You can limit the type TLV's send from the switch. For example on CX
no lldp select-tlv management-address
Other option is to disable LLDP per interface.
interface 1/1/1
no lldp transmit
Last option I see is to attach an ACL to a user-role of an authenticated user and filter the LLDP packets. However, for this you need the device to authenticate. Per authentication is done the switch is still sending the LLDP packets.
I don't believe there is an option to any advertise the LLDP packets in a management VLAN
------------------------------
William Bargeman
Systems Engineer Aruba
------------------------------
Original Message:
Sent: Feb 22, 2023 05:36 PM
From: Steinar Grande
Subject: Packet sniffer devices connected to AOS/CX (both) ports.
How to limit a "device" (using NetAlly or other)
to displays/gathering the switch name, model,
MAC address, IP address, port number, and VLAN IDs?,
Information gathered from switch port info packets (CDP, EDP, and LLDP).?,
in any/all VLAN ports other than "Management" VLAN (& ports)
(assigned to the task off switch management).?
Sniffer devices listens for the first switch info packet (LLDP, CDP, or EDP) on the wire after it establishes link and uses this to populate the port information.
(If it can hear these packages.)