Link Layer Discovery Protocol (LLDP) operates at Layer
2 of the OSI model, using MAC addresses. An LLDPDU is a sequence
of type-length-value (TLV) elements encapsulated in an Ethernet
frame. The IEEE 802.1AB standard defines three MAC addresses for
LLDPDUs: 01-80-C2-00-00-0E, 01-80-C2-00-00-03, and 01-80-C2-00-00-00.
The Palo Alto Networks
firewall supports only one
MAC address for transmitting and receiving LLDP data units: 01-80-C2-00-00-0E.
When transmitting, the firewall uses 01-80-C2-00-00-0E as the destination
MAC address. When receiving, the firewall processes datagrams with
01-80-C2-00-00-0E as the destination MAC address. If the firewall
receives either of the other two MAC addresses for LLDPDUs on its
interfaces, the firewall takes the same forwarding action it took
prior to this feature, as follows:
If the interface type is vwire, the firewall forwards
the datagram to the other port.
If the interface type is L2, the firewall floods the datagram
to the rest of the VLAN.
If the interface type is L3, the firewall drops the datagrams.
Panorama and the WildFire appliance are not supported.
Interface types that do not support LLDP are tap, high availability
(HA), Decrypt Mirror, virtual wire/vlan/L3 subinterfaces, and PA-7000
Series Log Processing Card (LPC) interfaces.
An LLDP Ethernet frame has the following format:
Within the LLDP Ethernet frame, the TLV structure has the following