show lldp neighbors – Multi-Vendor Device Discovery with LLDP

What is LLDP (Link Layer Discovery Protocol)?

Definition: LLDP is an IEEE 802.1AB, standards-based, vendor-neutral Layer 2 protocol that enables devices (switches, routers, IP phones, wireless APs, etc.) from any vendor to advertise their identity, capabilities, and management information to directly connected neighbors.

Promotes interoperability in mixed-vendor environments (unlike Cisco's proprietary CDP).
Supports automated network inventory, VoIP deployments, and physical topology discovery.

Understanding `show lldp neighbors` Command

Usage: show lldp neighbors
Lists all directly connected LLDP-capable devices and their connecting interfaces—regardless of vendor.
Enables rapid discovery and documentation in heterogeneous networks.

Sample Output and Fields

Device ID          Local Intf     Hold-time  Capability  Port ID
HP-Switch01        Gi0/1          120        B, R        1
Polycom-Phone      Gi0/2          120        T           4

Field	Description
Device ID	System name/hostname of the neighbor device
Local Intf	Your device's interface connected to neighbor (e.g., Gi0/1)
Hold-time	Seconds until LLDP info is discarded if not refreshed
Capability	Device function (B=Bridge/Switch, R=Router, T=Telephone, etc.)
Port ID	Neighbor’s port/interface name or number

LLDP-MED (Media Endpoint Discovery)

Extension to LLDP for discovering media devices (IP phones, VoIP endpoints, etc.).
Advertises device location, VLAN assignments, QoS, power requirements, and more—automates VoIP setup!
Example: If John connects a Cisco switch to a Polycom IP phone and runs show lldp neighbors detail, he’ll see voice VLAN, power settings, and device location—enabling rapid deployment of VoIP phones.

Enabling and Disabling LLDP

Globally (Cisco):

configure terminal
lldp run         # Enable globally
no lldp run      # Disable globally
end

Per Interface:

interface GigabitEthernet0/2
  lldp transmit       # Enable sending LLDP
  lldp receive        # Enable receiving LLDP
  no lldp transmit    # Disable sending LLDP
  no lldp receive     # Disable receiving LLDP
end

Note: LLDP is disabled by default on Cisco devices—you must enable it for multi-vendor discovery.

Differences from Cisco’s CDP

Aspect	LLDP	CDP
Vendor Support	Multi-vendor (IEEE)	Cisco proprietary
Default State (Cisco)	Disabled	Enabled
Use Case	Mixed-vendor networks	Cisco-only environments
Information Shared	Similar (ID, capabilities, port, some management info)	More Cisco-specific, sometimes richer
Security	BOTH expose topology if enabled	BOTH expose topology if enabled

Security Considerations

LLDP and CDP both expose detailed topology and device information to any directly connected host—potentially aiding attackers.
Best Practices:

Enable LLDP only where needed (infrastructure and uplinks).
Disable on user-facing or untrusted ports (e.g., access ports, guest networks).
Regularly audit interfaces running LLDP.

Troubleshooting Using LLDP

Use LLDP to confirm cabling, port numbers, and cross-vendor device visibility.
LLDP helps diagnose VLAN mismatches and VoIP assignment issues (with LLDP-MED).
If a neighbor is missing in show lldp neighbors:

Is LLDP enabled on both ends?
Are interfaces up and cabled correctly?
Run show lldp (Cisco) or show lldp info remote-device (HPE/Arista/Juniper, etc.).

Use Cases for LLDP

Multi-vendor Environments: Discover, document, and troubleshoot networks mixing Cisco, HPE, Juniper, Polycom, Extreme, Arista, etc.
VoIP Deployments: LLDP-MED automates VLAN and QoS for IP phones—plug and play voice deployments.
Network Inventory and Mapping: Quickly generate up-to-date topology maps (scripted, manual, or via management software).

Sample Troubleshooting Scenario – Using LLDP

Scenario: John is deploying a new mixed-vendor network. He connects a Cisco switch to an HPE switch but doesn’t see the HPE switch in show lldp neighbors.
Steps:

Check LLDP status on both devices: show lldp (Cisco), show lldp info remote-device (HPE).
Enable LLDP if needed (lldp run globally, lldp transmit/receive on interface).
Check that both interfaces are up and properly cabled (show interfaces status).
Reseat cables if necessary and verify correct ports.
Test again with show lldp neighbors—John should now see the HPE switch.

Comparison Table: LLDP vs. CDP Outputs

Field	`show lldp neighbors`	`show cdp neighbors`
Protocol	IEEE 802.1AB (vendor-neutral)	Cisco proprietary
Device ID	System name/hostname	Hostname (Device ID)
Local Interface	Your device’s interface	Your device’s interface
Port ID	Remote device’s port/interface	Remote device’s port/interface
Capabilities	B=Bridge/Switch, R=Router, T=Telephone, etc.	R=Router, S=Switch, I=IGMP, etc.
Hold Time	Seconds until entry is aged out	Same
Management Address	Shown in `show lldp neighbors detail`	Shown in `show cdp neighbors detail`
Platform/Model	Sometimes shown in detail	Always shown
Software Version	Detail output (if advertised)	Detail output
Media Extensions	LLDP-MED (VoIP/VLAN/Power/QoS)	Limited (IP phone info via CDP)
Vendor Support	All major vendors	Cisco only

Exam Tips and Key Points

LLDP is vendor-neutral (IEEE standard) and essential for multi-vendor networks.
Interpret show lldp neighbors fields: Device ID, Local/Remote ports, Capabilities.
Enable LLDP globally and per interface (disabled by default on Cisco).
LLDP-MED is important for VoIP/phones—automates VLAN and policy assignment.
Compare LLDP vs. CDP—know when to use each and their commands.
For security, disable LLDP (and CDP) on untrusted/user-facing ports.
LLDP does NOT run by default on Cisco devices—always enable as needed.

LLDP (Link Layer Discovery Protocol) Quiz

1. What type of protocol is LLDP?

A. Cisco proprietary Layer 3 protocol B. IEEE 802.3 Ethernet standard C. Application-layer protocol D. Vendor-neutral Layer 2 discovery protocol

Correct answer is D. LLDP is a vendor-neutral Layer 2 protocol based on IEEE 802.1AB standard for device discovery.

2. Which command shows all directly connected LLDP-capable devices?

A. show lldp neighbors B. show cdp neighbors C. show interfaces D. show ip neighbors

Correct answer is A. 'show lldp neighbors' lists LLDP-capable devices connected directly.

3. What does the “Hold-time” field represent in LLDP output?

A. Time between LLDP advertisements B. Seconds before LLDP information expires if not refreshed C. Total uptime of the neighbor device D. Time LLDP has been enabled

Correct answer is B. Hold-time indicates how long LLDP info remains valid without updates.

4. What capabilities might you see in the LLDP neighbor output?

A. Firewall (F), Switch (S) B. Server (SV), Router (R) C. Bridge/Switch (B), Router (R), Telephone (T) D. Database (DB), Phone (P)

Correct answer is C. LLDP capability codes include B (Bridge), R (Router), and T (Telephone).

5. How do you globally enable LLDP on a Cisco device?

A. lldp run B. no lldp run C. enable lldp D. lldp enable

Correct answer is A. 'lldp run' enables LLDP globally on Cisco devices.

6. Which LLDP extension supports VoIP and media endpoint discovery?

A. LLDP-VOIP B. LLDP-EXT C. LLDP-TEL D. LLDP-MED

Correct answer is D. LLDP-MED is an extension for media endpoint discovery such as IP phones.

7. What is the default LLDP state on Cisco devices?

A. Enabled globally B. Disabled by default C. Enabled only on access ports D. Enabled only on trunk ports

Correct answer is B. LLDP is disabled by default on Cisco devices and must be enabled manually.

8. How can you disable LLDP on a specific interface?

A. no lldp run B. disable lldp C. interface [name]
no lldp transmit
no lldp receive D. no lldp enable

Correct answer is C. LLDP can be disabled per interface by disabling transmit and receive.

9. Why is it recommended to disable LLDP on user-facing or untrusted ports?

A. To reduce security risks from topology exposure B. To reduce bandwidth consumption C. To improve device performance D. To enable CDP instead

Correct answer is A. Disabling LLDP on untrusted ports limits attackers' ability to map the network.

10. Which field in the 'show lldp neighbors' output identifies the remote device's port/interface?

A. Device ID B. Hold-time C. Local Interface D. Port ID

Correct answer is D. Port ID shows the remote device's port/interface in LLDP output.

← Back to Home