table
LLDP operates at Layer 2 and exchanges LLDP Protocol Data Units (LLDPDUs) between the neighbors containing a sequence of variable length information elements that include type-length-values (TLV). The information is stored in the SNMP MIBs. These Layer 2 protocols are used by networking devices to advertise their identities and capabilities and to identify their directly connected Layer 2 neighbors/peers on wired Ethernet networks; they do not cross a broadcast domain.
More information about these protocols is available at:
SonicOS supports LLDP Transmit and Transmit-Receive Modes.
LLDP makes troubleshooting easier, especially in cases where peers are not detected by ping or traceroute.
Supported LLDP Modes
These LLDP modes are supported in SonicOS:
- LLDP-receive
- LLDP-transmit
- LLDP-transmit-receive
- LLDP-disabled
You can create custom LLDP profiles for individual interfaces.
These interface types and modes support LLDP:
| Interface | LLDP Support |
|---|---|
| L2 Interface | If the physical port is configured in L2 Mode. |
| L3 Interface | If the physical port is configured in L3 Mode. |
| Wire-Mode Interface | Supported for secure and inspect mode for wire-mode interfaces, but not for VLAN interfaces. |
| L2 Bridge Interface |
Supported for the physical interface, but not for VLAN interfaces. |
| VLAN Sub-Interface |
Not supported. |
| LAG/LACP | Supported for learn only on the aggregate port and not a member, but is supported for send on individual interfaces. An aggregate port shows neighbor information for both itself and its members. |
Type-Length-Values
Each LLDP frame starts with three mandatory type-length-values TLVs: Chassis ID, Port ID and TTL. The mandatory TLVs are followed by any number of optional TLVs. The LLDP frame ends with a mandatory End-of-frame TLV.
Mandatory TlV's
Mandatory TLVs describes the mandatory LLDP TLVs supported for both transmit and receive.
| TLV Name | TLV Type | Description | SonicOS Usage |
|---|---|---|---|
| Chassis ID TLV | 1 |
Identifies the firewall chassis. Each firewall must have exactly one unique Chassis ID. |
SonicOS sends the MAC address of the Security Appliance in the Chassis ID field. The MAC address is same as the Security Appliance serial number. |
| Port ID TLV | 2 |
Identifies the port from which the LLDPDU is sent. The Security Appliance uses the interface's if name as the Port ID. For example, Port ID can be X1, X2, X3. |
The Port ID subtype 5 (interface name) is used to identify the transmitting port. |
| Time-to-live (TTL) TLV | 3 | Specifies how long (in seconds) LLDPDU information received from the peer is retained as valid in the local Security Appliance (range is 0-65535). The value is a multiple of the LLDP Hold Time Multiplier. When the TTL value is 0, the information associated with the device is no longer valid and SonicOS removes that entry from the database. | Calculated internally. |
| End of LLDPDU frame TLV | 0 | Indicates the end of the TLVs in the LLDP Ethernet frame. |
Optional TLVs
Optional TLVs describes the optional LLDP TLVs supported for both transmit and receive.
| Port Description | 4 | |
| System Name | 5 | The Security Appliance name in alpha-numeric format. |
| System Description | 6 |
The full name and version identification of the system's hardware type, software operating system, and networking software in alpha-numeric format. |
| System Capabilities | 7 |
This field contains a bit-map of the capabilities that define primary functions of the system. Describes the deployment mode of the interfac e:
A virtual wire interface is advertised with Repeater (bit 2) capability and the “other” bit (bit 1). |
| Management Address | 8 |
IP addresses used for the management of the device:
One Management Address is supported. This is an optional parameter and can be left disabled. |
Effect of Interface Link on LLDP Functions
LLDP only functions when the interface link is up. When the mode is changed:
- From Receive to Transmit ,
- From Transmit-Only to Receive-Only,
- To Disabled,
A final LLDP shutdown LLDPDU is sent with these mandatory TLVs:
- Chassis ID TLV
- Port ID TLV
- TTL TLV
- End of LLDPDU TLV
The statistics counters are reset after the link goes down.
- Associating an LLDP Profile with a L2 Discovery Interface
- Refreshing the Page
- Globally Enabling/Disabling LLDP
- Discovering Neighbors
Associating an LLDP Profile with a L2 Discovery Interface
To associate an LLDP profile to a L2 Discovery interface
- Navigate to NETWORK | Switching > L2 Discovery.
-
Click the Edit icon in the Configure column for the interface. The Discover on Interface dialog displays.
image
-
Select the default or custom profile from LLDP Profile:
- Default LLDP Disabled
- Default LLDP RX (default)
- Default LLDP TX
- Default LLDP RX_TX
- Custom profile
- Click Save. The name of the profile displays in the Profile Name column of the L2 Discovery table.
Refreshing the Page
To refresh data displayed on the page
- Click the Refresh icon above the L2 Discovery table.
Globally Enabling/Disabling LLDP
By default, LLDP is enabled globally. You can toggle the LLDP switch to enable or disable LLDP transmit and receive globally.
To globally enable/disable LLDP
- Navigate to NETWORK | Switching > L2 Discovery.
-
Click LLDP above the L2 Discovery table. A confirmation message displays.
Discovering Neighbors
You can discover neighbors for:
- A single interface.
- Multiple interfaces.
- All interfaces.
For LAG with trunk mode, all ports can discover neighbors; LAG with PortShield mode learns neighbors only under the aggregator port.
To discover neighbors for a single interface
- Navigate to NETWORK | Switching > L2 Discovery.
-
Click the Refresh icon in the Configure column for the interface.
A processing message displays.
The information for the interface is updated.
To discover neighbors for multiple interfaces
- Navigate to NETWORK | Switching > L2 Discovery.
- Select the interfaces in the L2 Discovery table.
-
Select Discover from Discover above the table. This option is dimmed unless an interface is selected.
A processing message displays.
The information for the interfaces is updated.
To discover neighbors for all interfaces
- Navigate to NETWORK | Switching > L2 Discovery.
- Select an interface in the L2 Discovery table.
-
Select Discover All from Discover above the table.
A processing message displays.
The information for all interfaces is updated.
Viewing L2 Discovery and LLDP/LLTD Interfaces
| Interface | Lists the Security Appliance’s interfaces along with either the number of entries. |
| Profile Name | Name of the default or custom profile name. |
| Configure | Contains the Statistics, Edit, and Refresh icons for the interfaces. NOTE: The Refresh icon refreshes only LLTD discovery, not LLDP discovery. To refresh LLDP discovery, click the Refresh icon above the L2 Discovery table. |
Only the Interface and Profile Name columns contain information about interfaces, and the Configure column icons apply only to the interface. The other columns display information about the entries under an interface; for information about these columns, see Displaying Peer Information.
Displaying Peer Information
To display L2 discovery information
- Navigate to NETWORK | Switching > L2 Discovery.
-
In the L2 Discovery table, click the Expand icon for the desired interface. Information about the nodes (entries) discovered for the interface are displayed.
Chassis ID Identifies the Security Appliance’s chassis. Each Security Appliance must have exactly one unique Chassis ID that is a string value consisting of mostly the MAC address of the peer. Port ID Identifies the port from which the LLDPDU is sent and is a string value of the port name or number. The Security Appliance uses the interface's ifname as the Port ID. For example, Port ID can be X1, X2, X3. Management Address Lists the IP or MAC address of the peer used for the management of the device. If multiple management addresses are returned, only the first address is shown. System Name Name of the Security Appliance, in alpha-numeric format. System Description Full name and version identification of the Security Appliance's hardware type, software operating system, and networking software, in alpha-numeric format. More Contains an Information icon that displays additional peer information. -
To display additional peer information for a peer entry, mouse over the Information icon in the More column for that peer. A pop-up displays.
MAC Address MAC address of the peer. Vendor Vendor name from the main menu. Port Description String value from the Comments field for the interface on SonicWall Security Appliances. System Capabilities String value representing the list of capabilities supported by the peer device.
Displaying Statistics
For each interface, you can display the number of:
- Transmitted, received, erroneous, and discarded frames.
- Discarded and unrecognized TLVs.
- Aged or deleted neighbors.
To display an interface’s statistics
- Navigate to NETWORK | Switching > L2 Discovery.
- In the L2 Discovery table, mouse over the Statistics icon for the interface. The Statistics pop-up displays.
Searching the L2 Discovery Table
To limit the interfaces displayed in the L2 Discovery table
- Navigate to NETWORK | Switching > L2 Discovery.
- In the Search field, enter the search criterion. The display changes.
- To clear the search and redisplay the entire table. click the red Delete icon in the Search field.