Hej!
is there an option to disable Voice VLAN (LLDP-MED Network Policy) on specific Ports on a Switch?
I tried to use the Neighbor Interface (List) to exclude e.g. ether44 - but it didn’t work for me.
CRS354 with ROS v7.14
I would expect that the VLAN’s are configured, specifically per port.
Can you share the config, so that we kow what you are talking about? Assuming it is configuraed with RouterOS:
/export file=anynameyoulike
Remove serial and any other private info, post between code tags by using the </> button.
I am afraid that the actual question in the OP is whether it is possible to remove of the LLDP-MED extension from the LLDP messages that RouterOS sends out via ports that are not members of the voice VLAN.
Since RouterOS waits for the connected device to send LLDP first in order to decide whether to send the LLDP-MED extension at all in its own LLDP packets, I cannot test it here, but there is definitely no configuration item that would allow to manually configure that on per-port basis; given that 802.1x allows to make ports members of VLANs dynamically, chances are high that even if you do not make a port a member of the voice VLAN manually, it will not prevent the LLDP-MED from being sent as it would have to take into account also whether 802.1x is enabled on the interface, and doing that would lead to inconsistent behavior.
So I'd suggest to try and see. Use a sniffer matching on mac-protocol=lldp, connect a phone to a port which is not a member of the voice VLAN, and see what the Mikrotik sends to it - once you catch some packets, save the sniffer buffer to a .pcap file and open that file using Wireshark.
Some possible options:
If you make a custom interface list
and add all the ports you want (but not the bridge) to this list, you can make ip discovery use this list and it will only target those ports.
So no discovery on the ports missing from the list.
Another option might be to use a switch chip rule, and if an LLDP packet is found coming in on the selected interfaces it is dropped.
(ideally would drop LLDP outbound packets on those interfaces too, but that looks maybe difficult)
Would get some discovery on these ports.