Overview

The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol in the Internet Protocol Suite used by Aruba network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. The LLDP-bypass authentication feature provides zero touch provisioning of Aruba 802.11ac wireless access points (APs).

In an LLDP module, the packet is parsed and inspected for the presence of an Aruba Organizational Unit Identifier (OUI) Type-length-value (TLV). The Aruba OUI TLV, once detected, will bypass the authentication and permit traffic to pass on the port. If the Aruba OUI TLV is absent, the packet will be dropped and processing of the packet or LLDP transmission for that device will not pass.

In ZTP environments, when an Aruba AP is plugged into the switch port, the device profiles will be applied on the AP without any user intervention. After discovery of an Aruba AP, the switch will dynamically provision the AP connected port without initiating any authentication needs. This feature is enabled at the port-level or on a range of ports.

Feature interaction

  • LLDP-bypass authentication feature supports port mode only.

  • Devices having the LLDP packets with customized OUI/ Aruba AP/Aruba OS switch/swiscom devices are bypassed from authentication.

  • If LLDP-bypass is configured alone, all the connected clients are allowed without any authentication.

  • If LLDP-bypass is configured with authentication features such as 802.1X, LMA or MAC auth and with or without client limit, authentication is not triggered for any client.

  • If LLDP-bypass is configured with 802.1X, and LMA, authentication will not be triggered for any client.

  • If LLDP-bypass is configured with 802.1X, and MAC, authentication will not be triggered for any client.

  • If there is a contention between device profile parameters and RADIUS parameters, RADIUS will override.