How to Configure Microsoft LLDP Protocol Driver

Gunnar Haslinger 31

Windows 10 has activated the "MsLldp" Service on Network Adapters. This "MsLldp" Service sends LLDP Ethernet-Frames to managed Switches so that they show up in the LLDP Neighbors Table.

I like to get Information how to Configure this Service.

Default configuration is, that it only sends the MAC-Address of the Ethernet-Adapter as "LLDP Chassis Subtype". How to Configure this Service to send for example "System name" or "Port Description" Information ...?

Accepted answer

Gary Nebbett 6,066 Reputation points

2021-05-04T06:53:50.347+00:00

Hello @Gunnar Haslinger ,

Unfortunately, using the registry to change the behaviour of Mslldp looks like a dead end.

This is what I have found: the driver always tries to read a REG_SZ value named ChassisId from the service's Parameters subkey; if this fails, the service reads the ComputerName value from the key HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName. The result of this process (i.e. either the ChassId or ComputerName value) is stored in a global variable which appears not to be used (apart from initialization and cleanup).

It is still possible that Mslldp is capable of more than we suspect (perhaps controlled via IOCTLs) but I doubt it.

Gary
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

11 additional answers

Gunnar Haslinger 31 Reputation points

2021-05-03T14:48:53.013+00:00
Thanks @Gary Nebbett for the hint,

I already tried to:

disable the MSLLDP Service

reboot the machine with disabled MSLLDP Service

Start ProcMon and watch all registry-Access filtering Path "MsLldp"

Now with running ProcMon I start MSLLDP Service and wait for first LLDP Frames sent on network (Wireshark running to check this)

Check ProcMon if there are any interesting Registry-request like e.g. Service Parameters with suspicious Names which could be helpful

=> but no luck with this so far, didn't see anything worth to check in detail
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Gary Nebbett 6,066 Reputation points

2021-05-03T15:36:10.537+00:00

Hello @Gunnar Haslinger ,

I can see one of the strings I mentioned earlier (ChassisId) being queried. What do you see?

Gary
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Gunnar Haslinger 31 Reputation points

2021-05-03T16:03:20.587+00:00

Your Screenshot is very interesting @Gary Nebbett ,
seems you have some "Agents" registered.

I have no entries in "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsLldp\Parameters\Agents" at all, this Key exists, but no SubKeys or Values there.
And of course I don't have this "ChassisId" entry nor can I see a request like this using ProcMon.
Please sign in to rate this answer.
Gary Nebbett 6,066 Reputation points

2021-05-03T16:09:10.29+00:00

Hello @Gunnar Haslinger ,

I did not have the Agents subkey initially - in my first capture I could see "open" requests for that key, so I created the key (the GUID is a network interface GUID) and repeated the test.

A quick look at the binary code of mmlldp.sys suggests that the ComputerName registry entry is only requested if the ChassisId value has been successfully read. It will take some more effort to work out exactly what values are needed where and what impact that has on the behaviour of the service.

Gary
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Gunnar Haslinger 31 Reputation points

2021-05-03T16:42:13.87+00:00

Thanks @Gary Nebbett for this instructions.

Can see the Request for "HKLM\System\CurrentControlSet\Services\MsLldp\Parameters\ChassisId" now.

Hint to myself: ProcMon Filter-Configuration: Remove Default Filter "System" to see Kernel-Activity! :-)
Please sign in to rate this answer.
Candy Luo 12,701 Reputation points Microsoft Vendor

2021-05-04T01:24:53.757+00:00

Please try to mark the replies which help you. It will encourage the person who help you.
Appreciate your understanding. :)

Gunnar Haslinger 31 Reputation points

2021-05-04T05:56:25.417+00:00

@Candy Luo there is only a possibility to press "thumbs up" / upvote on those replies which are comments. But almost all Answers given are "Answers" which I can only "upvote" by pressing "Accept Answer", they do not have a "thumbs up" button. But it seems I can only accept ONE answer, trying to mark more than one just leads to error "We're sorry, but this question already has an accepted answer."

Candy Luo 12,701 Reputation points Microsoft Vendor

2021-05-04T06:09:13.98+00:00

Yes, Q&A platform can only accept ONE answer. It doesn't matter, just choose the one you prefer as the answer. It will be very beneficial for other community members who have similar questions to find answers quickly.

Appreciate your understanding. :) Wish you a nice day!

Gunnar Haslinger 31 Reputation points

2021-05-04T06:13:03.937+00:00

The Question is still unsolved, but especially those hints from @Gary Nebbett are very helpful to maybe figure out how it can get configured. I guess "accepting" an answer marks this Question solved - so I prefer to let it open for now, as it isn't solved.

Candy Luo 12,701 Reputation points Microsoft Vendor

2021-05-04T06:16:46.447+00:00

Fine, let's appreciate that the other members in our forum can share their experience with us about this scenario.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

How to Configure Microsoft LLDP Protocol Driver

11 additional answers

Your answer