IEEE Link Layer Discovery Protocol

IEEE Link Layer Discovery Protocol

IEEE has defined IEEE 802.1AB, additionally accepted as Link Layer Discovery Protocol (LLDP3),

which is agnate in ambition and architecture to CDP. Some differences accommodate the following:

• Multicast MAC address. Abode is 0180.C200.000E.

• Ethernet type. LLDP does not use SNAP encapsulation; instead, it uses Ethernet II

framing with 88-CC as the Ethernet type.

• Packet format. As Figure 11-3 shows, the packet architecture consists of several fields

encoded as (TLV) with the aboriginal three and the aftermost being

mandatory (all others are optional).

Order of TLV in an LLDP Packet

Chassis ID TLV
Port ID TLV
Time to Live TLV
Other Optional TLV
End of LLDP TLV


Table 11-2 lists the different TLV types.


LLDP TLV Types
Type Name
0 End of LLPD, it signals that there is no more TLV after this one.
1 Chassis ID.
2 Port ID.
3 TTL.
4 Port description.
5 System name.
6 System description.
7 System capabilities (router, switch, and so on).
8 Management address.
127 Reserved for vendor extensions and IEEE extensions: native VLAN for untagged
frames, power of Ethernet class.


As with CDP, and for good reasons, there is neither authentication or confidentiality built
into LLDP. The transmission and reception protocols are also mostly identical to CDP.
Hence, the risk analysis is equivalent.
At the time of this writing, there is no LLDP implementation yet in Cisco devices. Thus,
although mitigation techniques are identical (that is, disable LLDP on all ports except uplinks,
ports to IP phones, or ports to other managed network devices), the exact syntax is yet unknown.