Wired Intelligent Edge

 View Only
last person joined: 5 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Packet sniffer devices connected to AOS/CX (both) ports.

This thread has been viewed 6 times
  • 1.  Packet sniffer devices connected to AOS/CX (both) ports.

    Posted Feb 22, 2023 05:37 PM

    How to limit a "device" (using NetAlly or other) 

    to displays/gathering the switch name, model, 

    MAC address, IP address, port number, and VLAN IDs?, 

    Information gathered from switch port info packets (CDP, EDP, and LLDP).?, 

    in any/all VLAN ports other than "Management" VLAN (& ports)

    (assigned to the task off switch management).?

    Sniffer devices listens for the first switch info packet (LLDP, CDP, or EDP) on the wire after it establishes link and uses this to populate the port information.

    (If it can hear these packages.)

        Steinar Grande

  • 2.  RE: Packet sniffer devices connected to AOS/CX (both) ports.

    Posted Feb 23, 2023 03:40 AM

    You can limit the type TLV's send from the switch. For example on CX

    no lldp select-tlv management-address

    Other option is to disable LLDP per interface.

    interface 1/1/1

     no lldp transmit

    Last option I see is to attach an ACL to a user-role of an authenticated user and filter the LLDP packets. However, for this you need the device to authenticate. Per authentication is done the switch is still sending the LLDP packets.

    I don't believe there is an option to any advertise the LLDP packets in a management VLAN

    William Bargeman
    Systems Engineer Aruba