Same Problem here. LLDP looks totally broken right now.
This is roughly how my Network looks like. All Server are in the same VLAN. The mgmt interface from both switches is also in the same vlan.
layer1.png
sw01
[admin@sw01] > ip neighbor print
# INTERFACE ADDRESS MAC-ADDRESS IDENTITY VERSION BOARD
0 mgmt x.x.x.101 00:1E:06:xx:xx:xx srv1 <--- partly broken. connected to ether1 not mgmt interface!
1 mgmt x.x.x.102 00:1E:06:xx:xx:xx srv2 <--- partly broken. connected to ether2 not mgmt interface!
2 mgmt x.x.x.103 00:1E:06:xx:xx:xx srv3 <--- partly broken. connected to ether3 not mgmt interface!
3 mgmt x.x.x.104 00:1E:06:xx:xx:xx srv4 <--- partly broken. connected to ether4 not mgmt interface!
4 mgmt x.x.x.105 00:1E:06:xx:xx:xx srv5 <--- partly broken. connected to ether5 not mgmt interface!
5 mgmt x.x.x.251 CC:2D:E0:xx:xx:xx sw02 <--- partly correct. sw02 is connected on ether23 not mgmt!
[admin@sw01] > ip neighbor export verbose
/ip neighbor discovery-settings
set discover-interface-list=!dynamic lldp-med-net-policy-vlan=disabled protocol=lldp
sw01 is not showing the firewall - tcpdump shows that there are LLDP PDUs send to sw01. Not sure why this entry is ignored. The fw is seeing sw01!
sw02
[admin@sw02] > ip neighbor print
# INTERFACE ADDRESS MAC-ADDRESS IDENTITY VERSION BOARD
0 mgmt x.x.x.101 00:1E:06:xx:xx:xx srv1 <--- broken - not connected to sw02! Should not be here!
1 mgmt x.x.x.102 00:1E:06:xx:xx:xx srv2 <--- broken - not connected to sw02! Should not be here!
2 mgmt x.x.x.103 00:1E:06:xx:xx:xx srv3 <--- broken - not connected to sw02! Should not be here!
3 mgmt x.x.x.104 00:1E:06:xx:xx:xx srv4 <--- broken - not connected to sw02! Should not be here!
4 mgmt x.x.x.105 00:1E:06:xx:xx:xx srv5 <--- broken - not connected to sw02! Should not be here!
5 mgmt x.x.x.250 6C:3B:6B:xx:xx:xx sw01 <--- partly correct. sw01 is connected on ether7 - not mgmt interface!
[admin@sw02] > ip neighbor export verbose
/ip neighbor discovery-settings
set discover-interface-list=!dynamic lldp-med-net-policy-vlan=disabled protocol=lldp
Firewall - lldpctl
fw ~ # lldpctl
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface: eth0, via: LLDP, RID: 20, Time: 0 day, 00:44:40 <---- This is correct!
Chassis:
ChassisID: mac 6c:3b:6b:xx:xx:xx
SysName: sw01
SysDescr: MikroTik RouterOS 6.48.2 (stable) CRS326-24G-2S+
...
Port:
PortID: ifname br1/ether21
-------------------------------------------------------------------------------
Interface: eth0, via: LLDP, RID: 24, Time: 0 day, 00:44:12 <---- This is broken. The firewall is not directly connected to srv1
Chassis:
ChassisID: mac 00:1e:06:xx:xx:xx
SysName: srv1
SysDescr: Gentoo/Linux Linux 5.10.23-gentoo #1 SMP Wed Mar 17 21:25:14 CET 2021 x86_64
...
-------------------------------------------------------------------------------
Interface: eth0, via: LLDP, RID: 26, Time: 0 day, 00:44:11 <---- this is partly correct. Port makes no sense. mgmt is a virtual Interface
Chassis:
ChassisID: mac cc:2d:e0:xx:xx:xx
SysName: sw02
SysDescr: MikroTik RouterOS 6.48.2 (stable) CRS112-8G-4S
...
Port:
PortID: ifname mgmt
-------------------------------------------------------------------------------
Interface: eth0, via: LLDP, RID: 20, Time: 0 day, 00:44:10 <---- This is totally broken - Why is sw01 (see above) twice in the List?
Chassis:
ChassisID: mac 6c:3b:6b:xx:xx:xx
SysName: sw01
SysDescr: MikroTik RouterOS 6.48.2 (stable) CRS326-24G-2S+
...
Port:
PortID: ifname mgmt
-------------------------------------------------------------------------------
Interface: eth0, via: LLDP, RID: 21, Time: 0 day, 00:39:42 <---- This is broken. The firewall is not directly connected to srv2
Chassis:
ChassisID: mac 00:1e:06:xx:xx:xx
SysName: srv2
SysDescr: Gentoo/Linux Linux 5.10.23-gentoo #1 SMP Wed Mar 17 21:27:09 CET 2021 x86_64
...
-------------------------------------------------------------------------------
Interface: eth0, via: LLDP, RID: 22, Time: 0 day, 00:39:42 <---- This is broken. The firewall is not directly connected to srv3
Chassis:
ChassisID: mac 00:1e:06:xx:xx:xx
SysName: srv3
SysDescr: Gentoo/Linux Linux 5.10.23-gentoo #1 SMP Wed Mar 17 21:27:09 CET 2021 x86_64
...
-------------------------------------------------------------------------------
Interface: eth0, via: LLDP, RID: 23, Time: 0 day, 00:39:42 <---- This is broken. The firewall is not directly connected to srv4
Chassis:
ChassisID: mac 00:1e:06:xx:xx:xx
SysName: srv4
SysDescr: Gentoo/Linux Linux 5.10.23-gentoo #1 SMP Wed Mar 17 21:27:09 CET 2021 x86_64
...
-------------------------------------------------------------------------------
Interface: eth0, via: LLDP, RID: 25, Time: 0 day, 00:39:42 <---- This is broken. The firewall is not directly connected to srv5
Chassis:
ChassisID: mac 00:1e:06:xx:xx:xx
SysName: srv5
SysDescr: Gentoo/Linux Linux 5.10.23-gentoo #1 SMP Wed Mar 17 21:27:09 CET 2021 x86_64
...
-------------------------------------------------------------------------------
Interface: eth2, via: LLDP, RID: 19, Time: 0 day, 00:44:54 <---- This is correct
Chassis:
ChassisID: mac c4:ad:34:xx:xx:xx
SysName: gw
SysDescr: MikroTik RouterOS 6.48.2 (stable) RB760iGS
...
Port:
PortID: ifname ether5
-------------------------------------------------------------------------------
srv2 - this all also happens on srv1,3-5
srv2 ~ # lldpctl
-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface: enp2s0, via: LLDP, RID: 16, Time: 0 day, 01:26:05 <---- This is correct
Chassis:
ChassisID: mac 6c:3b:6b:xx:xx:xx
SysName: sw01
SysDescr: MikroTik RouterOS 6.48.2 (stable) CRS326-24G-2S+
...
Port:
PortID: ifname br1/ether1
-------------------------------------------------------------------------------
Interface: enp2s0, via: LLDP, RID: 19, Time: 0 day, 01:25:36 <---- broken
Chassis:
ChassisID: mac 00:1e:06:xx:xx:xx
SysName: srv1
SysDescr: Gentoo/Linux Linux 5.10.23-gentoo #1 SMP Wed Mar 17 21:25:14 CET 2021 x86_64
...
-------------------------------------------------------------------------------
Interface: enp2s0, via: LLDP, RID: 21, Time: 0 day, 01:25:35 <---- broken
Chassis:
ChassisID: mac cc:2d:e0:xx:xx:xx
SysName: sw02
...
Port:
PortID: ifname mgmt
-------------------------------------------------------------------------------
Interface: enp2s0, via: LLDP, RID: 16, Time: 0 day, 01:25:34 <---- totally broken - second entry - mgmt interface
Chassis:
ChassisID: mac 6c:3b:6b:xx:xx:xx
SysName: sw01
SysDescr: MikroTik RouterOS 6.48.2 (stable) CRS326-24G-2S+
...
Port:
PortID: ifname mgmt
-------------------------------------------------------------------------------
Interface: enp2s0, via: LLDP, RID: 17, Time: 0 day, 01:21:06 <---- broken
Chassis:
ChassisID: mac 00:1e:06:xx:xx:xx
SysName: srv4
SysDescr: Gentoo/Linux Linux 5.10.23-gentoo #1 SMP Wed Mar 17 21:27:09 CET 2021 x86_64
...
-------------------------------------------------------------------------------
Interface: enp2s0, via: LLDP, RID: 18, Time: 0 day, 01:21:06 <---- broken
Chassis:
ChassisID: mac 00:1e:06:xx:xx:xx
SysName: srv3
SysDescr: Gentoo/Linux Linux 5.10.23-gentoo #1 SMP Wed Mar 17 21:27:08 CET 2021 x86_64
...
-------------------------------------------------------------------------------
Interface: enp2s0, via: LLDP, RID: 20, Time: 0 day, 01:21:06 <---- broken
Chassis:
ChassisID: mac 00:1e:06:xx:xx:xx
SysName: srv5
SysDescr: Gentoo/Linux Linux 5.10.23-gentoo #1 SMP Wed Mar 17 21:27:09 CET 2021 x86_64
...
Even when i disable LLDP (set discover-interface-list=none) on sw01, i still see all Devices on all other Devices. This should not happen.
I would expect the following:
- sw01 should only list fw, srv1-5, sw02 on their respective physical interface
- sw02 should only list sw01 on the physical interface
- fw should only list gw, sw01
- srv2 should only list sw01
Greetings
Matthias
You do not have the required permissions to view the files attached to this post.