Netgate SG-1000 microFirewall

Author Topic: LLDP daemon package  (Read 276 times)

0 Members and 1 Guest are viewing this topic.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 729
  • Karma: +143/-0
    • View Profile
LLDP daemon package
« on: February 07, 2018, 07:38:13 pm »
This topic is for information on the lldpd package.


Version history:
  • 0.9.4   Initial release
  • 0.9.9   Update to lldpd version 0.9.9
« Last Edit: Today at 11:54:55 am by dennypage »

Offline mikeisfly

  • Sr. Member
  • ****
  • Posts: 492
  • Karma: +11/-0
    • View Profile
Re: LLDP daemon package
« Reply #1 on: February 07, 2018, 10:42:29 pm »
Is this in regard to LADVD? Its working pretty good for me.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 729
  • Karma: +143/-0
    • View Profile
Re: LLDP daemon package
« Reply #2 on: February 07, 2018, 11:21:14 pm »
It's about the (new) pfSense lldpd package. Lldpd is similar to LADVD but is a but more up to date and compliant with 802.1ab.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15180
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: LLDP daemon package
« Reply #3 on: February 08, 2018, 02:02:21 pm »
Looking forward to it - what kind of timeline to when be available?  Any hints?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline dennypage

  • Hero Member
  • *****
  • Posts: 729
  • Karma: +143/-0
    • View Profile
Re: LLDP daemon package
« Reply #4 on: February 08, 2018, 05:18:21 pm »
The pr is in. Reviews are complete, but not sure how long before it would appear in the package repos though. Folks are busy. :)

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 502
  • Karma: +45/-0
    • View Profile
Re: LLDP daemon package
« Reply #5 on: Yesterday at 09:31:13 am »
Now showing up as a package.

lldpd provies support for the 802.1ab Link Layer Discovery Protocol (LLDP), as well as support for several proprietary discovery protocols including Cisco Discovery Protocol (CDP), Extreme Discovery Protocol (EDP), Foundry Discovery Protocol (FDP), and Nortel Discovery Protocol (NDP / SONMP).

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15180
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: LLDP daemon package
« Reply #6 on: Yesterday at 09:41:19 am »
Grabbing it now ;)
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 502
  • Karma: +45/-0
    • View Profile
Re: LLDP daemon package
« Reply #7 on: Yesterday at 09:47:59 am »
Looking good, one slight issue, marked in red :-

-------------------------------------------------------------------------------
Local chassis:
-------------------------------------------------------------------------------
Chassis:     
  ChassisID:    mac 00:08:a2:0a:9d:cb
  SysName:      pfsense.xxxxxxxxxx.net
  SysDescr:      FreeBSD 11.1-RELEASE-p6 FreeBSD 11.1-RELEASE-p6 #5 r313908+a5b33c9d1c4(RELENG_2_4): Tue Dec 12 13:20:18 CST 2017
  root@buildbot2.netgate.com:/xbuilder/crossbuild-242/pfSense/tmp/obj/xbuilder/crossbuild-242/pfSense/tmp/FreeBSD-src/sys/pfSense amd64
  TTL:          120
  MgmtIP:       172.16.1.1
  MgmtIP:       2a02:xxxx:xxxx:1::1
  Capability:   Bridge, off
  Capability:   Router, on
  Capability:   Wlan, off
  Capability:   Station, off
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    igb0, via: LLDP, RID: 1, Time: 0 day, 00:02:27
  Chassis:     
    ChassisID:    mac 60:38:e0:14:a2:b7
    SysName:      switch-1
    SysDescr:     LGS308P 8-Port Gigabit PoE+ Smart Switch
    TTL:          120
    MgmtIP:       172.16.1.2
    Capability:   Bridge, on
  Port:       
    PortID:       ifname gi1
    PortDescr:    gigabitethernet1
    MFS:          1522
    PMD autoneg:  supported: yes, enabled: yes
      Adv:          10Base-T, HD: yes, FD: yes
      Adv:          100Base-TX, HD: yes, FD: yes
      Adv:          1000Base-T, HD: no, FD: yes
      MAU oper type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode
  VLAN:         4093, pvid: yes
-------------------------------------------------------------------------------

Attached a Wireshark screenshot.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15180
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: LLDP daemon package
« Reply #8 on: Yesterday at 09:51:35 am »
I am seeing that as well... But is it just showing you subtype along with the ID?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 502
  • Karma: +45/-0
    • View Profile
Re: LLDP daemon package
« Reply #9 on: Yesterday at 10:25:11 am »
I can't see ifname anywhere, wondering if it is a script error.

/Users/andy/Downloads/packetcapture.cap 1000 total packets, 2 shown
     18 15:42:46.643407    BelkinIn_14:a2:b8     LLDP_Multicast        LLDP
163    TTL = 120 System Name = switch-1 System Description = LGS308P 8-Port Gigabit PoE+ Smart
Switch
Frame 18: 163 bytes on wire (1304 bits), 163 bytes captured (1304 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Feb 22, 2018 15:42:46.643407000 GMT
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1519314166.643407000 seconds
    [Time delta from previous captured frame: 0.017146000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.638745000 seconds]
    Frame Number: 18
    Frame Length: 163 bytes (1304 bits)
    Capture Length: 163 bytes (1304 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:lldp]
    [Coloring Rule Name: Broadcast]
    [Coloring Rule String: eth[0] & 1]
Ethernet II, Src: BelkinIn_14:a2:b8 (60:38:e0:14:a2:b8), Dst: LLDP_Multicast
(01:80:c2:00:00:0e)
    Destination: LLDP_Multicast (01:80:c2:00:00:0e)
        Address: LLDP_Multicast (01:80:c2:00:00:0e)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: BelkinIn_14:a2:b8 (60:38:e0:14:a2:b8)
        Address: BelkinIn_14:a2:b8 (60:38:e0:14:a2:b8)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: 802.1 Link Layer Discovery Protocol (LLDP) (0x88cc)
Link Layer Discovery Protocol
    Chassis Subtype = MAC address, Id: 60:38:e0:14:a2:b7
        0000 001. .... .... = TLV Type: Chassis Id (1)
        .... ...0 0000 0111 = TLV Length: 7
        Chassis Id Subtype: MAC address (4)
        Chassis Id: BelkinIn_14:a2:b7 (60:38:e0:14:a2:b7)
    Port Subtype = Interface name, Id: gi1
        0000 010. .... .... = TLV Type: Port Id (2)
        .... ...0 0000 0100 = TLV Length: 4
        Port Id Subtype: Interface name (5)
        Port Id: gi1
    Time To Live = 120 sec
        0000 011. .... .... = TLV Type: Time to Live (3)
        .... ...0 0000 0010 = TLV Length: 2
        Seconds: 120
    IEEE 802.3 - MAC/PHY Configuration/Status
        1111 111. .... .... = TLV Type: Organization Specific (127)
        .... ...0 0000 1001 = TLV Length: 9
        Organization Unique Code: IEEE 802.3 (0x00120f)
        IEEE 802.3 Subtype: MAC/PHY Configuration/Status (0x01)
        Auto-Negotiation Support/Status: 0x03
            .... ...1 = Auto-Negotiation: Supported
            .... ..1. = Auto-Negotiation: Enabled
        PMD Auto-Negotiation Advertised Capability: 0x6c01
capable
.... .... .... ...1 = 1000BASE-T (full duplex mode): Capable
.... .... .... ..0. = 1000BASE-T (half duplex mode): Not capable
.... .... .... .0.. = 1000BASE-X (-LX, -SX, -CX full duplex mode): Not capable
.... .... .... 0... = 1000BASE-X (-LX, -SX, -CX half duplex mode): Not capable
.... .... ...0 .... = Asymmetric and Symmetric PAUSE (for full-duplex links): Not
.... .... ..0. .... = Symmetric PAUSE (for full-duplex links): Not capable
.... .... .0.. .... = Asymmetric PAUSE (for full-duplex links): Not capable
.... .... 0... .... = PAUSE (for full-duplex links): Not capable
.... ...0 .... .... = 100BASE-T2 (full duplex mode): Not capable
.... ..0. .... .... = 100BASE-T2 (half duplex mode): Not capable
.... .1.. .... .... = 100BASE-TX (full duplex mode): Capable
            .... 1... .... .... = 100BASE-TX (half duplex mode): Capable
            ...0 .... .... .... = 100BASE-T4: Not capable
            ..1. .... .... .... = 10BASE-T (full duplex mode): Capable
            .1.. .... .... .... = 10BASE-T (half duplex mode): Capable
            0... .... .... .... = Other or unknown: Not capable
        Same in inverse (wrong) bitorder
            0... .... .... .... = 1000BASE-T (full duplex mode): Not capable
            .1.. .... .... .... = 1000BASE-T (half duplex mode): Capable
            ..1. .... .... .... = 1000BASE-X (-LX, -SX, -CX full duplex mode): Capable
            ...0 .... .... .... = 1000BASE-X (-LX, -SX, -CX half duplex mode): Not capable
            .... 1... .... .... = Asymmetric and Symmetric PAUSE (for full-duplex links): Capable
            .... .1.. .... .... = Symmetric PAUSE (for full-duplex links): Capable
            .... ..0. .... .... = Asymmetric PAUSE (for full-duplex links): Not capable
            .... ...0 .... .... = PAUSE (for full-duplex links): Not capable
            .... .... 0... .... = 100BASE-T2 (full duplex mode): Not capable
            .... .... .0.. .... = 100BASE-T2 (half duplex mode): Not capable
            .... .... ..0. .... = 100BASE-TX (full duplex mode): Not capable
            .... .... ...0 .... = 100BASE-TX (half duplex mode): Not capable
            .... .... .... 0... = 100BASE-T4: Not capable
            .... .... .... .0.. = 10BASE-T (full duplex mode): Not capable
            .... .... .... ..0. = 10BASE-T (half duplex mode): Not capable
            .... .... .... ...1 = Other or unknown: Capable
        Operational MAU Type: 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode (0x001e)
    IEEE 802.3 - Link Aggregation
        1111 111. .... .... = TLV Type: Organization Specific (127)
        .... ...0 0000 1001 = TLV Length: 9
        Organization Unique Code: IEEE 802.3 (0x00120f)
        IEEE 802.3 Subtype: Link Aggregation (0x03)
        Aggregation Status: 0x01
            .... ...1 = Aggregation Capability: Yes
            .... ..0. = Aggregation Status: Disabled
        Aggregated Port Id: 0
    IEEE 802.3 - Maximum Frame Size
        1111 111. .... .... = TLV Type: Organization Specific (127)
        .... ...0 0000 0110 = TLV Length: 6
        Organization Unique Code: IEEE 802.3 (0x00120f)
        IEEE 802.3 Subtype: Maximum Frame Size (0x04)
        Maximum Frame Size: 1522
    Port Description = gigabitethernet1
        0000 100. .... .... = TLV Type: Port Description (4)
        .... ...0 0001 0000 = TLV Length: 16
        Port Description: gigabitethernet1
    System Name = switch-1
        0000 101. .... .... = TLV Type: System Name (5)
        .... ...0 0000 1000 = TLV Length: 8
        System Name: switch-1
    System Description = LGS308P 8-Port Gigabit PoE+ Smart Switch
        0000 110. .... .... = TLV Type: System Description (6)
        .... ...0 0010 1000 = TLV Length: 40
        System Description: LGS308P 8-Port Gigabit PoE+ Smart Switch
    Capabilities
        0000 111. .... .... = TLV Type: System Capabilities (7)
        .... ...0 0000 0100 = TLV Length: 4
        Capabilities: 0x0004
            .... .... .... ...0 = Other: Not capable
            .... .... .... ..0. = Repeater: Not capable
            .... .... .... .1.. = Bridge: Capable
            .... .... .... 0... = WLAN access point: Not capable
            .... .... ...0 .... = Router: Not capable
            .... .... ..0. .... = Telephone: Not capable
            .... .... .0.. .... = DOCSIS cable device: Not capable
            .... .... 0... .... = Station only: Not capable
        Enabled Capabilities: 0x0004
            .... .... .... ...0 = Other: Not capable
            .... .... .... ..0. = Repeater: Not capable
        .... .... .... .1.. = Bridge: Capable
        .... .... .... 0... = WLAN access point: Not capable
        .... .... ...0 .... = Router: Not capable
        .... .... ..0. .... = Telephone: Not capable
        .... .... .0.. .... = DOCSIS cable device: Not capable
        .... .... 0... .... = Station only: Not capable
Management Address
    0001 000. .... .... = TLV Type: Management Address (8)
    .... ...0 0000 1100 = TLV Length: 12
    Address String Length: 5
    Address Subtype: IPv4 (1)
    Management Address: 172.16.1.2
    Interface Subtype: ifIndex (2)
    Interface Number: 300000
    OID String Length: 0
IEEE 802.1 - Port VLAN ID
    1111 111. .... .... = TLV Type: Organization Specific (127)
    .... ...0 0000 0110 = TLV Length: 6
    Organization Unique Code: IEEE 802.1 (0x0080c2)
    IEEE 802.1 Subtype: Port VLAN ID (0x01)
    Port VLAN Identifier: 4093 (0x0ffd)
End of LLDPDU
    0000 000. .... .... = TLV Type: End of LLDPDU (0)
    .... ...0 0000 0000 = TLV Length: 0

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15180
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: LLDP daemon package
« Reply #10 on: Yesterday at 10:43:23 am »
what do you mean you can not see it.. its right here in your output

"Port Subtype = Interface name, Id: gi1"

subtype is interface name or ifname ;)

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline dennypage

  • Hero Member
  • *****
  • Posts: 729
  • Karma: +143/-0
    • View Profile
Re: LLDP daemon package
« Reply #11 on: Yesterday at 10:49:02 am »
Looking good, one slight issue, marked in red :-
  Port:       
    PortID:       ifname gi1
    PortDescr:    gigabitethernet1

I don't understand. Why is this an issue?

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 502
  • Karma: +45/-0
    • View Profile
Re: LLDP daemon package
« Reply #12 on: Yesterday at 11:05:36 am »
Normally ( I'm used to output from a Cisco ) you see the port or the MAC address :-

XXXSWHXXX003>sh lldp nei Gi1/0/3
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
XXXWAPXXX003        Gi1/0/3        120        W               1864.72c6.1eb4

Total entries displayed: 1

XXXSWHXXX003>

XXXSWHXXX003>sh lldp nei Te1/1/3
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
XXXSWHXXX002        Te1/1/3        120        B,R             Te1/1/5

Total entries displayed: 1

XXXSWHXXX003>

[2.4.2-RELEASE][admin@pfsense]/root: tcpdump -s0 -vv -pni igb0 ether dst 01:80:c2:00:00:0e
tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:13:07.582944 LLDP, length 149
   Chassis ID TLV (1), length 7
     Subtype MAC address (4): 60:38:e0:14:a2:b7
     0x0000:  0460 38e0 14a2 b7
   Port ID TLV (2), length 4
     Subtype Interface Name (5): gi1
     0x0000:  0567 6931
   Time to Live TLV (3), length 2: TTL 120s
     0x0000:  0078
   Organization specific TLV (127), length 9: OUI IEEE 802.3 Private (0x00120f)
     MAC/PHY configuration/status Subtype (1)
       autonegotiation [supported, enabled] (0x03)
       PMD autoneg capability [10BASE-T hdx, 10BASE-T fdx, 100BASE-TX hdx, 100BASE-TX fdx, 1000BASE-T fdx] (0x6c01)
       MAU type 1000BASET fdx (0x001e)
     0x0000:  0012 0f01 036c 0100 1e
   Organization specific TLV (127), length 9: OUI IEEE 802.3 Private (0x00120f)
     Link aggregation Subtype (3)
       aggregation status [supported], aggregation port ID 0
     0x0000:  0012 0f03 0100 0000 00
   Organization specific TLV (127), length 6: OUI IEEE 802.3 Private (0x00120f)
     Max frame size Subtype (4)
       MTU size 1522
     0x0000:  0012 0f04 05f2
   Port Description TLV (4), length 16: gigabitethernet1
     0x0000:  6769 6761 6269 7465 7468 6572 6e65 7431
   System Name TLV (5), length 8: switch-1
     0x0000:  7377 6974 6368 2d31
   System Description TLV (6), length 40
     LGS308P 8-Port Gigabit PoE+ Smart Switch
     0x0000:  4c47 5333 3038 5020 382d 506f 7274 2047
     0x0010:  6967 6162 6974 2050 6f45 2b20 536d 6172
     0x0020:  7420 5377 6974 6368
   System Capabilities TLV (7), length 4
     System  Capabilities [Bridge] (0x0004)
     Enabled Capabilities [Bridge] (0x0004)
     0x0000:  0004 0004
   Management Address TLV (8), length 12
     Management Address length 5, AFI IPv4 (1): 172.16.1.2
     Interface Index Interface Numbering (2): 300000
     0x0000:  0501 ac10 0102 0200 0493 e000
   Organization specific TLV (127), length 6: OUI Ethernet bridged (0x0080c2)
     Port VLAN Id Subtype (1)
       port vlan id (PVID): 4093
     0x0000:  0080 c201 0ffd
   End TLV (0), length 0
^C
1 packet captured
423 packets received by filter
0 packets dropped by kernel
[2.4.2-RELEASE][admin@pfsense]/root:



It just looked a little odd :)
« Last Edit: Yesterday at 11:15:45 am by NogBadTheBad »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15180
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: LLDP daemon package
« Reply #13 on: Yesterday at 11:07:55 am »
I don't think its any sort of "issue"... But would be slicker looking if was broken out into the subtype line vs listed on the port id is all..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline dennypage

  • Hero Member
  • *****
  • Posts: 729
  • Karma: +143/-0
    • View Profile
Re: LLDP daemon package
« Reply #14 on: Yesterday at 11:10:55 am »
Just FYI, the version of lldpd currently distributed for pfSense is 0.9.4 because this was the version available in FreeBSD Ports at the time the package was introduced. The current version of lldpd is 0.9.9, which has just been committed to FreeBSD Ports. Movement into the pfSense repo is pending.