Community discussions

 
dl9rdz
just joined
Topic Author
Posts: 6
Joined: Wed Nov 27, 2013 8:59 am

LLDP support for neighbor discovery

Fri May 09, 2014 1:31 pm

IP neighbor discovery is a great feature, but unfortunately does not work many 3rd-party devices.

While RouterOS supports the proprietary CDP, it does not support the standard protocol LLDP. There are many non-Mikrotik devices that support LLDP but not CDP (or even removed CDP support and migrated towards LLDP).

Is there any chance of having LLDP support in Mikrotik RouterOS in the future? (Assuming that I did not miss an already existing feature... 8) )
 
lz1dsb
Member Candidate
Member Candidate
Posts: 222
Joined: Wed Aug 07, 2013 11:48 am

Re: LLDP support for neighbor discovery

Fri May 09, 2014 2:54 pm

According to the official documentation on the subject:
http://wiki.mikrotik.com/wiki/Manual:IP ... _discovery

LLDP is not supported. At least nothing is mentioned in the document. I agree that LLDP is an important feature nowadays...
 
lorsungcu
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Sat Jul 09, 2011 11:11 pm

Re: LLDP support for neighbor discovery

Mon May 12, 2014 8:25 pm

This would be very, very nice.
 
User avatar
Hammy
Forum Veteran
Forum Veteran
Posts: 737
Joined: Fri May 28, 2004 5:53 pm
Location: DeKalb, IL
Contact:

Re: LLDP support for neighbor discovery

Fri Jan 01, 2016 4:34 pm

*bump*
-----
Mike Hammett

The Brothers WISP
 
User avatar
hansel84
just joined
Posts: 4
Joined: Mon Jan 11, 2016 6:54 am
Contact:

Re: LLDP support for neighbor discovery

Thu Feb 08, 2018 8:12 am

+1 = LLDP Neighbor Discovery is an awesome feature
 
SPKA16
newbie
Posts: 25
Joined: Fri Aug 05, 2016 8:41 pm

Re: LLDP support for neighbor discovery

Thu Feb 08, 2018 10:34 am

Should be there since 6.38:

What's new in 6.38 (2016-Dec-30 11:33):

Important note!!!
RouterOS v6.38 contains STP/RSTP changes which makes bridges compatible with IEEE 802.1Q-2014 by sending and processing BPDU packets without VLAN tag.
To avoid STP/RSTP compatibility issues with older RouterOS versions, upgrade RouterOS to v6.38 on all routers in Layer2 networks with VLAN and STP/RSTP configurations.
The recommended procedure is to start by upgrading the remotest routers and gradually do it to the Root Bridge device.
If after upgrade you experience loss of connectivity, then disabling STP/RSTP on RouterOS bridge interface will restore connectivity so you can complete upgrade process on your network.

!) ipsec - added IKEv1 xauth user authentication with RADIUS "/ip ipsec user settings set xauth-use-radius=yes";
!) ipsec - added IKEv2 support;
!) ipsec - added IKEv2 EAP RADIUS passthrough authentication for responder;
!) ipsec - added support for unique policy generation;
!) ipsec - removed IKEv1 ah+esp support;
!) snmp - added basic get and walk functionality "/tool snmp-[get|walk]";
!) switch - added hardware STP functionality for CRS devices and small Atheros switch chips (http://wiki.mikrotik.com/wiki/Manual:CR ... e_Protocol);
!) tr069-client - initial implementation (as separate package) (cli only);
!) winbox - Winbox 3.7 is the minimum version that can connect to RouterOS;
*) arp - added "local-proxy-arp" feature;
*) bonding - added "forced-mac-address" option;
*) bonding - fixed "tx-drop" on VLAN over bonding on x86;
*) bridge - fixed rare crash on bridge port removal;
*) bridge - fixed VLAN BPDU rx and tx when connected to non-RouterOS device with STP functionality;
*) bridge - require admin-mac to be specified if auto-mac is disabled;
*) bridge - show bridge port name in port monitor;
*) capsman - added "group-key-update" parameter;
*) capsman - added possibility to change arp, mtu, l2mtu values in datapath configuration;
*) capsman - fixed CAP upgrade when separate wireless package is used (introduced in 6.37);
*) capsman - use correct source address in reply to unicast discovery requests;
*) ccr - added AHCI driver for Samsung XP941 128GB AHCI M.2;
*) certificates - added support for PKCS#12 export;
*) certificates - allow import multiple certs with the same key;
*) certificates - fixed crash when crl is removed while it is being fetched;
*) certificates - fixed trust chain update on local certificate revocation in programs using ssl;
*) certificates - if no name provided create certificate name automatically from certificate fields;
*) console - fixed multi argument value unset;
*) crs - added comment ability in more switch menus;
*) crs - fixed rare kernel failure on switch reset (for example, reboot);
*) dhcp - fixed DNS server assignment to client if dynamic server exists and is from another IP family;
*) dhcp - fixed issue when dhcp-client was still possible on interfaces with "slave" flag and using slave interface MAC address;
*) dhcp - show dhcp server as invalid and log an error when interface becomes a slave;
*) dhcp-server - fixed when wizard was unable to create pool >dhcp_pool99;
*) discovery - added LLDP support;
*) discovery - removed 6to4 tunnels from "/ip neighbor discovery menu";
*) dns - added "max-concurrent-queries" and "max-concurrent-tcp-sessions" settings;
*) dude - (changes discussed here: http://forum.mikrotik.com/viewtopic.php?f=8&t=112599);
*) ethernet - added "k" and "M" unit support to Ethernet Bandwidth setting;
*) ethernet - fixed "tx-fcs-error" on SFP+ interfaces when loop-protect is enabled;
*) export - do not show interface comment in "/ip neighbor discovery" menu;
*) export - updated default values to clean up export compact;
*) fastpath - fixed rare crash;
*) fastpath - fixed x86 bridge fast-path status shown as active even if it is manually disabled;
*) file - fixed file manager crash when file transfer gets cancelled;
*) firewall - added "creation-time" to address list entries;
*) firewall - added sctp/dccp/udp-lite support for "src-port", "dst-port", "port" and "to-ports" firewall options;
*) firewall - do not defragment packets which are marked with "notrack" in raw firewall;
*) firewall - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
*) firewall - fixed dynamic raw rule behaviour;
*) firewall - fixed rule activation if "time" option is used and no other active rules are present;
*) firewall - increased max size of connection tracking table to 1048576;
*) firewall - new faster "connection-limit" option implementation;
*) firewall - significantly improved large firewall rule set import performance;
*) graphing - fixed queue graphs showing up in web interface if aggregate name size >57840 symbols;
*) health - show power consumption on devices which has voltage and current monitor;
*) hotspot - fixed nat rule port setting in "hs-unauth-to" chain by changing it from "dst-port" to "src-port" on Walled Garden ip "return" rules;
*) interface - changed loopback interface mtu to 1500;
*) interface - do not treat multiple zeros as single zero on name comparison;
*) interface - show link stats in "/interface print stats-detail" output;
*) ipsec - added ability to specify static IP address at "send-dns" option;
*) ipsec - added ph2 accounting for each policy "/ip ipsec policy ph2-count";
*) ipsec - allow to specify explicit split dns address;
*) ipsec - changed logging topic from error to debug when empty pfkey messages are received;
*) ipsec - do not auto-negotiate more SAs than needed;
*) ipsec - ensure generated policy refers to valid proposal;
*) ipsec - fixed camellia crypto algorithm module loading;
*) ipsec - fixed IPv6 remote prefix;
*) ipsec - fixed kernel failure on tile with sha256 when hardware encryption is not being used;
*) ipsec - fixed peer configuration my-id IPv4 address endianness;
*) ipsec - fixed ph2 auto-negotiation by checking policies in correct order;
*) ipsec - load ipv6 related modules only when ipv6 package is enabled;
*) ipsec - make generated policies always as unique;
*) ipsec - non passive peers will also establish SAs from policy without waiting for the first packet;
*) ipsec - optimized logging under ipsec topic;
*) ipsec - show active flag when policy has active SA;
*) ipsec - show SA "enc-key-size";
*) ipsec - split "mode-config" and "send-dns" arguments;
*) ipv6 - added "no-dad" setting to ipv6 addresses;
*) ipv6 - fixed "accept-router-advertisements" behaviour;
*) ipv6 - moved empty IPv6 pool error message to error topic;
*) lcd - improved performance, causes less cpu load;
*) led - fixed dark mode for cAP 2nD (http://wiki.mikrotik.com/wiki/Manual:Sy ... ds_Setting);
*) log - fixed "System rebooted because of kernel failure" message to show after 1st crash reboot;
*) lte - added support for more Vodafone K4201-Z, Novatel USB620L, PANTECH UML295 and ZTE MF90 modems;
*) lte - allow to execute concurrent info commands;
*) lte - fixed dwm-222, Pantech UML296 support;
*) lte - fixed init delay after power reset;
*) lte - increased delay when setting sms send mode;
*) lte - return info data when all the fields are populated;
*) metarouter - fixed startup process (introduced in 6.37.2);
*) mmips - fixed traffic accounting in "/interface" menu;
*) ospf - fixed route crash caused by memory corruption when there are multiple active interfaces;
*) ppp - fixed packet size calculation when MRRU is set (was 2 bytes bigger than MTU allows);
*) ppp - significantly improved shutdown speed on servers with many active tunnels;
*) ppp - significantly improved tunnel termination process on servers with many active tunnels;
*) profile - added "bfd" and "remote-access" processes;
*) profile - added ability to monitor cpu usage per core;
*) profile - make profile work on mmips devices;
*) profile - properly classify "wireless" processes;
*) queue - fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
*) radius - added IPSec service (cli only);
*) rb750Gr3 - fixed ipsec with 3des+md5 to work on this board;
*) rb850Gx2 - fixed pcb temperature monitor if temperature was above 60C;
*) resolver - ignore cache entries if specific server is used;
*) routerboot - show log message if router CPU/RAM is overclocked;
*) script - increment run count value when script is executed from snmp;
*) snmp - always report bonding speed as speed from first bonding slave;
*) snmp - fixed rare crash when incorrectly formatted packet was received;
*) snmp - provide sinr in lte table;
*) ssh - added routing-table setting (cli only);
*) ssh - fixed lost "/ip ssh" settings on upgrade from version older than 5.15;
*) system - reboot device on critical program crash;
*) tile - fixed kernel failure when when IPv6 ICMP packet is sent through PPP interface;
*) time - updated time zones;
*) traceroute - fixed memory leak;
*) traffic-flow - fixed flow sequence counter and length;
*) trafficgen - fixed compact export when "header-stack" includes tcp;
*) trafficgen - fixed crash when IPv6 traffic is processed;
*) trafficgen - fixed potential crash when very big frame is generated;
*) trafficgen - improved fastpath support;
*) tunnel - fixed transmit packets occasionally not going through fastpath;
*) tunnel - properly export keepalive value;
*) usb - fixed kernel failure when Nexus 6P device is removed;
*) users - added minimal required permission set for full user group;
*) users - added TikApp policy;
*) vlan - allow to add multiple VLANs which name starts with same number and has same length;
*) vrrp - do not show unrelated log warning messages about version mismatch;
*) watchdog - do not send supout file if "auto-send-supout" is disabled;
*) webfig - added extra protection against XSS exploits;
*) webfig - show ipv6 addresses correctly;
*) webfig - show properly interface last-link-up/down times;
*) winbox - added "Complete" flag to arp table;
*) winbox - added "untracked" option to firewall "connection-state" setting;
*) winbox - added Dude icon to Dude menu;
*) winbox - allow to enable/disable traffic flow targets;
*) winbox - allow to run profile from "/system resources" menu;
*) winbox - allow to specify interface for leds with "interface-speed" trigger;
*) winbox - do not allow to set "loop-protect-send-interval" to 0s;
*) winbox - do not show hotspot user profile incoming and outgoing filters and marks as set if there is no value specified;
*) winbox - fixed crash when legacy Winbox version was used;
*) winbox - fixed default values for interface "loop-protect-disable-time" and "loop-protect-send-interval";
*) winbox - fixed missing "IPv6/Settings" menu;
*) winbox - fixed typo in "propagate-ttl" setting;
*) winbox - make cert signing include provided ca-crl-host;
*) winbox - moved ipsec peer "exchange-mode" to General tab;
*) winbox - properly show VHT basic and supported rates in CAPsMAN;
*) winbox - removed spare values from loop-protect menu;
*) winbox - show all related HT tab settings in 2GHz-g/n mode;
*) winbox - show primary and secondary ntp addresses as 0.0.0.0 if none are set;
*) winbox - show proper ipv6 connection timeout;
*) wireless - added API command to report country-list (/interface/wireless/info/country-list);
*) wireless - added CRL checking for eap-tls;
*) wireless - fixed action frame handling for WDS nodes;
*) wireless - fixed custom channel extension-channel appearance in console;
*) wireless - fixed full "spectral-history" header print on AP modes;
*) wireless - fixed rare kernel failure when connecting to nv2 access point with legacy rate select;
*) wireless - fixed upgrade from older wireless packages when AP interface had empty SSID;
*) wireless - take in account channel width when returning supported channels;
*) wireless - use VLAN ID 0 in RADIUS message to disable VLAN tagging;
 
ShyLion
newbie
Posts: 47
Joined: Thu Sep 28, 2017 7:24 am

Re: LLDP support for neighbor discovery

Fri Feb 09, 2018 9:07 am

LLDP-MIB support is very, very poor:

lldpLocChassisIdlocChassisId and lldpLocChassisIdSubtype is missing, although they ARE advertised to remote peer
lldpLocPortId and lldpLocPortIdSubtype have macAddress type, BUT different type (interfaceName) is advertised to remote peer
lldpRemSysCapSupported and lldpRemSysCapEnabled has WRONG type, INTEGER instead of standard BITS

lldpRemTable(s) has WRONG index, sequence only, without port number and timemark

All of this require some complex logic and additional info querying to draw actual network map.

Just WHY you, devs, do not follow very simple standards and invent wheels over and over again?

Also, GETBULK requests sometimes return malformed PDUs, causing snmp timeouts. Checked it in 6.41.1. snmpbulkwalk fails as soon as lldpRemSysDescr gets into GetRequest.
 
User avatar
acruhl
Member
Member
Posts: 359
Joined: Fri Jul 03, 2015 7:22 pm

Re: LLDP support for neighbor discovery

Sat Feb 10, 2018 7:19 am

So have you opened bugs on this?

Regular LLDP works from other name brand switches:
me@EX2200-24P-4G> show lldp neighbors interface ge-0/0/15 
LLDP Neighbor Information:
Local Information:
Index: 693 Time to live: 120 Time mark: Sat Feb 10 05:14:59 2018 Age: 16 secs 
Local Interface    : ge-0/0/15.0
Parent Interface   : -
Local Port ID      : 516
Ageout Count       : 0

Neighbour Information:
Chassis type       : Mac address
Chassis ID         : 6c:3b:6b:gh:ij:kl
Port type          : Interface name
Port ID            : ether1
System name        : MikroTik-mAP-lite
  
System Description : MikroTik RouterOS 6.41.2 (stable) RBmAPL-2nD

System capabilities 
        Supported  : Bridge WLAN Access Point Router 
        Enabled    : Bridge WLAN Access Point Router 

Management Info 
        Type              : IPv4
        Address           : 192.168.333.999
        Port ID           : 6
        Subtype           : 1
        Interface Subtype : ifIndex(2)
        OID               : 1.3.6.1.2.1.31.1.1.1.1.6
Stuff.
 
ShyLion
newbie
Posts: 47
Joined: Thu Sep 28, 2017 7:24 am

Re: LLDP support for neighbor discovery

Mon May 20, 2019 3:34 pm

6.44.3
Nothing changed:
# snmpbulkwalk 10.0.24.79 lldpLocPortId
LLDP-MIB::lldpLocPortId.1 = STRING: "B8:69:F4:BE:25:2A"
LLDP-MIB::lldpLocPortId.2 = STRING: "B8:69:F4:BE:25:2B"
LLDP-MIB::lldpLocPortId.3 = STRING: "B8:69:F4:BE:25:2C"
LLDP-MIB::lldpLocPortId.4 = STRING: "B8:69:F4:BE:25:2D"
Neigbour:
# snmpbulkwalk 10.0.6.49 lldpRemPortId
LLDP-MIB::lldpRemPortId.4092523400.11.1 = STRING: "ether1"
LLDP-MIB::lldpRemPortId.4092958200.12.1 = STRING: "ether2"
Nobody cares.
 
sindy
Forum Guru
Forum Guru
Posts: 3942
Joined: Mon Dec 04, 2017 9:19 pm

Re: LLDP support for neighbor discovery

Mon May 20, 2019 4:13 pm

I repeat @acruhl's question - have you sent this to support@mikrotik.com?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
WyldCard79
just joined
Posts: 1
Joined: Mon Jun 24, 2019 4:57 pm

Re: LLDP support for neighbor discovery

Mon Jun 24, 2019 6:41 pm

I would also like to know if this has been sent to mikrotik support. I am facing the same issue with my Mikrotik devices and getting LLDP to build out a proper network Topology Map in my 3rd party monitoring software. I can see all the neighbors in the devices themselves, but I'm guessing this is Mikrotik's discorvery platform that is picking them up.
 
ShyLion
newbie
Posts: 47
Joined: Thu Sep 28, 2017 7:24 am

Re: LLDP support for neighbor discovery

Thu Sep 19, 2019 9:58 am

Just emailed them:
Hello.

I develop my own network topology application, which uses LLDP-MIB to build network map and found some major drawbacks from Mikrotik's implementation of mentioned MIB.

Here is the list of issues:

1. lldpLocPortId and lldpLocPortIdSubtype does not match values, anounced in LLDP BPDUs, in fact, device anounces interface name as PortId and interfaceName as PortIdSubtype

this makes it complex to cross-reference with values in neghbour's lldpRemTable

2. For virtual ports (which should not be actually there) lldpLocPortIdSubtype is set to macAddress and lldpLocPortId is empty string, while you could just set it to interfaceName and actual interface name which is unique

3. lldpRemPortId and lldpRemPortIdSubtype are populated with wrong values! It set it to interfaceName as lldpRemPortIdSubtype and puts PortDesc as lldpRemPortId which is TOTALLY WRONG

these values does not match lldpLocPortId and lldpLocPortIdSubtype of remote device and cannot be used to cross-reference simply because PortDesc is empty on most devices or could be the same for many ports. PortDesc in LLDP BPDUs is taken from port description, which is Human friendly description of port on most managed switches.

4. LLDP should work on physical interfaces only. It is Link-Local discovery protocol.

5. lldpRemSysCapSupported, lldpRemSysCapEnabled, lldpLocSysCapSupported, lldpLocSysCapEnabled has wrong TYPE. Standard tells that they should be BITS type, but you agent responds with INTEGER type

All of this were checked on latest long-term firmware 6.44.5

Who is online

Users browsing this forum: MSN [Bot] and 146 guests