Technical Tip: How to capture LLDP (Link Layer Discovery Protocol) packet in a FortiGate

This article describes how to capture LLDP (Link Layer Discovery Protocol) packets to investigate the issue further in a FortiGate .

FortiGate.

• If the user encounters LLDP (Link Layer Discovery Protocol) issue on the FortiGate unit and would like to filter respective traffic to investigate the issue further only with specific LLDP packets, consider using the following sniffer.
• One can do it with CLI commands of FortiGate via Telnet, SSH, or CLI Console on the GUI of FortiGate.

Enter the following CLI command on FortiGate:

diagnose sniffer packet any "ether proto 0x88CC" 4 0 l

The output of the command above would look something like the following:

diagnose sniffer packet any "ether proto 0x88cc" 4 0 l
interfaces=[any]
filters=[ether proto 0x88cc]
2022-07-14 13:47:51.483056 wan1 in lldp 268 chassis 4 xx:yy:zz:aa:bb:cc port 5 'port42' ttl 120 system 'SW12-101-1'
2022-07-14 13:48:21.448341 wan1 in lldp 268 chassis 4 xx:yy:zz:aa:bb:cc port 5 'port42' ttl 120 system 'SW12-101-1'
2022-07-14 13:48:51.485726 wan1 in lldp 268 chassis 4 xx:yy:zz:aa:bb:cc port 5 'port42' ttl 120 system 'SW12-101-1'
2022-07-14 13:49:21.496029 wan1 in lldp 268 chassis 4 xx:yy:zz:aa:bb:cc port 5 'port42' ttl 120 system 'SW12-101-1'

Note:

If a PCAP (Wireshark) format of capture is required, change the verbose level in the above command to 6 from 4.

diagnose sniffer packet any "ether proto 0x88cc" 6 0 l

To stop the sniffer, press Ctrl + C. The Sniffer will run until stopped.

Debug command:

diagnose debug application lldptx -1

Diagnose command:

diagnose lldprx port neighbor

Related articles:

• Technical Tip: How to import 'diagnose sniffer packet' data to WireShark
• Technical Tip: How to import 'diagnose sniffer packet' data to WireShark - Ethereal application
• Technical Tip: LLDP Configuration does not see any neighbors