Configure LLDP
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Configure LLDP
Configure Link Layer Discovery Protocol (LLDP) to discover neighboring devices and
their capabilities.
To configure LLDP and create an LLDP profile, you must be a superuser or device
administrator (deviceadmin). A firewall interface supports a maximum of five LLDP
peers.
- Enable LLDP on the firewall.Select NetworkLLDP and edit the LLDP General section; select Enable.(Optional) Change LLDP global settings.
- For Transmit Interval (sec), specify the interval (in seconds) at which LLDPDUs are transmitted. Range is 1 to 3600; default is 30.For Transmit Delay (sec), specify the delay time (in seconds) between LLDP transmissions sent after a change is made in a TLV element. The delay helps to prevent flooding the segment with LLDPDUs if many network changes spike the number of LLDP changes, or if the interface flaps. The Transmit Delay must be less than the Transmit Interval. Range is 1 to 600; default is 2.For Hold Time Multiple, specify a value that is multiplied by the Transmit Interval to determine the total TTL Hold Time. Range is 1 to 100; default is 4. The maximum TTL Hold Time is 65535 seconds, regardless of the multiplier value.For Notification Interval, specify the interval (in seconds) at which LLDP Syslog Messages and SNMP Traps are transmitted when MIB changes occur. Range is 1 to 3600; default is 5.Click OK.Create an LLDP profile.For descriptions of the optional TLVs, see Supported TLVs in LLDP.
- Select NetworkNetwork ProfilesLLDP Profile and Add a Name for the LLDP profile.For Mode, select transmit-receive (default), transmit-only, or receive-only.Select SNMP Syslog Notification to enable SNMP notifications and syslog messages. If enabled, the global Notification Interval is used. The firewall will send both an SNMP trap and a syslog event as configured in the DeviceLog SettingsSystemSNMP Trap Profile and Syslog Profile.For Optional TLVs, select the TLVs you want transmitted:
- Port Description
- System Name
- System Description
- System Capabilities
(Optional) Select Management Address to add one or more management addresses and Add a Name.Select the Interface from which to obtain the management address. At least one management address is required if Management Address TLV is enabled. If no management IP address is configured, the system uses the MAC address of the transmitting interface as the management address TLV.Select IPv4 or IPv6, and in the adjacent field, select an IP address from the list (which lists the addresses configured on the selected interface), or enter an address.Click OK.Up to four management addresses are allowed. If you specify more than one Management Address, they will be sent in the order they are specified, starting at the top of the list. To change the order of the addresses, select an address and use the Move Up or Move Down buttons.Click OK.Assign an LLDP profile to an interface.- Select NetworkInterfaces and select the interface where you will assign an LLDP profile.Select AdvancedLLDP.Select Enable LLDP to assign an LLDP profile to the interface.For Profile, select the profile you created. Selecting None enables LLDP with basic functionality: sends the three mandatory TLVs and enables transmit-receive mode.If you want to create a new profile, click LLDP Profile and follow the instructions steps above.Click OK.Commit your changes.