LLDP on Maestro Orchestrator

This section applies only to external interfaces (Management ports and Uplink ports) on the Maestro Orchestrator.

Important - Scalable Platforms (ElasticXL, Maestro, and Chassis) do not support this feature (Known Limitation MBS-10753).

You can configure Gaia to advertise and receive information from other network devices over the Link Layer Discovery Protocol (LLDP) protocol.

The LLDP is a vendor-neutral link layer protocol that network devices use to advertise their identity, capabilities (and so on) and to receive information about their neighbors on a local area network based on IEEE 802 standard.

The gathered information may include:

  • System Name

  • System Description

  • System Capabilities (switching, routing, etc.)

  • Port Description

  • Management Address

Important - By default, LLDP is disabled in the Gaia operating system.

Notes - In a Maestro environment:

  • The Security Appliances send LLDP packets to the Orchestrator.

    Based on these LLDP packets, the Orchestrator maintains the internal database of the Security Appliances and the Orchestrator ports, to which they are connected.

  • After you assign Security Appliances to a Security Group, the Orchestrator sends the LLDP packets to the assigned Security Appliances.

    These LLDP packets contain the required Security Group ID and the Security Group Member ID.

  • If you change the state of the LLDPD daemon to "off" on the Orchestrator, it stops the LLDPD daemon from transmitting and processing LLDP PDUs on the Orchestrator's external interfaces (Management ports and Uplink ports).

    However, the LLDPD daemon continues to transmit and process LLDP PDUs on the Orchestrator's Downlink ports. It is not support to disable LLDP PDUs on the Orchestrator's Downlink ports.

  • The external ports appear in the Gaia OS on the Orchestrator with these names:

    • eth<X>-Mgmt<X>

      Management ports

    • eth<X>-<XX>

      Uplink ports

    • eth<X>-Sync-<X>-<YZ>

      Ports for the internal synchronization and the external synchronization

  • The port for the external synchronization between Maestro Sites ("site_sync") on each Orchestrator appears in the Gaia OS with this interface name:

    eth<Orchestrator_Member_ID>-Sync-E-<Port_Logical_ID>

    Example: eth1-Sync-E-121

  • The port for the internal synchronization on the same Maestro Site ("ssm_sync") on each Orchestrator appears in the Gaia OS with this interface name:

    eth<Orchestrator_Member_ID>-Sync-I-<Port_Logical_ID>

    Example: eth1-Sync-I-125

Configuring LLDP in Gaia Portal on an Orchestrator

Step

Instructions

1

In the navigation tree, click System Management > LLDP.

2

In the Type Length Value (TLV) section, select which information to send in the LLDP packets, and click Apply:

  • System Name

    To send the Gaia "<Hostname>.<Domainname>".

    Note - To configure the domain name, see System Name.

  • System Description

    To send the formatted output of the "uname -msr" command

    (which contains the kernel name, kernel release, and kernel machine hardware name).

  • System Capabilities

    To send the string "station" (regardless of the Check Point configuration).

  • Port Description

    To send the name of the interface.

  • Management Address

    • Select Send Management interface IP to send the IP address of the Gaia Management interface only.

    • Select Send Configured interface IP to send the IP address of each selected interface.

3

In the Timers section, it is not supported to change the default values:

  • Transmit Interval

    This interval controls how frequently Gaia To send LLDP packets on the selected interfaces.

    Default: 8 seconds.

  • Hold Time Multiplier

    This multiplier controls the Time-to Live (TTL) of the LLDP packets:

    TTL = (Transmit Interval) x (Hold Time Multiplier).

    This TTL is the duration, for which the receiving neighbor stores the LLDP information in its database.

    Default: 3.

Note - These values are global and apply to all selected interfaces.

4

In the Interfaces section, add the applicable interfaces.

By default, Gaia OS selects the ports for the internal synchronization and the the internal synchronization.

  • To add all interfaces:

    1. Click Add All.

    2. Click Yes to confirm.

    3. The default LLDP mode for all interfaces is Transmit and Receive.

      To change the LLDP mode:

      1. Select an interface.

      2. Click Edit.

      3. Select the applicable LLDP mode.

      4. Click Save.

  • To add a specific interface:

    1. Click Add.

    2. In the Interface Name field, select an interface.

    3. In the Mode field, select the applicable LLDP mode.

    4. Click Save.

The available LLDP modes are:

  • Transmit and Receive

    The interface transmits and receives the LLDP packets.

  • Transmit only

    The interface only transmits the LLDP packets, but does not receive the LLDP packets.

  • Receive only

    The interface only receives the LLDP packets, but does not transmit the LLDP packets.

5

In the LLDP Configuration section:

  1. Select Enable LLDP on external interfaces.

  2. Click Apply.

Configuring LLDP in Gaia Clish on an Orchestrator

By default, Gaia OS selects the ports for the internal synchronization and the the internal synchronization.

Workflow:

Step

Instructions

1

Enable the LLDP on the external ports:

set lldp state on

2

Configure the required LLDP settings with the "set lldp" command.

3

Save the changes in the Gaia database:

save config

Syntax

  • To configure LLDP on Orchestrator:

    set lldp

          hold-time-multiplier <2-10>

          interface <Name of Interface>

                receive {on | off}

                transmit {on | off}

                transmit-and-receive {on | off}

          state {on | off}

          tlv

                port-description {on | off}

                system-name {on | off}

                system-description {on | off}

                system-capabilities {on | off}

                management-address {on from {configured-interface | mgmt-interface} | off}

          transmit-interval <8-32768>

    Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently. Scalable Platforms save the changes automatically.

  • To show the LLDP configuration on Orchestrator:

    show lldp

          peers

          status

                interface <Name of Interface>

                timers

                tlv

Parameters

Parameter

Description

hold-time-multiplier

This multiplier controls the Time-to Live (TTL) of the LLDP packets:

TTL = (Transmit Interval) x (Hold Time Multiplier).

This TTL is the duration, for which the receiving neighbor stores the LLDP information in its database.

Default: 3.

Note - It is not supported to change the default value.

interface <Name of Interface>

Specifies the name of an interface, which sends or receives the LLDP packets.

interface <Name of Interface> receive {on | off}

Enables (on) and disables (off) the LLDP mode on the interface as "receive only".

The interface only receives the LLDP packets, but does not transmit the LLDP packets.

interface <Name of Interface> transmit {on | off}

Enables (on) and disables (off) the LLDP mode on the interface as "transmit only".

The interface only transmits the LLDP packets, but does not receive the LLDP packets.

interface <Name of Interface> transmit-and-receive {on | off}

Enables (on) and disables (off) the LLDP mode on the interface as "transmit and receive".

The interface transmits and receives the LLDP packets.

state {on | off}

Enables (on) and disables (off) the LLDP on the specified interface.

tlv port-description {on | off}

Enables (on) and disables (off) the LLDP-enabled interface to send the Port Description information in the LLDP packets.

Sends the name of the interface.

tlv system-name {on | off}

Enables (on) and disables (off) the LLDP-enabled interface to send the System Name information in the LLDP packets.

Sends the Gaia "<Hostname>.<Domainname>".

Note - To configure the domain name, see System Name.

tlv system-description {on | off}

Enables (on) and disables (off) the LLDP-enabled interface to send the System Description information in the LLDP packets.

Sends the formatted output of the "uname -msr" command

(which contains kernel name, kernel release, and kernel machine hardware name).

tlv system-capabilities {on | off}

Enables (on) and disables (off) the LLDP-enabled interface to send the System Capabilities information in the LLDP packets.

Sends the string "station" (regardless of the Check Point configuration).

tlv management-address {on | off}

Enables (on) and disables (off) the LLDP-enabled interface to send the Management Address information in the LLDP packets.

  • from mgmt-interface - Sends the IP address of the Gaia Management interface only.

  • from configured-interface - Sends the IP address of each LLDP-enabled interface.

transmit-interval <8-32768>

This interval controls how frequently the LLDP-enabled interface sends the LLDP packets.

Default: 8 seconds.

Note - It is not supported to change the default value.

timers

Shows the configured LLDP timers:

  • Hold Time Multiplier

  • Transmit Interval

Example - Viewing the LLDP status

MHO_1_1> show lldp status
LLDP is enabled on external interfaces
Interfaces
Mgmt1 - transmit and receive
eth1-05 - transmit and receive
eth1-09 - transmit and receive
eth1-17 - transmit and receive
eth1-21 - transmit and receive
eth1-25 - transmit and receive
eth1-29 - transmit and receive
eth1-33 - transmit and receive
eth1-37 - transmit and receive
eth1-41 - transmit and receive
eth1-45 - transmit and receive
eth1-49 - transmit and receive
eth1-53 - transmit and receive
eth1-57 - transmit and receive
eth1-61 - transmit and receive
eth1-Mgmt1 - transmit and receive
eth1-Sync-E-121 - transmit and receive
eth1-Sync-I-125 - transmit and receive
Optional Information
port-description off
system-name on
system-description off
system-capabilities off
management-address on from configured-interface
Timers
Hold time multiplier 3
Transmit interval 8
MHO_1_1>

Example - Viewing the LLDP peers

MHO_1_1> show lldp peers
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    Mgmt1, via: LLDP, RID: 138, Time: 0 day, 00:12:31
  Chassis:
    ChassisID:    mac XX:XX:XX:XX:XX:XX
    SysName:      MyCiscoSwitch
    SysDescr:     Cisco Nexus Operating System (NX-OS)
                  TAC support: http://www.cisco.com/tac
                  Copyright (c) 2002-2019, Cisco Systems, Inc. All rights reserved.
    MgmtIP:       172.16.2.182
    Capability:   Bridge, on
    Capability:   Router, on
  Port:
    PortID:       ifname Ethernet1/31
    PortDescr:    MHO-1
    TTL:          120
  VLAN:         25, pvid: yes
  Unknown TLVs:
    TLV:          OUI: 00,01,42, SubType: 1, Len: 1 01
-------------------------------------------------------------------------------
Interface:    eth1-Sync-I-125, via: LLDP, RID: 131, Time: 1 day, 06:53:27
  Chassis:
    ChassisID:    local MT2006X14198
    SysName:      MHO_1_2
    MgmtIP:       172.16.25.102
  Port:
    PortID:       mac 00:02:03:04:05:c4
    PortDescr:    eth2-Sync-I-125
    TTL:          24
-------------------------------------------------------------------------------
Interface:    eth1-Sync-E-121, via: LLDP, RID: 137, Time: 1 day, 06:09:43
  Chassis:
    ChassisID:    local MT2006X14199
    SysName:      MHO_2_1
    MgmtIP:       172.16.25.103
  Port:
    PortID:       mac 00:02:03:04:05:c0
    PortDescr:    eth1-Sync-E-121
    TTL:          24
-------------------------------------------------------------------------------
Interface:    eth1-Mgmt1, via: LLDP, RID: 140, Time: 0 day, 00:12:19
  Chassis:
    ChassisID:    mac XX:XX:XX:XX:XX:XX
  Port:
    PortID:       ifname hundredGigE 1/15
    TTL:          120

(truncated)


-------------------------------------------------------------------------------
MHO_1_1>

Configuring LLDP in the Expert mode on an Orchestrator

You can configure advanced LLDP settings in the Expert mode.

To control the automatic LLDP configuration "transmit-and-receive on" on any new port with the type "ssm_sync" (internal sync) and "site_sync" (external sync):

By default, this feature is enabled.

Step

Instructions

1

Connect to the command line on the Orchestrator.

2

Log in.

3

If your default shell is Gaia Clish, then go to the Expert mode:

expert

4

Add the required configuration in the Gaia database:

  • To enable this feature (this is the default), run:

    dbset maestro:lldp:set_lldp_rx_and_tx_to_on_upon_sync_interface_creation true

  • To disable this feature, run:

    dbset maestro:lldp:set_lldp_rx_and_tx_to_on_upon_sync_interface_creation

5

Save the changes in the Gaia database:

dbset :save

To control the automatic LLDP configuration "transmit-and-receive on" of any new port:

By default, this feature is disabled.

Step

Instructions

1

Connect to the command line on the Orchestrator.

2

Log in.

3

If your default shell is Gaia Clish, then go to the Expert mode:

expert

4

Add the required configuration in the Gaia database:

  • To enable this feature, run:

    dbset maestro:lldp:set_lldp_rx_and_tx_to_on_upon_interface_creation true

  • To disable this feature (this is the default), run:

    dbset maestro:lldp:set_lldp_rx_and_tx_to_on_upon_interface_creation

5

Save the changes in the Gaia database:

dbset :save