Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Devices Managed by FortiOS

Configuring LLDP-MED settings

Starting in FortiOS 6.4.0 and FortiSwitchOS 6.4.0, LLDP neighbor devices are dynamically detected. By default, this feature is enabled in FortiOS but disabled in managed FortiSwitch units. Dynamic detection must be enabled in both FortiOS and FortiSwitchOS for this feature to work.

This section covers the following topics:

To configure LLDP profiles in FortiOS:

config switch-controller lldp-profile

edit <profile_name>

set med-tlvs (inventory-management | network-policy | power-management | location-identification)

set 802.1-tlvs port-vlan-id

set 802.3-tlvs {max-frame-size | power-negotiation}

set auto-isl {enable | disable}

set auto-isl-hello-timer <1-30>

set auto-isl-port-group <0-9>

set auto-isl-receive-timeout <3-90>

config med-network-policy

edit {guest-voice | guest-voice-signaling | softphone-voice | streaming-video | video-conferencing | video-signaling | voice | voice-signaling}

set status {enable | disable}

set vlan-intf <string>

set priority <0-7>

set dscp <0-63>

next

end

config med-location-service

edit {address-civic | coordinates | elin-number}

set status {enable | disable}

set sys-location-id <string>

next

end

config-tlvs

edit <TLV_name>

set oui <hexadecimal_number>

set subtype <0-255>

set information-string <0-507>

next

end

next

end

Variable Description
<profile_name> Enable or disable
med-tlvs (inventory-management | network-policy | power-management | location-identification) Select which LLDP-MED type-length-value descriptions (TLVs) to transmit: inventory-managment TLVs, network-policy TLVs, power-management TLVs for PoE, and location-identification TLVs. You can select one or more option. Separate multiple options with a space.
802.1-tlvs port-vlan-id Transmit the IEEE 802.1 port native-VLAN TLV.
802.3-tlvs {max-frame-size | power-negotiation} Select whether to transmit the IEEE 802.3 maximum frame size TLV, the power-negotiation TLV for PoE, or both. Separate multiple options with a space.
auto-isl {enable | disable} Enable or disable the automatic inter-switch LAG.

auto-isl-hello-timer <1-30>

If you enabled auto-isl, you can set the number of seconds for the automatic inter-switch LAG hello timer. The default value is 3 seconds.

auto-isl-port-group <0-9>

If you enabled auto-isl, you can set the automatic inter-switch LAG port group identifier.

auto-isl-receive-timeout <3-90>

If you enabled auto-isl, you can set the number of seconds before the automatic inter-switch LAG times out if no response is received. The default value is 9 seconds.

config med-network-policy

{guest-voice | guest-voice-signaling | softphone-voice | streaming-video | video-conferencing | video-signaling | voice | voice-signaling}

Select which Media Endpoint Discovery (MED) network policy type-length-value (TLV) category to edit.

status {enable | disable}

Enable or disable whether this TLV is transmitted.

vlan-intf <string>

If you enabled the status, you can enter the VLAN interface to advertise. The maximum length is 15 characters.

priority <0-7>

If you enabled the status, you can enter the advertised Layer-2 priority. Set to 7 for the highest priority.

dscp <0-63>

If you enabled the status, you can enter the advertised Differentiated Services Code Point (DSCP) value to indicate the level of service requested for the traffic.

config med-location-service

{address-civic | coordinates | elin-number}

Select which Media Endpoint Discovery (MED) location type-length-value (TLV) category to edit.

status {enable | disable}

Enable or disable whether this TLV is transmitted.

sys-location-id <string>

If you enabled the status, you can enter the location service identifier. The maximum length is 63 characters.

config-tlvs

<TLV_name>

Enter the name of a custom TLV entry.

oui <hexadecimal_number>

Ener the organizationally unique identifier (OUI), a 3-byte hexadecimal number, for this TLV.

subtype <0-255>

Enter the organizationally defined subtype.

information-string <0-507>

Enter the organizationally defined information string in hexadecimal bytes.

To configure LLDP settings in FortiOS:

config switch-controller lldp-settings

set tx-hold <int>

set tx-interval <int>

set fast-start-interval <int>

set management-interface {internal | management}

set device-detection {enable | disable}

end

 

Variable Description
tx-hold Number of tx-intervals before the local LLDP data expires. Therefore, the packet TTL (in seconds) is tx-hold times tx-interval. The range for tx-hold is 1 to 16, and the default value is 4.
tx-interval How often the FortiSwitch transmits the LLDP PDU. The range is 5 to 4095 seconds, and the default is 30 seconds.
fast-start-interval How often the FortiSwitch transmits the first 4 LLDP packets when a link comes up. The range is 2 to 5 seconds, and the default is 2 seconds. Set this variable to zero to disable fast start.
management-interface Primary management interface to be advertised in LLDP and CDP PDUs.

device-detection {enable | disable}

Enable or disable whether LLDP neighbor devices are dynamically detected. By default, this setting is disabled.

To configure dynamic detection of LLDP neighbor devices in FortiSwitchOS:

config switch lldp settings

set device-detection enable

end

Creating LLDP asset tags for each managed FortiSwitch

You can use the following commands to add an LLDP asset tag for a managed FortiSwitch:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

set switch-device-tag <string>

end

Adding media endpoint discovery (MED) to an LLDP configuration

You can use the following commands to add media endpoint discovery (MED) features to an LLDP profile:

config switch-controller lldp-profile

edit <lldp-profle>

config med-network-policy

edit guest-voice

set status {disable | enable}

next

edit guest-voice-signaling

set status {disable | enable}

next

edit guest-voice-signaling

set status {disable | enable}

next

edit softphone-voice

set status {disable | enable}

next

edit streaming-video

set status {disable | enable}

next

edit video-conferencing

set status {disable | enable}

next

edit video-signaling

set status {disable | enable}

next

edit voice

set status {disable | enable}

next

edit voice-signaling

set status {disable | enable}

end

config custom-tlvs

edit <name>

set oui <identifier>

set subtype <subtype>

set information-string <string>

end

end

Displaying LLDP information

You can use the following commands to display LLDP information:

diagnose switch-controller switch-info lldp stats <switch> <port>

diagnose switch-controller switch-info lldp neighbors-summary <switch>

diagnose switch-controller switch-info lldp neighbors-detail <switch>

Configuring the LLDP settings

The Fortinet data center switches support the Link Layer Discovery Protocol (LLDP) for transmission and reception wherein the switch will multicast LLDP packets to advertise its identity and capabilities. A switch receives the equivalent information from adjacent layer-2 peers.

Starting in FortiOS 6.4.3, you can also configure the lldp-status and lldp-profile settings of a virtual switch port in a tenant VDOM. NOTE: The auto-isl setting in config switch-controller lldp-profile is ignored, and the setting remains disabled for the tenantʼs ports.

Use the following commands to configure LLDP on a FortiSwitch port:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config ports

edit <port_name>

set lldp-status {rx-only | tx-only | tx-rx | disable}

set lldp-profile <profile_name>

end

end

For example:

config switch-controller managed-switch

edit S524DF4K15000024

config ports

edit port2

set lldp-status tx-rx

set lldp-profile default

end

end

Use the following commands to configure LLDP on a virtual FortiSwitch port in a tenant VDOM:

config vdom

edit <VDOM_name>

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config ports

edit <port_name>

set lldp-status {rx-only | tx-only | tx-rx | disable}

set lldp-profile <profile_name>

next

end

end

end

For example:

config vdom

edit VDOM_1

config switch-controller managed-switch

edit "S424ENTF19000007"

config ports

edit port28

set lldp-status tx-rx

set lldp-profile lldpprofile1

next

end

end

end

Configuring LLDP-MED settings

Starting in FortiOS 6.4.0 and FortiSwitchOS 6.4.0, LLDP neighbor devices are dynamically detected. By default, this feature is enabled in FortiOS but disabled in managed FortiSwitch units. Dynamic detection must be enabled in both FortiOS and FortiSwitchOS for this feature to work.

This section covers the following topics:

To configure LLDP profiles in FortiOS:

config switch-controller lldp-profile

edit <profile_name>

set med-tlvs (inventory-management | network-policy | power-management | location-identification)

set 802.1-tlvs port-vlan-id

set 802.3-tlvs {max-frame-size | power-negotiation}

set auto-isl {enable | disable}

set auto-isl-hello-timer <1-30>

set auto-isl-port-group <0-9>

set auto-isl-receive-timeout <3-90>

config med-network-policy

edit {guest-voice | guest-voice-signaling | softphone-voice | streaming-video | video-conferencing | video-signaling | voice | voice-signaling}

set status {enable | disable}

set vlan-intf <string>

set priority <0-7>

set dscp <0-63>

next

end

config med-location-service

edit {address-civic | coordinates | elin-number}

set status {enable | disable}

set sys-location-id <string>

next

end

config-tlvs

edit <TLV_name>

set oui <hexadecimal_number>

set subtype <0-255>

set information-string <0-507>

next

end

next

end

Variable Description
<profile_name> Enable or disable
med-tlvs (inventory-management | network-policy | power-management | location-identification) Select which LLDP-MED type-length-value descriptions (TLVs) to transmit: inventory-managment TLVs, network-policy TLVs, power-management TLVs for PoE, and location-identification TLVs. You can select one or more option. Separate multiple options with a space.
802.1-tlvs port-vlan-id Transmit the IEEE 802.1 port native-VLAN TLV.
802.3-tlvs {max-frame-size | power-negotiation} Select whether to transmit the IEEE 802.3 maximum frame size TLV, the power-negotiation TLV for PoE, or both. Separate multiple options with a space.
auto-isl {enable | disable} Enable or disable the automatic inter-switch LAG.

auto-isl-hello-timer <1-30>

If you enabled auto-isl, you can set the number of seconds for the automatic inter-switch LAG hello timer. The default value is 3 seconds.

auto-isl-port-group <0-9>

If you enabled auto-isl, you can set the automatic inter-switch LAG port group identifier.

auto-isl-receive-timeout <3-90>

If you enabled auto-isl, you can set the number of seconds before the automatic inter-switch LAG times out if no response is received. The default value is 9 seconds.

config med-network-policy

{guest-voice | guest-voice-signaling | softphone-voice | streaming-video | video-conferencing | video-signaling | voice | voice-signaling}

Select which Media Endpoint Discovery (MED) network policy type-length-value (TLV) category to edit.

status {enable | disable}

Enable or disable whether this TLV is transmitted.

vlan-intf <string>

If you enabled the status, you can enter the VLAN interface to advertise. The maximum length is 15 characters.

priority <0-7>

If you enabled the status, you can enter the advertised Layer-2 priority. Set to 7 for the highest priority.

dscp <0-63>

If you enabled the status, you can enter the advertised Differentiated Services Code Point (DSCP) value to indicate the level of service requested for the traffic.

config med-location-service

{address-civic | coordinates | elin-number}

Select which Media Endpoint Discovery (MED) location type-length-value (TLV) category to edit.

status {enable | disable}

Enable or disable whether this TLV is transmitted.

sys-location-id <string>

If you enabled the status, you can enter the location service identifier. The maximum length is 63 characters.

config-tlvs

<TLV_name>

Enter the name of a custom TLV entry.

oui <hexadecimal_number>

Ener the organizationally unique identifier (OUI), a 3-byte hexadecimal number, for this TLV.

subtype <0-255>

Enter the organizationally defined subtype.

information-string <0-507>

Enter the organizationally defined information string in hexadecimal bytes.

To configure LLDP settings in FortiOS:

config switch-controller lldp-settings

set tx-hold <int>

set tx-interval <int>

set fast-start-interval <int>

set management-interface {internal | management}

set device-detection {enable | disable}

end

 

Variable Description
tx-hold Number of tx-intervals before the local LLDP data expires. Therefore, the packet TTL (in seconds) is tx-hold times tx-interval. The range for tx-hold is 1 to 16, and the default value is 4.
tx-interval How often the FortiSwitch transmits the LLDP PDU. The range is 5 to 4095 seconds, and the default is 30 seconds.
fast-start-interval How often the FortiSwitch transmits the first 4 LLDP packets when a link comes up. The range is 2 to 5 seconds, and the default is 2 seconds. Set this variable to zero to disable fast start.
management-interface Primary management interface to be advertised in LLDP and CDP PDUs.

device-detection {enable | disable}

Enable or disable whether LLDP neighbor devices are dynamically detected. By default, this setting is disabled.

To configure dynamic detection of LLDP neighbor devices in FortiSwitchOS:

config switch lldp settings

set device-detection enable

end

Creating LLDP asset tags for each managed FortiSwitch

You can use the following commands to add an LLDP asset tag for a managed FortiSwitch:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

set switch-device-tag <string>

end

Adding media endpoint discovery (MED) to an LLDP configuration

You can use the following commands to add media endpoint discovery (MED) features to an LLDP profile:

config switch-controller lldp-profile

edit <lldp-profle>

config med-network-policy

edit guest-voice

set status {disable | enable}

next

edit guest-voice-signaling

set status {disable | enable}

next

edit guest-voice-signaling

set status {disable | enable}

next

edit softphone-voice

set status {disable | enable}

next

edit streaming-video

set status {disable | enable}

next

edit video-conferencing

set status {disable | enable}

next

edit video-signaling

set status {disable | enable}

next

edit voice

set status {disable | enable}

next

edit voice-signaling

set status {disable | enable}

end

config custom-tlvs

edit <name>

set oui <identifier>

set subtype <subtype>

set information-string <string>

end

end

Displaying LLDP information

You can use the following commands to display LLDP information:

diagnose switch-controller switch-info lldp stats <switch> <port>

diagnose switch-controller switch-info lldp neighbors-summary <switch>

diagnose switch-controller switch-info lldp neighbors-detail <switch>

Configuring the LLDP settings

The Fortinet data center switches support the Link Layer Discovery Protocol (LLDP) for transmission and reception wherein the switch will multicast LLDP packets to advertise its identity and capabilities. A switch receives the equivalent information from adjacent layer-2 peers.

Starting in FortiOS 6.4.3, you can also configure the lldp-status and lldp-profile settings of a virtual switch port in a tenant VDOM. NOTE: The auto-isl setting in config switch-controller lldp-profile is ignored, and the setting remains disabled for the tenantʼs ports.

Use the following commands to configure LLDP on a FortiSwitch port:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config ports

edit <port_name>

set lldp-status {rx-only | tx-only | tx-rx | disable}

set lldp-profile <profile_name>

end

end

For example:

config switch-controller managed-switch

edit S524DF4K15000024

config ports

edit port2

set lldp-status tx-rx

set lldp-profile default

end

end

Use the following commands to configure LLDP on a virtual FortiSwitch port in a tenant VDOM:

config vdom

edit <VDOM_name>

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config ports

edit <port_name>

set lldp-status {rx-only | tx-only | tx-rx | disable}

set lldp-profile <profile_name>

next

end

end

end

For example:

config vdom

edit VDOM_1

config switch-controller managed-switch

edit "S424ENTF19000007"

config ports

edit port28

set lldp-status tx-rx

set lldp-profile lldpprofile1

next

end

end

end