Building Blocks of LLDP
Table of Contents
Expand all | Collapse all
-
- Firewall Overview
- Features and Benefits
- Last Login Time and Failed Login Attempts
- Message of the Day
- Task Manager
- Language
- Alarms
- Commit Changes
- Save Candidate Configurations
- Revert Changes
- Lock Configurations
- Global Find
- Threat Details
- AutoFocus Intelligence Summary
- Configuration Table Export
- Change Boot Mode
-
- Objects > Addresses
- Objects > Address Groups
- Objects > Regions
- Objects > Dynamic User Groups
- Objects > Application Groups
- Objects > Application Filters
- Objects > Services
- Objects > Service Groups
- Objects > Devices
- Objects > External Dynamic Lists
- Objects > Custom Objects > Spyware/Vulnerability
- Objects > Custom Objects > URL Category
- Objects > Security Profiles > Antivirus
- Objects > Security Profiles > Anti-Spyware Profile
- Objects > Security Profiles > Vulnerability Protection
- Objects > Security Profiles > File Blocking
- Objects > Security Profiles > WildFire Analysis
- Objects > Security Profiles > Data Filtering
- Objects > Security Profiles > DoS Protection
- Objects > Security Profiles > Mobile Network Protection
- Objects > Security Profiles > SCTP Protection
- Objects > Security Profile Groups
- Objects > Log Forwarding
- Objects > Authentication
- Objects > Packet Broker Profile
- Objects > Schedules
-
-
- Firewall Interfaces Overview
- Common Building Blocks for Firewall Interfaces
- Common Building Blocks for PA-7000 Series Firewall Interfaces
- Tap Interface
- HA Interface
- Virtual Wire Interface
- Virtual Wire Subinterface
- PA-7000 Series Layer 2 Interface
- PA-7000 Series Layer 2 Subinterface
- PA-7000 Series Layer 3 Interface
- Layer 3 Interface
- Layer 3 Subinterface
- Log Card Interface
- Log Card Subinterface
- Decrypt Mirror Interface
- Aggregate Ethernet (AE) Interface Group
- Aggregate Ethernet (AE) Interface
- Network > Interfaces > VLAN
- Network > Interfaces > Loopback
- Network > Interfaces > Tunnel
- Network > Interfaces > SD-WAN
- Network > Interfaces > PoE
- Network > Interfaces > Cellular
- Network > Interfaces > Fail Open
- Network > VLANs
- Network > Virtual Wires
-
- Network > Routing > Logical Routers > General
- Network > Routing > Logical Routers > Static
- Network > Routing > Logical Routers > OSPF
- Network > Routing > Logical Routers > OSPFv3
- Network > Routing > Logical Routers > RIPv2
- Network > Routing > Logical Routers > BGP
- Network > Routing > Logical Routers > Multicast
-
- Network > Routing > Routing Profiles > BGP
- Network > Routing > Routing Profiles > BFD
- Network > Routing > Routing Profiles > OSPF
- Network > Routing > Routing Profiles > OSPFv3
- Network > Routing > Routing Profiles > RIPv2
- Network > Routing > Routing Profiles > Filters
- Network > Routing > Routing Profiles > Multicast
- Network > Proxy
-
- Network > Network Profiles > GlobalProtect IPSec Crypto
- Network > Network Profiles > IPSec Crypto
- Network > Network Profiles > IKE Crypto
- Network > Network Profiles > Monitor
- Network > Network Profiles > Interface Mgmt
- Network > Network Profiles > QoS
- Network > Network Profiles > LLDP Profile
- Network > Network Profiles > SD-WAN Interface Profile
- Network > Network Profiles > MACsec Profile
-
-
- Device > Setup
- Device > Setup > Management
- Device > Setup > Interfaces
- Device > Setup > Telemetry
- Device > Setup > Content-ID
- Device > Setup > WildFire
- Device > Setup > ACE
- Device > Setup > DLP
- Device > Log Forwarding Card
- Device > Config Audit
- Device > Administrators
- Device > Admin Roles
- Device > Access Domain
- Device > Authentication Sequence
- Device > IoT Security > DHCP Server Log Ingestion
- Device > Device Quarantine
-
- Security Policy Match
- QoS Policy Match
- Authentication Policy Match
- Decryption/SSL Policy Match
- NAT Policy Match
- Policy Based Forwarding Policy Match
- DoS Policy Match
- Routing
- Test Wildfire
- Threat Vault
- Ping
- Trace Route
- Log Collector Connectivity
- External Dynamic List
- Update Server
- Test Cloud Logging Service Status
- Test Cloud GP Service Status
- Device > Virtual Systems
- Device > Shared Gateways
- Device > Certificate Management
- Device > Certificate Management > Certificate Profile
- Device > Certificate Management > OCSP Responder
- Device > Certificate Management > SSL/TLS Service Profile
- Device > Certificate Management > SCEP
- Device > Certificate Management > SSL Decryption Exclusion
- Device > Certificate Management > SSH Service Profile
- Device > Response Pages
- Device > Server Profiles
- Device > Server Profiles > SNMP Trap
- Device > Server Profiles > Syslog
- Device > Server Profiles > Email
- Device > Server Profiles > HTTP
- Device > Server Profiles > NetFlow
- Device > Server Profiles > RADIUS
- Device > Server Profiles > SCP
- Device > Server Profiles > TACACS+
- Device > Server Profiles > LDAP
- Device > Server Profiles > Kerberos
- Device > Server Profiles > SAML Identity Provider
- Device > Server Profiles > DNS
- Device > Server Profiles > Multi Factor Authentication
- Device > Local User Database > Users
- Device > Local User Database > User Groups
- Device > Scheduled Log Export
- Device > Software
- Device > Dynamic Updates
- Device > Licenses
- Device > Support
- Device > Policy Recommendation > IoT
- Device > Policy > Recommendation SaaS
- Device > Policy Recommendation > IoT or SaaS > Import Policy Rule
-
- Device > User Identification > Connection Security
- Device > User Identification > Terminal Server Agents
- Device > User Identification > Group Mapping Settings
- Device > User Identification> Trusted Source Address
- Device > User Identification > Authentication Portal Settings
- Device > User Identification > Cloud Identity Engine
-
- Network > GlobalProtect > MDM
- Network > GlobalProtect > Clientless Apps
- Network > GlobalProtect > Clientless App Groups
- Objects > GlobalProtect > HIP Profiles
-
- Use the Panorama Web Interface
- Context Switch
- Panorama Commit Operations
- Defining Policies on Panorama
- Log Storage Partitions for a Panorama Virtual Appliance in Legacy Mode
- Panorama > Setup > Interfaces
- Panorama > High Availability
- Panorama > Firewall Clusters
- Panorama > Administrators
- Panorama > Admin Roles
- Panorama > Access Domains
- Panorama > Device Groups
- Panorama > Plugins
- Panorama > Log Ingestion Profile
- Panorama > Log Settings
- Panorama > Server Profiles > SCP
- Panorama > Scheduled Config Export
- Panorama > Device Registration Auth Key
Building Blocks of LLDP
To enable LLDP on the firewall, click Edit, click Enable,
and optionally configure the four settings shown in the following
table, if the default settings do not suit your environment. The
remaining table entries describe the status and peer statistics.
LLDP Settings | Configured In | Description |
---|---|---|
Transmit Interval (sec) | LLDP General | Specify the interval, in seconds, at which
LLDPDUs are transmitted (range is 1-3,600; default is 30). |
Transmit Delay (sec) | Specify the delay time, in seconds, between
LLDP transmissions sent after a change is made in a Type-Length-Value
(TLV) element. The delay helps to prevent flooding the segment with
LLDPDUs if many network changes spike the number of LLDP changes
or if the interface flaps. The Transmit Delay must
be less than the Transmit Interval (range
is 1-600; default is 2). | |
Hold Time Multiple | Specify a value that is multiplied by the Transmit Interval to
determine the total TTL hold time (range is 1-100; default is 4). The
TTL hold time is the length of time the firewall will retain the
information from the peer as valid. The maximum TTL hold time is
65,535 seconds, regardless of the multiplier value. | |
Notification Interval | Specify the interval, in seconds, at which
syslog and SNMP Trap notifications are transmitted when MIB changes
occur (range is 1-3,600; default is 5). | |
spyglass filter | LLDPStatus | Optionally enter a data value in the filter
row and click the gray arrow, which causes only the rows that include
that data value to be displayed. Click the red X to Clear Filter. |
Interface | Name of the interfaces that have LLDP profiles assigned
to them. | |
Type | Interface types (such as Layer 2, Layer 3, virtual wire, tap, HA, or aggregate Ethernet) that have LLDP profiles assigned to them. | |
LLDP | LLDP status: enabled or disabled. | |
HA Pre-negotiation | HA pre-negotiation status: enabled or disabled. LLDP pre-negotiation facilitates faster failovers in HA active/passive scenarios. | |
Mode | LLDP mode of the interface: Tx/Rx, Tx Only,
or Rx Only. | |
Profile | Name of the profile assigned to the interface. | |
Total Transmitted | Count of LLDPDUs transmitted out the interface. | |
Dropped Transmit | Count of LLDPDUs that were not transmitted
out the interface because of an error. For example, a length error
when the system is constructing an LLDPDU for transmission. | |
Total Received | Count of LLDP frames received on the interface. | |
Dropped TLV | Count of LLDP frames discarded upon receipt. | |
Errors | Count of Time-Length-Value (TLV) elements
that were received on the interface and contained errors. Types of
TLV errors include: one or more mandatory TLVs missing, out of order,
containing out-of-range information, or length error. | |
Unrecognized | Count of TLVs received on the interface
that are not recognized by the LLDP local agent, for example, because
the TLV type is in the reserved TLV range. | |
Aged Out | Count of items deleted from the Receive
MIB due to proper TTL expiration. | |
Clear LLDP Statistics | Select to clear all of the LLDP statistics. | |
spyglass filter | LLDPPeers | Optionally enter a data value in the filter
row and click the gray arrow, which causes only the rows that include
that data value to be displayed. Click the red X to Clear Filter. |
Local Interface | Interface on the firewall that detected
the neighboring device. | |
Remote Chassis ID | Chassis ID of the peer; the MAC address
is used. | |
Port ID | LLDPPeers (cont) | Port ID of the peer. |
Name | Name of the peer. | |
More Info | Click More Info to
see Remote Peer Details, which are based on the Mandatory and Optional
TLVs. | |
Chassis Type | Chassis Type is MAC address. | |
MAC Address | MAC address of the peer. | |
System Name | Name of the peer. | |
System Description | Description of the peer. | |
Port Description | Port description of the peer. | |
Port Type | Interface name. | |
Port ID | Firewall uses the ifname of the interface. | |
System Capabilities | Capabilities of the system. O=Other, P=Repeater, B=Bridge,
W=Wireless-LAN, R=Router, T=Telephone | |
Enabled Capabilities | Capabilities enabled on the peer. | |
Management Address | Management address of the peer. |