Link Layer Discovery Protocol (LLDP), defined in the IEEE 802.1AB (LLDP) specification, is an option for discovering network devices in multivendor networks. LLDP performs functions similar to those of CDP. With LLDP, devices send information at a fixed interval from each of their interfaces in the form of an Ethernet frame with Ethertype 0x88CC. The information shared includes the following:
- System name and description
- Port name and description
- VLAN name
- IP management address
- System capabilities
- MAC/PHY layer information
- Link aggregation
Syslog
Syslog, which is defined in RFC 3164, transmits event notification messages over the network. Network devices send the event messages to an event server for aggregation. Network devices include routers, servers, switches, firewalls, and network appliances. Syslog operates over UDP, so messages are not sequenced or acknowledged. The syslog messages are also stored on the device that generates the message and can be viewed locally.
Syslog messages are generated in many broad areas, called facilities. Cisco IOS has more than 500 facilities. Common facilities include the following:
- IP
- CDP
- OSPF
- TCP
- Interface
- IPsec
- SYS operating system
- Security/authorization
- Spanning Tree Protocol
Each syslog message has a level, and the syslog level determines the criticality of an event. Lower syslog levels are more important. Table 5-10 lists the syslog levels.
Table 5-10 Syslog Message Levels
| Syslog Level | Severity | Description |
| 0 | Emergency | System is unusable. |
| 1 | Alert | Take action immediately. |
| 2 | Critical | Critical conditions. |
| 3 | Error | Error messages. |
| 4 | Warning | Warning conditions. |
| 5 | Notice | Normal but significant events. |
| 6 | Informational | Informational messages. |
| 7 | Debug | Debug-level messages. |
Common syslog messages are interface up and interface down events. Access lists can also be configured on routers and switches to generate syslog messages when a match occurs. Each syslog message includes a timestamp, a level, and a facility. Syslog messages have the following format:
mm/dd/yy:hh/mm/ss:FACILITY-LEVEL-mnemonic:description
Syslog messages can use considerable network bandwidth. It is important to enable only syslog facilities and levels that are of particular importance.
Table 5-11 summarizes some of the protocols covered in this section.
Table 5-11 NetFlow, CDP, Syslog, and RMON
| Technology | Description |
| NetFlow | Collects network flow data for network planning, performance, accounting, and billing applications. |
| CDP | Proprietary protocol for network discovery that provides information on neighboring devices. |
| Syslog | Reports state information based on facility and severity levels. |
| RMON | Provides aggregate information of network statistics and LAN traffic. |