show lldp neighbors – Multi-Vendor Device Discovery with LLDP

What is LLDP (Link Layer Discovery Protocol)?

Definition: LLDP is an IEEE 802.1AB, standards-based, vendor-neutral Layer 2 protocol that enables devices (switches, routers, IP phones, wireless APs, etc.) from any vendor to advertise their identity, capabilities, and management information to directly connected neighbors.

  • Promotes interoperability in mixed-vendor environments (unlike Cisco's proprietary CDP).
  • Supports automated network inventory, VoIP deployments, and physical topology discovery.

Understanding show lldp neighbors Command

  • Usage: show lldp neighbors
  • Lists all directly connected LLDP-capable devices and their connecting interfaces—regardless of vendor.
  • Enables rapid discovery and documentation in heterogeneous networks.

Sample Output and Fields

Device ID          Local Intf     Hold-time  Capability  Port ID
HP-Switch01        Gi0/1          120        B, R        1
Polycom-Phone      Gi0/2          120        T           4
Field Description
Device ID System name/hostname of the neighbor device
Local Intf Your device's interface connected to neighbor (e.g., Gi0/1)
Hold-time Seconds until LLDP info is discarded if not refreshed
Capability Device function (B=Bridge/Switch, R=Router, T=Telephone, etc.)
Port ID Neighbor’s port/interface name or number

LLDP-MED (Media Endpoint Discovery)

  • Extension to LLDP for discovering media devices (IP phones, VoIP endpoints, etc.).
  • Advertises device location, VLAN assignments, QoS, power requirements, and more—automates VoIP setup!
  • Example: If John connects a Cisco switch to a Polycom IP phone and runs show lldp neighbors detail, he’ll see voice VLAN, power settings, and device location—enabling rapid deployment of VoIP phones.

Enabling and Disabling LLDP

Globally (Cisco): 
configure terminal
lldp run         # Enable globally
no lldp run      # Disable globally
end
Per Interface: 
interface GigabitEthernet0/2
  lldp transmit       # Enable sending LLDP
  lldp receive        # Enable receiving LLDP
  no lldp transmit    # Disable sending LLDP
  no lldp receive     # Disable receiving LLDP
end

Note: LLDP is disabled by default on Cisco devices—you must enable it for multi-vendor discovery.

Differences from Cisco’s CDP

Aspect LLDP CDP
Vendor Support Multi-vendor (IEEE) Cisco proprietary
Default State (Cisco) Disabled Enabled
Use Case Mixed-vendor networks Cisco-only environments
Information Shared Similar (ID, capabilities, port, some management info) More Cisco-specific, sometimes richer
Security BOTH expose topology if enabled BOTH expose topology if enabled

Security Considerations

  • LLDP and CDP both expose detailed topology and device information to any directly connected host—potentially aiding attackers.
  • Best Practices:
    • Enable LLDP only where needed (infrastructure and uplinks).
    • Disable on user-facing or untrusted ports (e.g., access ports, guest networks).
    • Regularly audit interfaces running LLDP.

Troubleshooting Using LLDP

  • Use LLDP to confirm cabling, port numbers, and cross-vendor device visibility.
  • LLDP helps diagnose VLAN mismatches and VoIP assignment issues (with LLDP-MED).
  • If a neighbor is missing in show lldp neighbors:
    • Is LLDP enabled on both ends?
    • Are interfaces up and cabled correctly?
    • Run show lldp (Cisco) or show lldp info remote-device (HPE/Arista/Juniper, etc.).

Use Cases for LLDP

  • Multi-vendor Environments: Discover, document, and troubleshoot networks mixing Cisco, HPE, Juniper, Polycom, Extreme, Arista, etc.
  • VoIP Deployments: LLDP-MED automates VLAN and QoS for IP phones—plug and play voice deployments.
  • Network Inventory and Mapping: Quickly generate up-to-date topology maps (scripted, manual, or via management software).

Sample Troubleshooting Scenario – Using LLDP

Scenario: John is deploying a new mixed-vendor network. He connects a Cisco switch to an HPE switch but doesn’t see the HPE switch in show lldp neighbors.
Steps:
  1. Check LLDP status on both devices: show lldp (Cisco), show lldp info remote-device (HPE).
  2. Enable LLDP if needed (lldp run globally, lldp transmit/receive on interface).
  3. Check that both interfaces are up and properly cabled (show interfaces status).
  4. Reseat cables if necessary and verify correct ports.
  5. Test again with show lldp neighbors—John should now see the HPE switch.

Comparison Table: LLDP vs. CDP Outputs

Field show lldp neighbors show cdp neighbors
Protocol IEEE 802.1AB (vendor-neutral) Cisco proprietary
Device ID System name/hostname Hostname (Device ID)
Local Interface Your device’s interface Your device’s interface
Port ID Remote device’s port/interface Remote device’s port/interface
Capabilities B=Bridge/Switch, R=Router, T=Telephone, etc. R=Router, S=Switch, I=IGMP, etc.
Hold Time Seconds until entry is aged out Same
Management Address Shown in show lldp neighbors detail Shown in show cdp neighbors detail
Platform/Model Sometimes shown in detail Always shown
Software Version Detail output (if advertised) Detail output
Media Extensions LLDP-MED (VoIP/VLAN/Power/QoS) Limited (IP phone info via CDP)
Vendor Support All major vendors Cisco only

Exam Tips and Key Points

  • LLDP is vendor-neutral (IEEE standard) and essential for multi-vendor networks.
  • Interpret show lldp neighbors fields: Device ID, Local/Remote ports, Capabilities.
  • Enable LLDP globally and per interface (disabled by default on Cisco).
  • LLDP-MED is important for VoIP/phones—automates VLAN and policy assignment.
  • Compare LLDP vs. CDP—know when to use each and their commands.
  • For security, disable LLDP (and CDP) on untrusted/user-facing ports.
  • LLDP does NOT run by default on Cisco devices—always enable as needed.

LLDP (Link Layer Discovery Protocol) Quiz

1. What type of protocol is LLDP?

Correct answer is D. LLDP is a vendor-neutral Layer 2 protocol based on IEEE 802.1AB standard for device discovery.

2. Which command shows all directly connected LLDP-capable devices?

Correct answer is A. 'show lldp neighbors' lists LLDP-capable devices connected directly.

3. What does the “Hold-time” field represent in LLDP output?

Correct answer is B. Hold-time indicates how long LLDP info remains valid without updates.

4. What capabilities might you see in the LLDP neighbor output?

Correct answer is C. LLDP capability codes include B (Bridge), R (Router), and T (Telephone).

5. How do you globally enable LLDP on a Cisco device?

Correct answer is A. 'lldp run' enables LLDP globally on Cisco devices.

6. Which LLDP extension supports VoIP and media endpoint discovery?

Correct answer is D. LLDP-MED is an extension for media endpoint discovery such as IP phones.

7. What is the default LLDP state on Cisco devices?

Correct answer is B. LLDP is disabled by default on Cisco devices and must be enabled manually.

8. How can you disable LLDP on a specific interface?

Correct answer is C. LLDP can be disabled per interface by disabling transmit and receive.

9. Why is it recommended to disable LLDP on user-facing or untrusted ports?

Correct answer is A. Disabling LLDP on untrusted ports limits attackers' ability to map the network.

10. Which field in the 'show lldp neighbors' output identifies the remote device's port/interface?

Correct answer is D. Port ID shows the remote device's port/interface in LLDP output.

← Back to Home