Best practice help with LLDP

dexznrl · May 21, 2026, 12:44pm

We're trying to map our network with LLDP and from what I understand I need to create an interface list that I name to DISCOVERY (My choice of name). To that list I add all the ethernet interfaces (ether 1, ether 2 and so on)...

Then I go to IP->Neighbours->Discovery Settings and choose my list (DISCOVERY) and press on OK.

Now I can correctly map my network with LLDP mapping softwares without any issues.

If I add my management VLAN to the interface list named DISCOVERY the map get mixed up because now the mapping software can see all devices on multiple locations.

No problem I thought, I simply don't add my management VLAN to DISCOVERY but then I can't see the devices in WINBOX and I haven't quite figured out how ROMON works.

I could add management VLAN to DISCOVERY and simply block LLDP traffic and only allow MNDP, that would solve my problem but it just seems "far fetched" to work like this. Someone at Mikrotik had an idea, but I can't figure out the process for doing this. So here I am, asking you guys for some best practice advice :).

Best regards

Johan

tdw · May 21, 2026, 1:09pm

To comply with standards devices should never forward LLDP packets between interfaces. If you are seeing LLDP neigbours beyond directly connected devices they are non-compliant - this could be due to design/implementation flaws, or have been configured to override compliant behaviour.

Mikrotiks do allow the the IEEE MAC Bridge Filtered MAC Group Addresses to be forwarded if you have a specific use case - historically it was enabled by setting protocol-mode=none on the bridge, since RouterOS v7.16 you also have to set forward-reserved-addresses=yes. On older versions of RouterOS the bridge should be left with the setting protocol-mode=rstp, if you do not wish spanning tree to be active set the bridge ports edge=yes