Community discussions

MikroTik App
 
vogtdominik
just joined
Topic Author
Posts: 13
Joined: Fri Mar 22, 2019 2:39 pm

LLDP only works partially

Tue Dec 10, 2019 1:14 pm

We manage multiple mikrotik hotspots (router + accesspoint) and use LLDP to discover connected mikrotik accesspoints connected to the hotspot router. Generally speaking this works good for +1000 Hotspots.

Scenario (Router OS v6.46):
1x MikroTik CHR as SSTP.
1x MikroTik hEX PoE (is connected to MikroTik CHR via SSTP and recieves IP via DHCP-Client)
6x MikroTik wAP ac (each connected to the MikroTik hEX PoE (3x AP on Port 5))

We observe strange behaviour with LLDP where certain connected accesspoints are not listed, which we can not explain. In Neighbor-Discovery on Port 5 we only see 1 AP of the expected 3 AP.
1 of 3 ap.PNG

But when i look at the SSTP-Server, i easily see the connected AP in Neighbor-Discovery
ap in sstp-server.PNG

Now, when I change ARP mode in "management_vlan" from "enabled" to "proxy-arp" on MikroTik hEX suddenly all AP are visible. This will only last for ~180s, until the Age (s) Threshold is reached. Then the previously missing AP will be missing again.
3 of 3 ap.PNG

I am looking for a solution, so that LLDP will work correctly again. Does anyone know why this might occur?

MikroTik hEX PoE Settings:
/interface bridge
add fast-forward=no name=management_vpn
add comment=defconf name=hotspot_bridge protocol-mode=none
/interface vlan
add interface=hotspot_bridge name=managment_vlan vlan-id=420
/interface bridge port
add bridge=hotspot_bridge interface=ether2
add bridge=hotspot_bridge interface=ether3
add bridge=hotspot_bridge interface=ether4
add bridge=hotspot_bridge interface=ether5
add bridge=management_vpn interface=managment_vlan
/interface list
add comment="contains local interfaces" name=ether
add name=management_discovery
/interface list member
add interface=managment_vlan list=management_discovery
add interface=hotspot_bridge list=management_discovery
/ip neighbor discovery-settings
set discover-interface-list=management_discovery
/interface sstp-client
add connect-to=$RANDOMSSTPSERVER disabled=no name=manangement_sstp password=$RANDOMSSTPPASSWORD profile=vpn user=$RANDOMSSTPUSER
/ppp profile
add bridge=management_vpn name=vpn
/ip dhcp-client
add disabled=no interface=ether1
add add-default-route=no disabled=no interface=management_vpn
MikroTik wAP ac Settings
/interface bridge
add auto-mac=no name=bridge
/interface bridge port
add bridge=bridge interface=ether1
add bridge=bridge interface=wlan1
add bridge=bridge interface=wlan2
/interface vlan
add interface=bridge name=management_vlan vlan-id=420
/ip neighbor discovery-settings print 
  discover-interface-list: !dynamic
/ip dhcp-client
add add-default-route=no disabled=no interface=management_vlan 
You do not have the required permissions to view the files attached to this post.
 
vogtdominik
just joined
Topic Author
Posts: 13
Joined: Fri Mar 22, 2019 2:39 pm

Re: LLDP only works partially

Wed Dec 11, 2019 3:15 pm

Anyone any hints?
 
pe1chl
Forum Guru
Forum Guru
Posts: 7233
Joined: Mon Jun 08, 2015 12:09 pm

Re: LLDP only works partially

Wed Dec 11, 2019 3:35 pm

Are you sure that all your MAC-addresses are unique? I.e. you never took the shortcut of configuring an AP by loading a backup made on another AP, or otherwise set the same MAC e.g. in virtual AP.
(same MAC on ether and VLAN is of course not a problem)
 
vogtdominik
just joined
Topic Author
Posts: 13
Joined: Fri Mar 22, 2019 2:39 pm

Re: LLDP only works partially

Wed Dec 11, 2019 4:15 pm

Are you sure that all your MAC-addresses are unique? I.e. you never took the shortcut of configuring an AP by loading a backup made on another AP, or otherwise set the same MAC e.g. in virtual AP.
(same MAC on ether and VLAN is of course not a problem)
All our devices are configured with the same .rsc via netinstall, that has no pre-definied/static mac address what so every. This should make sure, that it only uses unique mac-addresses that come with the hardware/router/device.
 
roncoruk
just joined
Posts: 1
Joined: Mon Feb 10, 2020 11:23 am

Re: LLDP only works partially

Mon Feb 22, 2021 4:21 pm

Hi,

Did you ever get to the bottom of this? We are having the same thing where the AP's only stay in the Neighbour discovery table for 180 seconds and then disappear. We are using Cisco AP's< Zyxel switches and then the Miktotik Routers. I can see the AP's in the Zyxel LLDP table and on the Controller but they only show up on the Mikrotik after a reboot of the AP or switch and then only for the 180 seconds.
 
pe1chl
Forum Guru
Forum Guru
Posts: 7233
Joined: Mon Jun 08, 2015 12:09 pm

Re: LLDP only works partially

Tue Feb 23, 2021 11:12 am

LLDP is not forwarded by (correctly working) switches. So what you observe would be normal: you do not see the LLDP info at a router connected to APs via a switch.
MikroTik has another protocol that provides this information (MNDP) which works at UDP level and it is forwarded by switches.
 
vogtdominik
just joined
Topic Author
Posts: 13
Joined: Fri Mar 22, 2019 2:39 pm

Re: LLDP only works partially

Tue Feb 23, 2021 4:07 pm

Unfortunately we did not solve this. We had to disable alerting for the mentioned AP.

Best wishes
Dominik
 
vogtdominik
just joined
Topic Author
Posts: 13
Joined: Fri Mar 22, 2019 2:39 pm

Re: LLDP only works partially

Tue Feb 23, 2021 4:13 pm

LLDP is not forwarded by (correctly working) switches. So what you observe would be normal: you do not see the LLDP info at a router connected to APs via a switch.
MikroTik has another protocol that provides this information (MNDP) which works at UDP level and it is forwarded by switches.
This seems reasonable.

But when I check LLDP/MNDP on the vpn-server the mikrotik router is connected, you will see the connected AP in neighbor discovery. Therefore the switch is forwarding LLDP. Because I do not fully understand how this protocol works, I can only mention what I'm observing on the devices in hope that somebody who does understand can give some hints on how to resolve this issue.
 
pe1chl
Forum Guru
Forum Guru
Posts: 7233
Joined: Mon Jun 08, 2015 12:09 pm

Re: LLDP only works partially

Tue Feb 23, 2021 5:02 pm

LLDP works only between a switch and its connected equipment.
MNDP works across a broadcast-capable network. So it can work on a local network (including across switches) and also over some but not all VPN networks.
(e.g. GRE, L2TP)

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], nagylzs, sindy, smitas3400 and 145 guests