Fortinet black logo

Cookbook

Leveraging LLDP to simplify Security Fabric negotiation

Copy Link
Copy Doc ID 30be976a-bbb3-11ee-8673-fa163e15d75b:224074
Download PDF

Leveraging LLDP to simplify Security Fabric negotiation

This feature enables LLDP reception on WAN interfaces, and prompts FortiGates that are joining the Security Fabric if the upstream FortiGate asks.

  • If an interface's role is undefined, LLDP reception and transmission inherit settings from the VDOM.
  • If an interface's role is WAN, LLDP reception is enabled.
  • If an interface's role is LAN, LLDP transmission is enabled.

When FortiGate B's WAN interface detects that FortiGate A's LAN interface is immediately upstream (through the default gateway), and FortiGate A has Security Fabric enabled, FortiGate B will show a notification on the GUI asking to join the Security Fabric.

To configure LLDP reception and join a Security Fabric:
  1. Go To Network > Interfaces.
  2. Configure an interface:
    • If the interface's role is undefined, under Administrative Access, set Receive LLDP and Transmit LLDP to Use VDOM Setting.

      Using the CLI:

      config system interface
          edit "port3"
              set lldp-reception vdom
              set lldp-transmission vdom
              set role undefined
              ...
          next
      end
    • If the interface's role is WAN, under Administrative Access, set Receive LLDP to Enable and Transmit LLDP to Use VDOM Setting.

      Using the CLI:

      config system interface
          edit "wan1"
              set lldp-reception enable
              set lldp-transmission vdom
              set role wan
              ...
          next
      end
    • If the interface's role is LAN, under Administrative Access, set Receive LLDP to Use VDOM Setting and Transmit LLDP to Enable.

      Using the CLI:

      config system interface
          edit "port2"
              set lldp-reception vdom
              set lldp-transmission enable
              set role lan
              ...
          next
      end

    A notification will be shown on FortiGate B.

  3. Click the notification. The Security Fabric Settings page opens with all the required settings automatically configured.

  4. Click Apply to apply the settings, or use the following CLI commands:
    config system csf
        set status enable
        set upstream-ip 10.2.200.1
    end

Leveraging LLDP to simplify Security Fabric negotiation

This feature enables LLDP reception on WAN interfaces, and prompts FortiGates that are joining the Security Fabric if the upstream FortiGate asks.

  • If an interface's role is undefined, LLDP reception and transmission inherit settings from the VDOM.
  • If an interface's role is WAN, LLDP reception is enabled.
  • If an interface's role is LAN, LLDP transmission is enabled.

When FortiGate B's WAN interface detects that FortiGate A's LAN interface is immediately upstream (through the default gateway), and FortiGate A has Security Fabric enabled, FortiGate B will show a notification on the GUI asking to join the Security Fabric.

To configure LLDP reception and join a Security Fabric:
  1. Go To Network > Interfaces.
  2. Configure an interface:
    • If the interface's role is undefined, under Administrative Access, set Receive LLDP and Transmit LLDP to Use VDOM Setting.

      Using the CLI:

      config system interface
          edit "port3"
              set lldp-reception vdom
              set lldp-transmission vdom
              set role undefined
              ...
          next
      end
    • If the interface's role is WAN, under Administrative Access, set Receive LLDP to Enable and Transmit LLDP to Use VDOM Setting.

      Using the CLI:

      config system interface
          edit "wan1"
              set lldp-reception enable
              set lldp-transmission vdom
              set role wan
              ...
          next
      end
    • If the interface's role is LAN, under Administrative Access, set Receive LLDP to Use VDOM Setting and Transmit LLDP to Enable.

      Using the CLI:

      config system interface
          edit "port2"
              set lldp-reception vdom
              set lldp-transmission enable
              set role lan
              ...
          next
      end

    A notification will be shown on FortiGate B.

  3. Click the notification. The Security Fabric Settings page opens with all the required settings automatically configured.

  4. Click Apply to apply the settings, or use the following CLI commands:
    config system csf
        set status enable
        set upstream-ip 10.2.200.1
    end