LLDP operates at Layer 2 of the OSI model, using MAC
addresses. An LLDPDU is a sequence of type-length-value (TLV) elements
encapsulated in an Ethernet frame. The IEEE 802.1AB standard defines
three MAC addresses for LLDPDUs: 01-80-C2-00-00-0E, 01-80-C2-00-00-03,
The Palo Alto Networks firewall supports only one MAC address
for transmitting and receiving LLDP data units: 01-80-C2-00-00-0E.
When transmitting, the firewall uses 01-80-C2-00-00-0E as the destination
MAC address. When receiving, the firewall processes datagrams with
01-80-C2-00-00-0E as the destination MAC address. If the firewall
receives either of the other two MAC addresses for LLDPDUs on its
interfaces, the firewall takes the same forwarding action it took prior
to this feature, as follows:
If the interface type is vwire, the firewall forwards
the datagram to the other port.
If the interface type is L2, the firewall floods the datagram
to the rest of the VLAN.
If the interface type is L3, the firewall drops the datagrams.
Panorama, the GlobalProtect Mobile Security Manager, and the
WildFire appliance are not supported.
Interface types that do not support LLDP are TAP, high availability
(HA), Decrypt Mirror, virtual wire/vlan/L3 subinterfaces, and PA-7000
Series Log Processing Card (LPC) interfaces.
An LLDP Ethernet frame has the following format:
Within the LLDP Ethernet frame, the TLV structure has the following