Device LLDP PVID mismatch

Posted on November 23, 2016 by Peter Debruyne

Several access devices, such as APs and IP Phones, support LLDP and that is very convenient for discovery and troubleshooting. However, these devices may include the locally configured PVID (the untagged VLAN) in their outgoing LLDP frames. This may result in some warning log messages in the switch.While this feature is supposed to be good (detect a mismatch of the untagged/native VLAN/PVID on VLAN trunks between network devices), it does not provide the desired result with some APs.

This is because the default management IP address that an AP has, could be bound to its internal VLAN 1. And since the AP uplink port is just an untagged port member of this VLAN 1 (locally on the AP), the AP would announce this VLAN 1 as the PVID in its outgoing LLDP frames (example for legacy Unified Wireless APs)

The uplink port may also just report VLAN ID 0 (sometimes referred to as the ‘untagged’ VLAN ID) in the outgoing LLDP frames. (example for Aruba APs)

Since the switch port connecting to the AP will have the port assigned as an access port (untagged) in the AP management VLAN, such as VLAN11, the switch will now complain with a log message that there is a PVID mismatch on the port to the AP (with either the local AP VLAN 1 or VLAN 0)

Example on Comware

%Feb 18 23:16:29:268 2011 access1 LLDP/5/LLDP_PVID_INCONSISTENT: PVID mismatch discovered on GigabitEthernet1/0/11 (PVID 11), with ap1 bond0 (PVID 0)

Example on ArubaOS-Switch

00828 lldp: PVID mismatch on port 11(VID 11)with peer device port bond0(VID unknown)

 

Solution

When you have a situation that requires a different PVID (untagged VLAN) between 2 devices, just make sure that neither of the 2 devices is including the local PVID LLDP TLV in the outgoing announcement.

Aruba AP

LLDP on the AP is great, but the AP is not supposed to announce a PVID. When the PVID TLV is not present in the incoming LLDP frame, the switch will not complain (log) anymore.

On the Aruba controller, the AP LLDP profile can be set to not send out the pvid. The syntax is a bit strange. One would expect a ‘no dot1-tlvs port-vlan’ command, but the controller expects to get a ‘dot1-tlvs vlan-name’, which disables the other command option, that is the ‘port-vlan’ option. If that is what it expects, just do it..

ap lldp profile "default"
 dot1-tlvs vlan-name

Example LLDP peer state on an ArubaOS-Switch (Provision) before the change

2620(config)# show lldp info remote 11

 LLDP Remote Device Information Detail

  Local Port   : 11
  ChassisType  : mac-address
  ChassisId    : 40 e3 d6 cf 71 ec
  PortType     : mac-address
  PortId       : 40 e3 d6 cf 71 ec
  SysName      : 40:e3:d6:cf:71:ec
  System Descr : ArubaOS (MODEL: 205), Version 6.4.3.4 (51619)
  PortDescr    : bond0
  Pvid         : 0

  System Capabilities Supported  : bridge, wlan-access-point
  System Capabilities Enabled    : wlan-access-point

  Remote Management Address
     Type    : ipv4
     Address : 10.1.110.150

And after the change was made on the Aruba Mobility Controller, the Pvid will be empty:

2620(config)# show lldp info remote 11

 LLDP Remote Device Information Detail

  Local Port   : 11
  ChassisType  : mac-address
  ChassisId    : 40 e3 d6 cf 71 ec
  PortType     : mac-address
  PortId       : 40 e3 d6 cf 71 ec
  SysName      : 40:e3:d6:cf:71:ec
  System Descr : ArubaOS (MODEL: 205), Version 6.4.3.4 (51619)
  PortDescr    : bond0
  Pvid         :

  System Capabilities Supported  : bridge, wlan-access-point
  System Capabilities Enabled    : wlan-access-point

  Remote Management Address
     Type    : ipv4
     Address : 10.1.110.150

ArubaOS-Switch

In case you have a peer device of an ArubaOS-Switch that complains in its log, either:

  • Fix the PVID error
  • Disable the outgoing PVID announcement of the local device if this is the desired configuration.

Example for port 11

no lldp config 11 dot1TlvEnable port-vlan-id

Note that this will not disable the LOG messages for incoming LLDP frames with a PVID mismatch!

Comware

In case you have a peer device of a Comware switch that complains in its log, either:

  • Fix the PVID error
  • Disable the outgoing PVID announcement if this is the desired configuration.
int g1/0/11
 undo lldp tlv-enable dot1-tlv port-vlan-id

Note that this will not disable the LOG messages for incoming LLDP frames with a PVID mismatch!

Workarounds

The above is the only ‘solution’ IMHO, everything below is just a workaround, so not really fixing the issue (just ignoring the problem or disabling LLDP).

Workaround1: Comware only: disable the PVID mismatch logging

While this may look OK, it is a global command, so you will not be notified of a PVID mismatch on a real switch to switch VLAN trunk either..

  lldp ignore-pvid-inconsistency

Workaround2: Disable LLDP on the port

Obviously not recommended.

ArubaOS-Switch

lldp admin-status 11 disable

Comware

int g1/0/11
 undo lldp tlv-enable dot1-tlv port-vlan-id

 

This entry was posted in ArubaOS-Switch, Comware7, Provision and tagged , , , , . Bookmark the permalink.

Leave a comment