Community discussions

MikroTik App
 
brainkiller
just joined
Topic Author
Posts: 2
Joined: Fri Jan 27, 2023 11:40 pm

CRS125 forwarding LLDP/CDP/MNDP broadcasts

Fri Jan 27, 2023 11:50 pm

Hi,

I have 2 CRS125 devices in separate locations connected to various other mikrotik devices.
When I enabled neighbor discovery recently to automate building a network topology map I noticed that the CRS125 are forwarding LLDP packets to the other devices.
I cannot seem to figure out how to disable or block this while having hardware offload enabled.

Example topology:
<PC1 sending LLDP> ---- <CRS125> ---- <Omnitik 5>

On the Omnitik I see the LLDP message of PC1.

With hardware offload disabled I can easily block the CDP and MNPD broadcasts using bridge filters and LLDP isn´t forwarded as designed.
I read something about using switch ACLs but this doesn´t seem to be supported on my switch cpus (QCA 8513L)
The wiki suggest to use port isolation for this but I can´t seem to figure it out.

Do any of you have any experience with this kind of issue ?

Thanks for you help.
 
User avatar
jbl42
Member Candidate
Member Candidate
Posts: 214
Joined: Sun Jun 21, 2020 12:58 pm

Re: CRS125 forwarding LLDP/CDP/MNDP broadcasts

Sat Jan 28, 2023 10:43 pm

I read something about using switch ACLs but this doesn´t seem to be supported on my switch cpus (QCA 8513L)
According to
https://help.mikrotik.com/docs/pages/vi ... =103841835
CRS125 should have switch ACLs available in
/interface ethernet switch acl
At the other hand, LLDP should not be forwarded by IEEE802.1D compliant bridges.
In my experience, MT l2hw bridges forward everything with protocol setting to none. Enabling RSTP or STP changes this to IEEE802.1D compliant forwarding and LLDP and similar packets are dropped without requiring specific ACLs.
 
brainkiller
just joined
Topic Author
Posts: 2
Joined: Fri Jan 27, 2023 11:40 pm

Re: CRS125 forwarding LLDP/CDP/MNDP broadcasts

Sat Jan 28, 2023 11:08 pm

Indeed I also saw this on the help/wiki but when I try this I get:
/interface/ethernet/switch/acl> add action=drop mac-protocol=lldp
failure: policy rules are not supported on this switch chip
I just double checked but all bridges have RSTP configuration on both devices.

Who is online

Users browsing this forum: mkx, mtkvvv and 51 guests