LLDP & show lldp neighbors – Multi-Vendor Device Discovery

1. What Is LLDP?

LLDP (Link Layer Discovery Protocol) is an IEEE 802.1AB standards-based, vendor-neutral Layer 2 protocol that enables network devices — switches, routers, IP phones, wireless APs, and servers — from any manufacturer to advertise their identity, capabilities, and management information to directly connected neighbours.

LLDP operates at Layer 2 (Data Link) and uses the multicast MAC address 01:80:C2:00:00:0E to send LLDP Data Units (LLDPDUs). Each LLDPDU contains a series of TLVs (Type-Length-Value) that carry specific pieces of information about the sending device. Unlike Cisco’s proprietary CDP (Cisco Discovery Protocol), which only works between Cisco devices, LLDP is understood by equipment from every major vendor: HPE, Juniper, Arista, Extreme, Polycom, and more.

  • Promotes interoperability and discovery in mixed-vendor environments
  • Supports automated network inventory and physical topology documentation
  • Enables VoIP deployments through the LLDP-MED extension
  • Disabled by default on Cisco IOS — must be explicitly enabled

Related pages: show ip interface brief | show interfaces | VLANs | Network Protocols | Switches | Routers | Access & Trunk Ports | SNMP | CDP & LLDP Lab

2. show lldp neighbors – Output Fields Explained

The show lldp neighbors command lists all directly connected LLDP-capable devices visible on each interface. It produces a compact five-column table: 

Switch# show lldp neighbors

Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID          Local Intf     Hold-time  Capability  Port ID
HP-Switch01        Gi0/1          120        B, R        GigabitEthernet1/0/1
Polycom-Phone-A    Gi0/2          120        T           Port 1
Arista-SW01        Gi0/3          120        B           Ethernet1
Field What It Shows Notes
Device ID Hostname or system name of the neighbour device Sourced from the neighbour’s System Name TLV; shown as MAC address if no hostname is configured
Local Intf The interface on your device through which the neighbour was discovered The port the LLDPDU arrived on; e.g., Gi0/1. Verify the interface is up with show ip interface brief.
Hold-time Seconds remaining before this LLDP entry is discarded if no new advertisement is received Default = 120 s (4 × 30 s transmit interval); resets to 120 s each time a new LLDPDU arrives
Capability Functional roles the neighbour device is capable of B = Bridge/Switch, R = Router, T = Telephone, W = WLAN AP, S = Station, P = Repeater, O = Other. A device may advertise multiple capabilities.
Port ID The neighbour’s own port/interface through which it sent the LLDPDU Lets you identify the exact physical port on the remote device; essential for cabling documentation

3. show lldp neighbors detail

Adding detail expands each neighbour entry with additional TLV data. This is particularly useful for VoIP deployments and when you need the neighbour’s management IP address: 

Switch# show lldp neighbors GigabitEthernet0/1 detail

------------------------------------------------
Local Intf: Gi0/1
Chassis id: 001a.2b3c.4d5e
Port id: GigabitEthernet1/0/1
Port Description: Uplink to Core
System Name: HP-Switch01
System Description: HPE Aruba JL319A 2930F Switch, firmware 16.10.0010
Time remaining: 117 seconds
System Capabilities: B, R
Enabled Capabilities: B, R
Management Addresses:
    IP: 10.0.0.10
Auto Negotiation: supported, enabled
    Physical media capabilities: 100baseT(FD), 1000baseT(FD)
    Media Attachment Unit type: 30
    Vlan ID: 1 (untagged)

The detail view adds: chassis ID (MAC), system description (hardware model and firmware), time remaining until expiry, management IP address, and auto-negotiation details. This is the version to run when troubleshooting a specific neighbour relationship or confirming device identity. Cross-reference the management IP found here with show ip interface brief on the remote device to confirm the address.

4. LLDP-MED (Media Endpoint Discovery)

LLDP-MED is an extension to LLDP (defined in ANSI/TIA-1057) specifically designed for media endpoints such as IP phones, VoIP gateways, and conferencing equipment. It adds TLVs that carry information critical for automated VoIP deployment:

LLDP-MED TLV What It Advertises Benefit
Network Policy Voice VLAN ID, 802.1p priority, DSCP value IP phone automatically joins the correct voice VLAN without manual configuration
Power via MDI PoE power class and required wattage Switch allocates the correct PoE power budget for each phone; avoids under/over-provisioning
Location Identification Civic address or coordinates of the device location Enables E911 emergency services to locate the caller
Inventory Management Hardware model, firmware version, serial number Automated asset inventory for IP phones and endpoints
Extended Power Requested and allocated PoE power in detail Fine-grained power negotiation between switch and endpoint

Example: John connects a Polycom IP phone to a Cisco switch port. Because the switch advertises voice VLAN 20 and DSCP EF (46) via LLDP-MED Network Policy TLV, the phone automatically tags its traffic with VLAN 20 and sets the correct QoS markings — no manual phone configuration needed. See CDP & LLDP Lab for hands-on configuration.

5. Enabling and Configuring LLDP

Global Enable / Disable (Cisco IOS)

! Enable LLDP globally on the device (disabled by default on Cisco)
Switch(config)# lldp run

! Disable LLDP globally
Switch(config)# no lldp run

Per-Interface Control

! Disable LLDP transmit and receive on a specific interface (e.g., user-facing port)
Switch(config)# interface GigabitEthernet0/10
Switch(config-if)# no lldp transmit
Switch(config-if)# no lldp receive

! Re-enable LLDP on an interface
Switch(config)# interface GigabitEthernet0/10
Switch(config-if)# lldp transmit
Switch(config-if)# lldp receive

Controlling LLDP at the interface level allows a best-practice configuration: enable LLDP globally for infrastructure links (uplinks, switch interconnects, router connections) but disable it on user-facing access ports where end hosts do not need to discover the switch. Verify the configuration with show running-config.

Tuning LLDP Timers

! Change transmit interval (default 30 seconds)
Switch(config)# lldp timer 30

! Change hold multiplier (hold-time = timer × holdtime multiplier; default = 4 → 120 s)
Switch(config)# lldp holdtime 120

! Change reinitialization delay (default 2 seconds)
Switch(config)# lldp reinit 2

Verification Commands

! Show summary of all LLDP neighbours
Switch# show lldp neighbors

! Show detailed info for all neighbours
Switch# show lldp neighbors detail

! Show LLDP info for a specific interface
Switch# show lldp neighbors GigabitEthernet0/1 detail

! Show global LLDP status and timer values
Switch# show lldp

! Show per-interface LLDP transmit/receive status
Switch# show lldp interface GigabitEthernet0/1

! Show LLDP traffic statistics
Switch# show lldp traffic

See CDP & LLDP Lab for step-by-step configuration practice.

6. LLDP vs. CDP – Comparison

Feature LLDP (IEEE 802.1AB) CDP (Cisco Discovery Protocol)
Standard Open IEEE standard — supported by all major vendors Cisco proprietary — only works between Cisco devices
Default state on Cisco Disabled — must run lldp run Enabled by default on all Cisco IOS devices
OSI Layer Layer 2 Layer 2
Multicast address 01:80:C2:00:00:0E 01:00:0C:CC:CC:CC
Use case Mixed-vendor networks with HPE, Juniper, Arista, etc. All-Cisco environments; Cisco-specific diagnostics. See CDP & LLDP Lab.
Capability codes B (Bridge), R (Router), T (Telephone), W (WLAN AP), S (Station) R (Router), S (Switch), I (IGMP), H (Host)
VoIP/media extension LLDP-MED (ANSI/TIA-1057) — voice VLAN, PoE, E911 location Basic IP phone support via CDP voice VLAN TLV
Management address Shown in show lldp neighbors detail Shown in show cdp neighbors detail
Platform/model info Available in detail output (if advertised) Always present; richer Cisco-specific detail
Security risk Exposes topology if enabled on user-facing ports Exposes topology if enabled on user-facing ports

7. Security Considerations

Both LLDP and CDP advertise device identity, capabilities, management addresses, and sometimes software version information to any device on the same Layer 2 segment. A malicious user with a laptop plugged into an access port can passively capture these advertisements and build a detailed map of your network infrastructure without sending a single packet of their own.

  • Disable on user-facing ports: run no lldp transmit and no lldp receive on every access port where end-user devices connect
  • Enable only on infrastructure links: uplinks, switch interconnects, router connections, and dedicated VoIP phone ports where LLDP-MED is needed
  • Disable globally if not needed: in Cisco-only environments, use CDP and leave LLDP disabled (no lldp run)
  • Regularly audit LLDP-enabled interfaces: run show lldp interface to confirm which ports are transmitting and receiving LLDP. Verify with show running-config.
  • Apply both protections: disabling LLDP does not disable CDP; apply the same restrictions to CDP on user-facing ports

8. Troubleshooting with LLDP

When a neighbour is missing from show lldp neighbors, work through this checklist:

Check Command What to Look For
Is LLDP enabled on the local device? show lldp Confirms global LLDP is running and shows transmit interval
Is LLDP transmit/receive enabled on the local port? show lldp interface Gi0/1 Tx: enabled, Rx: enabled — both must be active
Is the interface physically up? show ip interface brief or show interfaces Gi0/1 Status must be up/up
Is LLDP enabled on the remote device? Log into remote device; run show lldp (Cisco) or show lldp info (HPE/Arista) Confirm global LLDP is running and Tx is enabled on the connecting port
Has enough time elapsed for the first advertisement? Wait up to 30 seconds after enabling LLDP LLDP sends its first advertisement up to 30 s after being enabled; re-run show lldp neighbors
Are LLDP frames being sent/received? show lldp traffic Look for incrementing Tx and Rx frame counts; zero Rx suggests the remote device is not sending

Troubleshooting Scenario: Missing HPE Neighbour

John connects a Cisco switch to an HPE Aruba switch but show lldp neighbors shows nothing on Gi0/1. 

! Step 1: Confirm LLDP is globally enabled on the Cisco switch
Cisco-SW# show lldp
Global LLDP Information:
    Status: ACTIVE                ← good
    LLDP advertisements are sent every 30 seconds
    LLDP hold time advertised is 120 seconds

! Step 2: Check the specific interface
Cisco-SW# show lldp interface GigabitEthernet0/1
GigabitEthernet0/1:
    Tx: enabled                   ← good
    Rx: enabled                   ← good

! Step 3: Check the interface is physically up
Cisco-SW# show ip interface brief | include Gi0/1
GigabitEthernet0/1   10.0.0.1   YES manual up    up    ← good

! Step 4: Log into HPE switch and enable LLDP
HPE-SW# lldp admin-status 1/1 txAndRx    ← HPE command to enable LLDP on port 1/1

! Step 5: Wait 30 s and verify on Cisco
Cisco-SW# show lldp neighbors
Device ID     Local Intf  Hold-time  Capability  Port ID
HPE-Aruba-01  Gi0/1       120        B           1/1     ← neighbour now visible

See CDP & LLDP Lab for a full step-by-step troubleshooting exercise.

9. Use Cases for LLDP

Use Case How LLDP Helps Command
Multi-vendor topology documentation Automatically discovers device names, port connections, and device types across all vendors without login credentials show lldp neighbors
VoIP plug-and-play deployment LLDP-MED Network Policy TLV pushes voice VLAN, QoS, and PoE info to IP phones automatically show lldp neighbors detail
Cabling verification Compare the Port ID in the output against expected cabling documentation to verify physical connections show lldp neighbors
Management address discovery Quickly find the management IP of a newly connected device without logging into it show lldp neighbors detail
Automated network inventory Network automation tools (e.g., Ansible, SolarWinds, PRTG) poll LLDP data via SNMP LLDP MIB or SSH scraping to build and maintain topology maps SNMP LLDP MIB or SSH scraping

10. Key Points & CCNA Exam Tips

  • LLDP is an IEEE 802.1AB open standard — vendor-neutral Layer 2 device discovery protocol; works between Cisco, HPE, Juniper, Arista, and any other IEEE-compliant device
  • LLDP is disabled by default on Cisco IOS; enable globally with lldp run
  • CDP is enabled by default on Cisco but is Cisco-proprietary; in mixed-vendor environments, use LLDP. See CDP & LLDP Lab.
  • Know the five show lldp neighbors fields: Device ID, Local Intf, Hold-time, Capability, Port ID
  • Capability codes: B = Bridge/Switch, R = Router, T = Telephone, W = WLAN AP, S = Station
  • Hold-time default = 120 s (4 × 30 s transmit interval); resets on each received advertisement
  • Use show lldp neighbors detail to see management IP, chassis ID, system description, and LLDP-MED TLVs
  • LLDP-MED extends LLDP for voice/media endpoints: pushes voice VLAN, QoS (DSCP/802.1p), PoE wattage, and E911 location to IP phones automatically
  • Disable LLDP on user-facing access ports: no lldp transmit and no lldp receive on the interface. Verify with show running-config.
  • If a neighbour is missing: check lldp run on both devices, check the interface is up/up with show interfaces, check per-interface transmit/receive, and wait up to 30 s for the first advertisement
  • Both LLDP and CDP are security risks on access ports — disable both on untrusted user-facing ports. For broader security context see AAA Authentication Methods.

LLDP (Link Layer Discovery Protocol) Quiz

1. What type of protocol is LLDP?

Correct answer is D. LLDP (Link Layer Discovery Protocol) is defined by the IEEE 802.1AB standard. It operates at Layer 2 (Data Link) and is vendor-neutral, meaning any device from any manufacturer that supports the standard can participate. This makes it the correct choice in mixed-vendor environments where Cisco’s proprietary CDP cannot reach non-Cisco devices. See CDP & LLDP Lab for hands-on practice.

2. Which command displays all directly connected LLDP-capable neighbour devices?

Correct answer is A. show lldp neighbors lists all directly connected devices that are sending LLDP advertisements. It shows the neighbour’s Device ID, your local connecting interface, hold-time, device capabilities, and the remote Port ID. Add detail for management IP, system description, and LLDP-MED information.

3. What does the Hold-time field represent in LLDP output?

Correct answer is B. The Hold-time is a countdown timer that resets to 120 seconds (the default) each time a new LLDPDU is received from that neighbour. If the neighbour stops sending (device powered off, cable disconnected, or LLDP disabled), the timer counts down to zero and the entry is removed from the neighbour table. The transmit interval is a separate value (default 30 s).

4. Which capability codes might appear in the LLDP neighbour output?

Correct answer is C. The standard LLDP capability codes are: B = Bridge (Switch), R = Router, T = Telephone (IP phone), W = WLAN Access Point, S = Station (end host), P = Repeater, O = Other. A device may advertise multiple capabilities — for example a Layer 3 switch typically shows B, R.

5. Which command globally enables LLDP on a Cisco device?

Correct answer is A. lldp run entered in global configuration mode enables LLDP on the entire Cisco device. Because LLDP is disabled by default on Cisco IOS, this command is required before any LLDP advertisements are sent or received. Use no lldp run to disable it globally again. Verify with show running-config.

6. Which LLDP extension supports VoIP and media endpoint discovery (voice VLAN, QoS, PoE)?

Correct answer is D. LLDP-MED (Media Endpoint Discovery, ANSI/TIA-1057) extends LLDP with TLVs that carry voice VLAN ID, 802.1p priority, DSCP markings, PoE power requirements, and E911 location information. When a Cisco switch advertises these TLVs to a connected IP phone, the phone automatically joins the correct voice VLAN and applies the right QoS policy without any manual configuration.

7. What is the default LLDP state on Cisco IOS devices?

Correct answer is B. Unlike CDP, which is enabled by default on all Cisco devices, LLDP is disabled by default on Cisco IOS. You must explicitly run lldp run in global configuration mode before the device will send or receive LLDP advertisements. This is a commonly tested CCNA fact.

8. How do you disable LLDP on a specific interface while keeping it enabled globally?

Correct answer is C. Per-interface LLDP control uses no lldp transmit to stop sending LLDPDUs and no lldp receive to stop processing received LLDPDUs. Both should be applied on user-facing access ports to prevent end hosts from learning about the network infrastructure. This leaves LLDP active on uplinks and trunk ports where infrastructure discovery is needed. Verify with show running-config.

9. Why is it a security best practice to disable LLDP on user-facing or untrusted access ports?

Correct answer is A. LLDP (and CDP) advertise the device hostname, management IP address, device capabilities, and sometimes software version to any device on the same Layer 2 segment. A user or attacker with a laptop can passively capture these frames without sending anything, mapping your entire infrastructure. Disabling LLDP on access ports ensures only infrastructure devices receive this information. For broader access control see AAA Authentication Methods.

10. Which field in show lldp neighbors output identifies the remote device’s own port or interface?

Correct answer is D. The Port ID field shows the remote device’s own interface through which it sent the LLDPDU. This is critical for cabling documentation — it tells you exactly which port on the remote switch or phone is connected to your local port. The Local Intf column, by contrast, shows your interface that received the advertisement. Verify the local interface status with show interfaces.

← Back to Home