Configuring LLDP neighbor validation

LLDP neighbor validation enables an interface to validate the identity of the neighbor based on the neighbor validation criteria configured on the interface. The neighbor validation criteria can be the chassis ID TLV, port ID TLV, or both. Each incoming LLDP packet must match all the validation criteria configured on the interface. If the neighbor information in a packet does not match the criteria, the system shuts down the data link layer and disables data transmission for the interface.

To configure LLDP neighbor validation on an interface:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter Layer 2 or Layer 3 Ethernet interface view.

interface interface-type interface-number

N/A

3. Configure the neighbor validation criteria.

  • Configure the chassis ID TLV criterion:lldp neighbor-identity chassis-id chassis-id-subtype chassis-id

  • Configure the port ID TLV criterion:lldp neighbor-identity port-id port-id-subtype port-id

A minimum of one neighbor validation criterion is required on the interface for neighbor validation to work.

By default, no neighbor validation criteria is configured on an interface.

4. Enable LLDP neighbor validation on the interface.

lldp neighbor-protection validation

By default, LLDP neighbor validation is disabled on an interface.