With the development of Ethernet technologies, types of network devices are increasingly diverse. How to obtain a topology of devices in an entire network, how to solve a configuration conflict between devices, and how to enable devices of different vendors to discover each other in a network and exchange system and configuration information, have become important issues in network management.
The LLDP (Link Layer Discovery Protocol) provides a neighbor discovery protocol at the data link layer. In the protocol, information of a device, such as main capabilities, a management address, a chassis identifier and a port identifier, is organized into different TLVs (Type-Length-Values), and the TLVs are encapsulated in an LLDPDU (Link Layer Discovery Protocol Data Unit) and distributed to a neighbor directly connected to the device. After receiving the information, the neighbor stores the information in a form of a standard MIB (Management Information Base) for a network management system to query and determine a communication condition of a link. The LLDPDU always starts with a Chassis ID TLV (Chassis Identifier TLV, chassis identifier type-length-value), a Port ID TLV (Port Identifier TLV, port identifier type-length-value) and a Time to Live TLV (a neighbor life cycle type-length-value), and ends with an End of LLDPDU TLV (an end type-length-value). These four TLVs are mandatory TLVs.
To avoid establishing a neighbor relationship with an insecure device, in the LLDP, it is verified, in the following manner, whether a directly connected device is secure. When a first network device receives an LLDPDU sent from a second network device, the first network device checks whether the LLDPDU includes a valid authorization key; if the authorization key does not exist or is invalid, the first network device blocks all encapsulated packets sent by the second network device, to implement a function of preventing an unauthorized second network device from connecting and using a network transmission service provided by the first network device. The authorization key is obtained by adding a password to a MAC (Medium Access Control) address.
In the process of implementing the present application, the inventor finds that at least the following problem exists in the prior art: device information of the first network device may leak in the prior art.