NAME¶
lldpd
—
LLDP daemon
SYNOPSIS¶
lldpd |
[ -dxcseiklrv ]
[-D
debug ]
[-p
pidfile ]
[-S
description ]
[-P
platform ]
[-X
socket ]
[-m
management ]
[-u
file ]
[-I
interfaces ]
[-C
interfaces ]
[-M
class ]
[-H
hide ]
[-L
lldpcli ] |
DESCRIPTION¶
lldpd
is a daemon able to receive and send
LLDP frames. The Link Layer Discovery Protocol is
a vendor-neutral Layer 2 protocol that allows a network device to advertise
its identity and capabilities on the local network.
lldpd
also implements an SNMP subagent using
AgentX protocol to interface to a regular SNMP agent like Net-SNMP. To enable
this subagent, you need something like that in your
snmpd.conf(5):
This daemon implements both reception and sending. It will collect various
information to send LLDP frames to all Ethernet interfaces, including
management address, speed and VLAN names.
The options are as follows:
-d
- Do not daemonize. If this option is specified,
lldpd
will run in the foreground. When
specified one more time, lldpd
will not
log to syslog but only to stderr. Then, this option can be specified many
times to increase verbosity. When specified four times, debug logs will be
enabled. They can be filtered with -D
flag.
-D
debug
- This option allows the user to filter out debugging information by
specifying allowed tokens. This option can be repeated several times to
allow several tokens. This option must be combined with the
-d
flag to have some effect. Only
debugging logs can be filtered. Here is a list of allowed tokens with
their description:
- main
- Main daemon.
- interfaces
- Discovery of local interfaces.
- lldp
- LLDP PDU encoding/decoding.
- edp
- EDP PDU encoding/decoding.
- cdp
- CDP/FDP PDU encoding/decoding.
- sonmp
- SONMP PDU encoding/decoding.
- event
- Events management.
- libevent
- Events management but for logs generated by libevent.
- privsep
- Privilege separation.
- localchassis
- Retrieval of information related to the local chassis.
- rpc
- Client communication.
- control
- Management of the Unix control socket.
- snmp
- SNMP subagent.
- libsnmp
- SNMP subagent but for logs generated by NetSNMP.
- decode
- Generic PDU decoding.
- marshal
- Low-level serialization mechanisms.
- alloc
- Low-level allocation mechanisms.
- send
- Sending PDU to some interface.
- receive
- Receiving PDU from some interface.
- loop
- Main loop.
- smartfilter
- Smart filtering of different protocols on the same port.
- netlink
- Netlink subsystem.
-p
pidfile
- Use the provided PID file to record
lldpd
PID instead of
/var/run/lldpd.pid.
-k
- Disable advertising of kernel release, version and machine. Kernel name
(ie: Linux) will still be shared, and Inventory software version will be
set to 'Unknown'.
-S
description
- Override system description with the provided description. The default
description is the kernel name, the node name, the kernel version, the
build date and the architecture (except if you use the
-k
flag described above).
-P
platform
- Override the CDP platform name with the provided value. The default
description is the kernel name (Linux).
-x
- Enable SNMP subagent. With this option,
lldpd
will enable an SNMP subagent
using AgentX protocol. This allows you to get information about local
system and remote systems through SNMP.
-X
socket
- Enable SNMP subagent using the specified socket.
lldpd
will enable an SNMP subagent
using AgentX protocol for the given socket. This option implies the
previous one. The default socket is usually
/var/agentx/master. You can specify a socket
like tcp:127.0.0.1:705 for example. Since the
process that will open this socket is enclosed in a chroot, you need to
specify an IP address (not a hostname) when using a TCP or UDP
socket.
-c
- Enable the support of CDP protocol to deal with Cisco routers that do not
speak LLDP. If repeated, CDPv1 packets will be sent even when there is no
CDP peer detected. If repeated once again, CDPv2 packets will be sent even
when there is no CDP peer detected. If repeated once again (i.e.
-cccc
), CDPv1 will be disabled and
CDPv2 will be enabled. If repeated once again (i.e.
-ccccc
), CDPv1 will be disabled and
CDPv2 will be forced.
-f
- Enable the support of FDP protocol to deal with Foundry routers that do
not speak LLDP. If repeated, FDP packets will be sent even when there is
no FDP peer detected.
-s
- Enable the support of SONMP protocol to deal with Nortel routers and
switches that do not speak LLDP. If repeated, SONMP packets will be sent
even when there is no SONMP peer detected.
-e
- Enable the support of EDP protocol to deal with Extreme routers and
switches that do not speak LLDP. If repeated, EDP packets will be sent
even when there is no EDP peer detected.
-l
- Force to send LLDP packets even when there is no LLDP peer detected but
there is a peer speaking another protocol detected. By default, LLDP
packets are sent when there is a peer speaking LLDP detected or when there
is no peer at all. If repeated, LLDP is disabled.
-r
- Receive-only mode. With this switch,
lldpd
will not send any frame. It will
only listen to neighbors.
-m
management
- Specify the management addresses of this system. As for interfaces
(described below), this option can use wildcards and inversions. Without
this option, the first IPv4 and the first IPv6 are used. If an exact IP
address is provided, it is used as a management address without any check.
If only negative patterns are provided, only one IPv4 and one IPv6
addresses are chosen. Otherwise, many of them can be selected. If you want
to blacklist IPv6 addresses, you can use
!*:*.
-u
file
- Specify the Unix-domain socket used for communication with
lldpctl(8).
-I
interfaces
- Specify which interface to listen and send LLDPDU to. Without this option,
lldpd
will use all available physical
interfaces. This option can use wildcards. Several interfaces can be
specified separated by commas. It is also possible to blacklist an
interface by suffixing it with an exclamation mark. It is possible to
whitelist an interface by suffixing it with two exclamation marks. A
whitelisted interface beats a blacklisted interface which beats a simple
matched interface. For example, with
eth*,!eth1,!eth2
lldpd
will only use interfaces starting
by eth with the exception of
eth1 and eth2.
While with *,!eth*,!!eth1
lldpd
will use all interfaces, except
interfaces starting by eth with the exception
of eth1. When an exact match is found, it
will circumvent some tests. For example, if
eth0.12 is specified, it will be accepted
even if this is a VLAN interface.
-C
interfaces
- Specify which interfaces to use for computing chassis ID. Without this
option, all interfaces are considered.
lldpd
will take the first MAC address
from all the considered interfaces to compute the chassis ID. The logic of
this option is the same as for -I
flag:
you can exclude interfaces with an exclamation mark and use globbing to
specify several interfaces. If all interfaces are blacklisted (with
!*), the system name is used as a chassis ID
instead.
-M
class
- Enable emission of LLDP-MED frame. The class should be one of the
following value:
- 1
- Generic Endpoint (Class I)
- 2
- Media Endpoint (Class II)
- 3
- Communication Device Endpoints (Class III)
- 4
- Network Connectivity Device
-i
- Disable LLDP-MED inventory TLV transmission.
lldpd
will still receive (and publish
using SNMP if enabled) those LLDP-MED TLV but will not send them. Use this
option if you don't want to transmit sensible information like serial
numbers.
-H
hide
- Filter neighbors. See section
FILTERING
NEIGHBORS for details.
-L
lldpcli
- Provide an alternative path to
lldpcli
for configuration. If empty, does not use
lldpcli
for configuration.
-v
- Show
lldpd
version. When repeated, show
more build information.
FILTERING NEIGHBORS¶
In a heterogeneous network, you may see several different hosts on the same
port, even if there is only one physically plugged to this port. For example,
if you have a Nortel switch running LLDP which is plugged to a Cisco switch
running CDP and your host is plugged to the Cisco switch, you will see the
Nortel switch as well because LLDP frames are forwarded by the Cisco switch.
This may not be what you want. The
-H
hide parameter will allow you to tell
lldpd
to discard some frames that it
receives and to avoid to send some other frames.
Incoming filtering and outgoing filtering are unrelated. Incoming filtering will
hide some remote ports to get you a chance to know exactly what equipment is
on the other side of the network cable. Outgoing filtering will avoid to use
some protocols to avoid flooding your network with a protocol that is not
handled by the nearest equipment. Keep in mind that even without filtering,
lldpd
will speak protocols for which at
least one frame has been received and LLDP otherwise (there are other options
to change this behaviour, for example
-cc
,
-ss
,
-ee
,
-ll
and
-ff
).
When enabling incoming filtering,
lldpd
will
try to select one protocol and filter out neighbors using other protocols. To
select this protocol, the rule is to take the less used protocol. If on one
port, you get 12 CDP neighbors and 1 LLDP neighbor, this mean that the remote
switch speaks LLDP and does not filter CDP. Therefore, we select LLDP. When
enabling outgoing filtering,
lldpd
will
also try to select one protocol and only speaks this protocol. The filtering
is done per port. Each port may select a different protocol.
There are two additional criteria when enabling filtering: allowing one or
several protocols to be selected (in case of a tie) and allowing one or
several neighbors to be selected. Even when allowing several protocols, the
rule of selecting the protocols with the less neighbors still apply. If
lldpd
selects LLDP and CDP, this means they
have the same number of neighbors. The selection of the neighbor is random.
Incoming filtering will select a set of neighbors to be displayed while
outgoing filtering will use the selected set of neighbors to decide which
protocols to use: if a selected neighbor speaks LLDP and another one CDP,
lldpd
will speak both CDP and LLDP on this
port.
There are some corner cases. A typical example is a switch speaking two
protocols (CDP and LLDP for example). You want to get the information from the
best protocol but you want to speak both protocols because some tools use the
CDP table and some other the LLDP table.
The table below summarize all accepted values for the
-H
hide
parameter. The default value is
15 which
corresponds to the corner case described above. The
filter column means that filtering is enabled.
The
1proto column tells that only one protocol
will be kept. The
1neigh column tells that only
one neighbor will be kept.
|
|
incoming |
|
outgoing |
|
|
filter |
1proto |
1neigh |
filter |
1proto |
1neigh |
0 |
|
|
|
|
|
|
1 |
x |
x |
|
x |
x |
|
2 |
x |
x |
|
|
|
|
3 |
|
|
|
x |
x |
|
4 |
x |
|
|
x |
|
|
5 |
x |
|
|
|
|
|
6 |
|
|
|
x |
|
|
7 |
x |
x |
x |
x |
x |
|
8 |
x |
x |
x |
|
|
|
9 |
x |
|
x |
x |
x |
|
10 |
|
|
|
x |
|
x |
11 |
x |
|
x |
|
|
|
12 |
x |
|
x |
x |
|
x |
13 |
x |
|
x |
x |
|
|
14 |
x |
x |
|
x |
|
x |
15 |
x |
x |
|
x |
|
|
16 |
x |
x |
x |
x |
|
x |
17 |
x |
x |
x |
x |
|
|
18 |
x |
|
|
x |
|
x |
19 |
x |
|
|
x |
x |
|
FILES¶
- /var/run/lldpd.socket
- Unix-domain socket used for communication with
lldpctl(8).
- /etc/lldpd.conf
- Configuration file for
lldpd
. Commands
in this files are executed by lldpcli(8) at
start.
- /etc/lldpd.d
- Directory containing configuration files whose commands are executed by
lldpcli(8) at start.
SEE ALSO¶
lldpctl(8),
lldpcli(8),
snmpd(8)
HISTORY¶
The
lldpd
program is inspired from a
preliminary work of Reyk Floeter.
AUTHORS¶
The
lldpd
program was written by
Pierre-Yves Ritschard
⟨pyr@openbsd.org⟩, and
Vincent
Bernat ⟨bernat@luffy.cx⟩.