LLDPDUs include mandatory and optional TLVs. The following table lists the mandatory TLVs that the firewall supports:
Chassis ID TLV
Identifies the firewall chassis. Each firewall must have exactly one unique Chassis ID. The Chassis ID subtype is 4 (MAC address) on Palo Alto Networks platforms will use the MAC address of Eth0 to ensure uniqueness.
Port ID TLV
Identifies the port from which the LLDPDU is sent. Each firewall uses one Port ID for each LLDPDU message transmitted. The Port ID subtype is 5 (interface name) and uniquely identifies the transmitting port. The firewall uses the interface’s ifname as the Port ID.
Time-to-live (TTL) TLV
Specifies how long (in seconds) LLDPDU information received from the peer is retained as valid in the local firewall (range is 0-65535). The value is a multiple of the LLDP Hold Time Multiplier. When the TTL value is 0, the information associated with the device is no longer valid and the firewall removes that entry from the MIB.
End of LLDPDU TLV
Indicates the end of the TLVs in the LLDP Ethernet frame.
The following table lists the optional TLVs that the Palo Alto Networks firewall supports:
Purpose and Notes Regarding Firewall Implementation
Port Description TLV
Describes the port of the firewall in alpha-numeric format. The ifAlias object is used.
System Name TLV
Configured name of the firewall in alpha-numeric format. The sysName object is used.
System Description TLV
Describes the firewall in alpha-numeric format. The sysDescr object is used.
Describes the deployment mode of the interface, as follows:
An L3 interface is advertised with router (bit 6) capability and the “other” bit (bit 1).
An L2 interface is advertised with MAC Bridge (bit 3) capability and the “other” bit (bit 1).
A virtual wire interface is advertised with Repeater (bit 2) capability and the “other” bit (bit 1).
One or more IP addresses used for firewall management, as follows:
IP address of the management (MGT) interface
IPv4 and/or IPv6 address of the interface
User-defined address entered in the management address field
If no management IP address is provided, the default is the MAC address of the transmitting interface.
Included is the interface number of the management address specified. Also included is the OID of the hardware interface with the management address specified (if applicable).
If more than one management address is specified, they will be sent in the order they are specified, starting at the top of the list. A maximum of four Management Addresses are supported.
This is an optional parameter and can be left disabled.
View LLDP Settings and Status Perform the following procedure to view LLDP settings and status. View LLDP Settings and Status View LLDP global settings. Select ...
Network > LLDP
Network > LLDP Link Layer Discovery Protocol (LLDP) provides an automatic method of discovering neighboring devices and their capabilities at the Link Layer. What do ...
Configure LLDP To configure LLDP, and create an LLDP profile, you must be a superuser or device administrator (deviceadmin). A firewall interface supports a maximum ...
Network > Network Profiles > LLDP Profile
Network > Network Profiles > LLDP Profile A Link Layer Discovery Protocol (LLDP) profile is the way in which you configure the LLDP mode of ...
LLDP Palo Alto Networks firewalls support Link Layer Discovery Protocol (LLDP), which functions at the link layer to discover neighboring devices and their capabilities. LLDP ...
LLDP Overview LLDP operates at Layer 2 of the OSI model, using MAC addresses. An LLDPDU is a sequence of type-length-value (TLV) elements encapsulated in ...
Network > Interfaces
Network > Interfaces Firewall interfaces (ports) enable a firewall to connect with other network devices and with other interfaces within the firewall. The following topics ...
Network > Interfaces > VLAN
Network > Interfaces > VLAN A VLAN interface can provide routing into a Layer 3 network (IPv4 and IPv6). You can add one or more ...
Cisco ACI Integration
Cisco ACI Integration Palo Alto Networks integration with Cisco ACI allows you to insert a firewall between EPGs as a Layer 4 to Layer 7 ...
Configure Active/Active HA
Configure Active/Active HA The following procedure describes the basic workflow for configuring your firewalls in an active/active configuration. However, before you begin, Determine Your Active/Active ...