LLDP PDUs should not be forwarded in 802.1d but some devices are forwarding them

Noticed on several devices that I see LLDP entries for the device itself when plugged into another OpenWRT switch. This shouldn't happen as 802.1d compliant bridges should never forward frames sent to 01:80:c2:00:00:0e, the LLDP multicast address.
Everything is running the latest 23.05 release but I have noticed on my Ubiquiti EdgeRouter X and TP-Link C2600, that I can see multiple LLDP neighbours on a single local interface port. Not a bridge port, but eth0 for example. These neighbours are not locally connected but are connected to a neighbour of the device and seem to be forwarded from the neighbour.
Doesn't happen on all devices - an OpenWRT x86 machine with Intel E810 NIC seems to show LLDP neighbours correctly. So I guess it's an issue with the switch configuration on the affected devices?

Example - only Edgerouter-1 is locally attached to this device, the other entries are connected to edgerouter-1 and are not locally attached.

-------------------------------------------------------------------------------
LLDP neighbors:
-------------------------------------------------------------------------------
Interface:    eth1.1, via: LLDP
  Chassis:     
    ChassisID:    local edgerouter-x-1
    SysName:      edgerouter-x-1
  Port:        
    PortID:       mac 74:83:c2:08:d4:f6
    PortDescr:    eth2
    TTL:          120
-------------------------------------------------------------------------------
Interface:    eth1.1, via: LLDP
  Chassis:     
    ChassisID:    local edgerouter-x-2
    SysName:      edgerouter-x-2
  Port:        
    PortID:       mac 74:83:c2:4d:cb:ce
    PortDescr:    eth0
    TTL:          120
-------------------------------------------------------------------------------
Interface:    eth1.1, via: LLDP
  Chassis:     
    ChassisID:    mac d8:5e:d3:ad:90:57
    SysName:      bruce
  Port:        
    PortID:       mac d8:5e:d3:ad:90:57
    PortDescr:    enp7s0
    TTL:          120
-------------------------------------------------------------------------------

I found this setting which would be where the bridge normally allows LLDP forwarding, but it's set to 0x0 so no mask if allowed for forwarding.

root@C2600:~# cat /sys/class/net/br-lan/bridge/group_fwd_mask
0x0

Reported issue as https://github.com/openwrt/openwrt/issues/14562

1 Like

For anyone else reading this - DSA switch in the MT7621 was forwarding LLDP frames when it should not have - the fix will appear in a 5.15 kernel patch and make its way into OpenWRT once an updated kernel is pulled into the current release.

2 Likes

MT7621 is getting kernel 6.1 which has the patches already, current snapshot builds should fix this but I haven't tested it yet.

1 Like