Wired Intelligent Edge

Hi

well, my first thought is that you may have something like a loop or a shortcut in your network you may not be aware of. LLDP communication uses multicast address 01:80:C2:00:00:0E. So receiving those frames coming from devices multiple hops away must have something to do with the replication of this traffic towards the port connected to K1. 

So maybe you want to investigate on 6405-OL / 6405-OM whether something is configured to forward L2 multicast traffic to the core. 

Regards, 

Thomas

Thanks, Thomas.

Definitely not a loop or shortcut.  I did a pcap and see that there is a difference between the proper lldp packets and error packets:

The top packet (expected) is the adjacent core switch and the bottom (unexpected) shows up as multi-hop lldp record from a device on the other side of the core.

Like you said, the normal packet is sent to mcast destination MAC=01:80:c2:00:00:0e.

Bad lldp packet is sent to mcast destination MAC=01:80:c2:00:00:00 which is a valid LLDP OR STP destination.  If used with lldp then type field=0x88cc, if used with STP then type field=0x0802.  Both packets above are showing type field=0x88cc.

Example:

Good--

Bad--

Is this a problem with the source device or the switch forwarding the packet?  We do not use STP so these packets should not be forwarded beyond first hop.

Thanks for the help!

Hi

well, my first thought is that you may have something like a loop or a shortcut in your network you may not be aware of. LLDP communication uses multicast address 01:80:C2:00:00:0E. So receiving those frames coming from devices multiple hops away must have something to do with the replication of this traffic towards the port connected to K1. 

So maybe you want to investigate on 6405-OL / 6405-OM whether something is configured to forward L2 multicast traffic to the core. 

Regards, 

Thomas

Looks like you need to follow the devices that are directly connected to the port where you see this traffic.

LLDP capable switches are expected to not forward LLDP traffic, but non-LLDP capable switches (or switches that were designed to or have a software issue) can forward LLDP as it's just ethernet frames and they need to be actively dropped (or consumed) on switches. Check this (old) piece of documentation where you see that for CDP the behavior is what you see for LLDP. If you search, you can also find references to very small switches, like in IP Phones, that just forward the LLDP.

Next step would be to find out which device is forwarding the LLDP, so 'follow the path'. Then check on that device why it is forwarding the LLDP.

Thanks, Thomas.

Definitely not a loop or shortcut.  I did a pcap and see that there is a difference between the proper lldp packets and error packets:

The top packet (expected) is the adjacent core switch and the bottom (unexpected) shows up as multi-hop lldp record from a device on the other side of the core.

Like you said, the normal packet is sent to mcast destination MAC=01:80:c2:00:00:0e.

Bad lldp packet is sent to mcast destination MAC=01:80:c2:00:00:00 which is a valid LLDP OR STP destination.  If used with lldp then type field=0x88cc, if used with STP then type field=0x0802.  Both packets above are showing type field=0x88cc.

Example:

Good--

Bad--

Is this a problem with the source device or the switch forwarding the packet?  We do not use STP so these packets should not be forwarded beyond first hop.

Thanks for the help!

Hi

well, my first thought is that you may have something like a loop or a shortcut in your network you may not be aware of. LLDP communication uses multicast address 01:80:C2:00:00:0E. So receiving those frames coming from devices multiple hops away must have something to do with the replication of this traffic towards the port connected to K1. 

So maybe you want to investigate on 6405-OL / 6405-OM whether something is configured to forward L2 multicast traffic to the core. 

Regards, 

Thomas