Getting started with LLDP for Security Engines

Security Engines can use LLDP to send information about themselves to directly connected devices on the network, and receive information that other devices on the network send.

LLDP makes it easier to deploy a large number of Security Engines. LLDP announcements from Security Engines allow other directly connected devices on the network to assign the correct VLAN IDs to ports on network switches to which the Security Engine is connected. LLDP announcements from directly connected devices on the network provide information about switch topology to Security Engines, such as which network switch and port the Security Engine is connected to, and which VLANs it can reach.

When LLDP is enabled for a Layer 3 Physical Interface on an Security Engine, the Security Engine always announces the following type-length-values (TLVs):

• Chassis ID — The MAC address of the first Ethernet port
• Port ID — The name of the interface in the format 'ifname <name>'
• Port Description — The name of the interface
• Time to Live — The period of time for which LLDP advertisements should be stored in the cache of neighboring LLDP-compliant devices. This value is automatically calculated based on the transmit delay and the hold time multiplier defined in the LLDP Profile element that the Security Engine uses.

The Security Engine can optionally announce the following TLVs:

• System Name — The name of the Security Engine or the node in the Security Engine cluster in the SMC.
• System Description — Operating system details about the Security Engine, such as operating system name, operating system version, and architecture.
• System Capabilities — A bit-map of the enabled capabilities of the interface as router, repeater, and other.
• Management Address — The IP addresses of the control interfaces

LLDP for Security Engines has the following limitations:

• LLDP is not supported on Virtual Engines.
• LLDP is supported only on Layer 3 Physical Interfaces.