You don't even need to go so far as to sniff traffic on any interface. Most linux distros have either lldpd or lldapad built in which gives a bit higher-level interface to the raw LLDP data on the wire. The BSDs also have it. Bi-directional so info can be updated switch-side too. I've used it in combination with other tools, DHCP and whatnot to do something similar to what she wrote about, have individual machines 'know' where they are in a cabinet or facility and change functionality based on that. Works great!
I suspect this referring to a recent post on jwz's blog about his digital signage solution for his nightclub, which spawned a lot of discussion on the comment (click through to the blog post itself):
I sit with a pile of raspberry Pis I throw into different rooms about the house and want to stick assorted tasks on them. My open question was how can I just image them, plug them in and centrally configure what runs on them with no more sd card or Mac detection shenanigans when I change their job.
You would use CPU id by having the vanilla image display its ID (or perhaps some more humanly readable derived name) until assigned something to display. It won't know that it's moved, that's an advantage of the port method.
I mentioned it because the OP was going to use Mac addresses in a similar way, and only didn't because the Mac addresses of her machines were unstable.
But also, I was wondering if she was going to say, "these devices have cameras on them which are not used because they are pointed in random directions depending on how they are mounted". And then I was hoping to see an interesting image recognition task, "given this blurry, dim, random image, choose which location it probably came from".
She mentioned she can’t rely on DHCP for deterministic address assignment, but if one can rely on DHCP and has a sufficiently smart switch, one can use DHCP option 82 to identify the end device based on which switch and switchport it is connected to. This then allows for all kinds of customizations without any “cooperation” from the end device.
How fun, I solved a similar problem in a similar way. 90 identical devices, each with their own Ethernet cable and 128 Ethernet ports. The solution was to configure the switch to make DHCP assignments based on port number, then the device could just query its own IP address. Port 1 -> 192.168.1.101, 99 -> 192...199
Somewhat related, years ago I worked in an office that switched to hot-desking, and I spent a while trying to figure out whether was there was a way to automatically generate a map of who was in the office, and whereabouts. Identifying an individual laptop is okay, but figuring out which docking station the laptop was plugged into was a lot trickier without admin access to network hardware (which I def didn't have). This approach may have allowed an individual laptop to figure out where it was, and then update a central location database.
LLDP-MED actually has fields for location information, though they were designed for E911 on VoIP (so the switch can tell the phone where it is) and might not be detailed enough.
This assumes your paranoid network admins don't disable CDP/LLDP one day because of nebulous "security reasons" and sabotage your scripts, but this is the wrong time and place to rant about that :)
I think that's a real risk for anyone not doing their own DIY network and/or able to require the network to offer (or least not block) it.
Depending on protocols nobody expects you to be depending on can be risky, particularly with all the pathologies of working with multi-team corp operations...
To some degree, beyond a tiny scale, building on CDP/LLDP is probably fighting uphill. From my perspective working with audio/visual (AV) teams and corporate IT, it's maybe safer to do your location and stream management out of band in some kind of overlay (app or network protocol), and just have the network serve you multicast streams that you request.
That is, a receiving device is programmed out of band (manually or by some management scripting) to subscribe to a particular IP multicast stream and the network's job is just delivery through IGMP+PIM. This is the rough model most AV technologies seem to be following, even to the point of collapsing receiver/decoder boxes into the TV itself.
But, sometimes there's nothing like scratching your own itch, though.
CDP/LLDP traffic will potentially pop up on a network penetration test as a finding (if your org either performs internal red team assessments or engages an external assessor as part of a compliance regime). Have seen it disabled for this reason.
What switches enterprise or consumer tend to support this LLDP? My guess is maybe almost none on the consumer side. I.e. Netgear, to link. Cisco probably does. How about ubiquti?
Anything with a management interface (even web) could do it from the HW side, just a question of SW support. Netgear does support it on managed switches.
The protocol is old enough and very well established by now, even modern Windows boxes run it by default.
I know mikrotik supports this. On the higher end, most of the Dells switches I interacted with as well as Aruba had LLDP. Different manufacturers tend to report their interfaces slightly differently though
Nope, you need switch silicon with a driver that punts 01:80:c2:0:0:0e to cpu. A lot can do this but not all (generally a driver issue, not HW limitation.)
