Fortinet white logo
Fortinet white logo

Physical port settings

Physical port settings

The following sections describe the configuration settings that are associated with FortiSwitch physical ports:

Configuring general port settings

Using the GUI:
  1. Go to Switch > Port > Physical.
  2. Select the port to update and then select Edit.
  3. Enter an optional description of the port in the Description field.
  4. Select Up or Down for the Administrative Status.
  5. Select Update to save your changes.
Using the CLI:

config switch physical-port

edit <port_name>

set status {up | down}

set description <string>

set max-frame-size <bytes_int>

end

General port settings include:

  • status—Administrative status of the port
  • description—Text description for the port
  • max-frame-size—Maximum frame size in bytes (between 68 and 9216)

NOTE: For the eight models in the FS-1xxE series, the max-frame-size command is under the config switch global command.

Viewing port statistics

Using the GUI:

Go to Switch > Monitor > Port Stats.

To clear the statistics on all ports, select Select All and then select Reset Stats.

To clear the statistics on some of the ports, select the ports and then select Reset Stats.

Using the CLI:

diagnose switch physical-ports port-stats list [<list_of_ports>]

For example:

diagnose switch physical-ports port-stats list 1,3,4-6

To clear all hardware counters (except for QoS, SNMP, and web GUI counters) on the specified ports:

diagnose switch physical-ports set-counter-zero [<list_of_ports>]

To restore hardware counters (except for QoS, SNMP, and web GUI counters) on the specified ports:

diagnose switch physical-ports set-counter-revert [<list_of_ports>]

Configuring flow control, priority-based flow control, and ingress pause metering

Flow control allows you to configure a port to send or receive a “pause frame” (that is, a special packet that signals a source to stop sending flows for a specific time interval because the buffer is full). By default, flow control is disabled on all ports.

config switch physical-port

edit <port_name>

set flow-control {both | rx | tx | disable}

end

Parameters enable flow control to do the following:

  • rx—receive pause control frames
  • tx—transmit pause control frames
  • both—transmit and receive pause control frames

Priority-based flow control allows you to avoid frame loss by stopping incoming traffic when a queue is congested.

After you enable priority-based flow control, you then configure whether a port sends or receives a priority-based control frame:

config switch physical-port

edit <port_name>

set priority-based-flow-control enable

set flow-control {both | rx | tx | disable}

end

When priority-based flow control is disabled, 802.3 flow control can be used.

NOTE: Priority-based flow control does not support half-duplex speed. When FortiSwitch ports are set to autonegotiate the port speed (the default), priority-based flow control is available if the FortiSwitch model supports it. Lossless buffer management and traffic class mapping are not supported.

If you enable flow control to transmit pause control frames (with the set flow-control tx command), you can also use ingress pause metering to limit the input bandwidth of an ingress port. Because ingress pause metering stops the traffic temporarily instead of dropping it, ingress pause metering can provide better performance than policing when the port is connected to a server or end station. To use ingress pause metering, you need to set the ingress metering rate in kilobits and set the percentage of the threshold for resuming traffic on the ingress port.

config switch physical-port

edit <port_name>

set flow-control tx

set pause-meter-rate <64–2147483647; set to 0 to disable>

set pause-resume {25% | 50% | 75%}

next

end

For example:

config switch physical-port

edit port29

set flow-control tx

set pause-meter-rate 900

set pause-resume 50%

next

end

Auto-module speed detection

When you enable auto-module speed detection, the system reads information from the module and sets the port speed to the maximum speed that is advertised by the module. If the system encounters a problem when reading from the module, it sets the default speed (default value is platform specific).

When auto-module sets the speed, the system creates a log entry noting this speed.

NOTE: Auto-speed detection is supported on 1/10G ports, but not on higher speed ports (such as 40G).

Setting port speed (autonegotiation)

By default, all of the FortiSwitch user ports are set to autonegotiate the port speed. You can also manually set the port speed. The port speeds available differ, depending on the port and switch.

Using the GUI:
  1. Go to Switch > Port > Physical and select the port.
  2. Select Edit.
  3. Select Auto-Negotiation or the appropriate port speed.
  4. Select Update.
Using the CLI:

config switch physical-port

edit <port>

set speed {1000auto | 100full | 100half | 10full | 10half | auto | 10000cr | 10000full | 10000sr | 1000full | auto-module}

end

Viewing auto-module configuration

Display the status of auto-module using following command:

config switch physical-port

edit port47

show

end

config switch physical-port

edit "port47"

set max-frame-size 16360

set speed 10000full

get

name : port47

description : (null)

flow-control : both

link-status : down

lldp-transmit : disable

max-frame-size : 16360

port-index : 47

speed : 10000full

status : up

end

Link-layer discovery protocol

The Fortinet data center switches support LLDP (transmission and reception). The link layer discovery protocol (LLDP) is a vendor-neutral layer-2 protocol that enables devices on a layer-2 segment to discover information about each other.

For details, refer to LLDP-MED.

Configuring power over Ethernet on a port

You can enable PoE, configure dynamic guard band, and set the priority power allocation for a specific port.

The dynamic guard band is set automatically to the expected power of a port before turning on the port. So, when a PoE device is plugged in, the dynamic guard band is set to the maximum power of the device type based on the AF or AT mode. The AF mode DGB is 15.4 W, and the AT mode DGB is 36 W. When the FortiSwitch unit is fully loaded, the dynamic guard band prevents a new PoE device from turning on.

When power to PoE ports is allocated by priority, lower numbered ports have higher priority so that port 1 has the highest priority. When more power is needed than is available, higher numbered ports are disabled first.

When power to PoE ports is allocated by first-come, first-served (FCFS), connected PoE devices receive power, but new devices do not receive power if there is not enough power.

If both priority power allocation and FCFS power allocation are selected, the physical port setting takes precedence over the global setting.

Enabling or disabling PoE in the GUI

  1. Go to Switch > Port > Physical.
  2. Select a port and then select Edit.
  3. For the POE Status, select Enable or Disable.
  4. Select a power priority for the port. You can select High Priority, Critical Priority, or Low Priority. If there is not enough power, power is allotted first to Critical Priority ports, then to High Priority ports, and then to Low Priority ports.
  5. Select Update.

Configuring PoE in the CLI

config switch physical-port

edit <port>

set poe-status {enable | disable}

set poe-port-mode {IEEE802_3AF | IEEE802_3AT}

set poe-port-priority {critical-priority | high-priority | low-priority}

set poe-pre-standard-detect {disable | enable}

end

note icon

PoE pre-standard detection is a global setting for the following FortiSwitch models: FSR-112D-POE, FS-548D-FPOE, FS-524D-FPOE, FS-108D-POE, FS-224D-POE, FS-108E-POE, FS-108E-FPOE, FS-124E-POE, and FS-124E-FPOE.

For the other FortiSwitch PoE models, PoE pre-standard detection is set on each port.

Determining the PoE power capacity

Using the GUI:

Go to Switch > Port > Physical. The Power column displays the power capacity for each PoE port.

Using the CLI:

get switch poe inline

Resetting the PoE power

Using the GUI:
  1. Go to Switch > Port > Physical.
  2. Select a port and then select POE Reset.
  3. In the confirmation dialog box, select Reset.
Using the CLI:

execute poe-reset <port>

Displaying PoE information

Using the GUI:

Go to Switch > Port > Physical to see information about each PoE port. Hover over the traffic column to get specific values.

Using the CLI:

diagnose switch poe status <port>

The following example displays the information for port 6:

diagnose switch poe status port6

Port(6) Power:4.20W, Power-Status: Delivering Power

Power-Up Mode: Normal Mode

Remote Power Device Type: IEEE802.3AT PD

Power Class: 4

Defined Max Power: 30.0W, Priority:3

Voltage: 54.00V

Current: 71mA

Energy-efficient Ethernet

When no data is being transferred through a port, energy-efficient Ethernet (EEE) puts the data link in sleep mode to reduce the power consumption of the FortiSwitch unit. When data flows through the port, the port resumes using the normal amount of power. EEE works over standard twisted-pair copper cables and supports 10 Mbps, 100 Mbps, 1 Gps, and 10 Ge. EEE does not reduce bandwidth or throughput.

If you are using the CLI, you can also specify the number of microseconds that circuits are turned off to save power and the number of microseconds during which no data is transmitted while the circuits that were turned off are being restarted.

In addition, you can use the LLDP 802.3 TLV to advertise the EEE configuration.

NOTE: EEE is not supported on SFP and QSFP modules.

Using the GUI:
  1. Go to Switch > Port > Physical.
  2. Select a port and then select Edit.
  3. Under Energy-Efficient Ethernet, select Enable.
  4. To save your changes, select Update.

To check which ports have EEE enabled, go to Switch > Port > Physical. A green arrow in the EEE column indicates that EEE is enabled for that port. A red arrow in the EEE column indicates that EEE is disabled for that port.

Using the CLI:

NOTE: When you change the eee-tx-wake-time value, the port resets, and the connection is lost briefly.

config switch physical-port

edit <port_name>

set energy-efficient-ethernet {enable | disable}

set eee-tx-idle-time <0-2560>

set eee-tx-wake-time <0-2560>

end

For example, to use EEE on port 7:

config switch physical-port

edit port7

set energy-efficient-ethernet enable

set eee-tx-idle-time 500

set ee-tx-wake-time 200

end

To check that EEE is enabled on port 7:

diagnose switch physical-ports eee-status port7

To check which ports have EEE enabled:

diagnose switch physical-ports eee-status

To advertise the EEE configuration in the LLDP 802.3 TLV:

config switch lldp profile

edit <profile_name>

set 802.3-tlvs eee-config

next

end

To check that the EEE configuration is being advertised:

diagnose switch physical-ports eee-status

Diagnostic monitoring interface module status

With diagnostic monitoring interface (DMI), you can view the following information

  • Module details (detail)
  • Eeprom contents (eeprom)
  • Module limits (limit)
  • Module status (status)
  • Summary information of all a port’s modules (summary)
Using the GUI:

Go to Switch > Monitor > Modules.

Using the CLI:

Use the following commands to enable or disable DMI status for the port. If you set the status to global, the port setting will match the global setting:

config switch physical-port

edit <interface>

set dmi-status {disable | enable | global}

end

Use the get switch modules detail/status command to display DMI information:

FS108E3W14000720 # get switch modules detail port10

____________________________________________________________

Port(port10)

identifier SFP/SFP+

connector Unk (0x00)

transceiver 1000-Base-T

encoding 8B/10B

Length Decode Common

length_smf_1km N/A

length_cable 100 meter

SFP Specific

length_smf_100m N/A

length_50um_om2 N/A

length_62um_om1 N/A

length_50um_om3 N/A

vendor FINISAR CORP.

vendor_oid 0x009065

vendor_pn FCLF-8521-3

vendor_rev A

vendor_sn PBR1X35

manuf_date 06/20/2007

The following is an example of the output for the switch modules status command:

FS108E3W14000720 # get switch modules status port9

____________________________________________________________

Port(port9)

alarm_flags 0x0040

warning_flags 0x0040

temperature 18.792969 C

voltage 3.315100 volts

laser_bias 0.750800 mAmps

tx_power -2.502637 dBm

rx_power -40.000000 dBm

options 0x000F ( TX_DISABLE TX_FAULT RX_LOSS TX_POWER_LEVEL1 )

options_status 0x000C ( RX_LOSS TX_POWER_LEVEL1 )

Configuring split ports

On FortiSwitch models that provide 40G QSFP (quad small form-factor pluggable) interfaces, you can install a breakout cable to convert one 40G interface into four 10G interfaces.

Notes

  • Splitting ports is supported on the following FortiSwitch models:
    • 3032D (ports 5 to 28 are splittable)
    • 3032E (Ports can be split into 4 x 25G when configured in 100G QSFP28 mode or can be split into 4 x 10G when configured in 40G QSFP mode. Use the set <port-name>-phy-mode disabled command to disable some 100G ports to allow up to sixty-two 100G/25G/10G ports.
    • 524D, 524D-FPOE (ports 29 and 30 are splittable)
    • 548D, 548D-FPOE (ports 53 and 54 are splittable)
    • 1048E (In the 4 x 100G configuration, ports 49, 50, 51, and 52 are splittable as 4 x 25G, 4 x 10G, 4 x 1G, or 2 x 50G. Only two of the available ports can be split.)
    • 1048E (In the 4 x 4 x 25G configuration, ports 49, 50, 51, and 52 are splittable as 4 x 4 x 25G or 2 x 50G. All four ports can be split, but ports 47 and 48 are disabled.)
    • 1048E (In the 6 x 40G configuration, ports 49, 50, 51, 52, 53, 54 are splittable as 4 x 10G or 4 x 1G.)

    Use the set port-configuration ? command to check which ports are supported for each model.

  • Currently, the maximum number of ports supported in software is 64 (including the management port). Therefore, only 10 QSFP ports can be split. This limitation applies to all of the models, but only the 3032D, the 3032E, and the 1048E models have enough ports to encounter this limit.
  • Starting in FortiOS 6.2.0, splitting ports is supported in FortiLink mode (that is, the FortiSwitch unit managed by a FortiGate unit).
  • Starting in FortiSwitchOS 6.4.0, FC-FEC (cl74) is enabled as the default setting for ports that have been split to 4x25G. Use the following commands to change the setting:

    config switch physical-port

    edit <split_port_name>

    set fec-state {cl74 | disabled}

    end

  • Starting in FortiSwitchOS 6.4.0, FC-FEC (cl74) is enabled as the default setting for ports that have been split to 4x100G. Use the following commands to change the setting:

    config switch physical-port

    edit <split_port_name>

    set fec {cl74 | disabled}

    end

  • Use 10000full for the general 10G interface configuration. If that setting does not work, use 10000cr for copper connections (with copper cables such as 10GBASE-CR) or use 10000sr for fiber connections (fiber optic transceivers such as 10GBASE-SR/-LR/-ER/-ZR).

Configuring a split port

Use the following commands to configure a split port:

config switch phy-mode

set port-configuration {default | disable-port54 | disable-port41-48 | 4x100G | 6x40G | 4x4x25G}

set {<port-name>-phy-mode <single-port| 4x25G | 4x10G | 4x1G | 2x50G}

...

(one entry for each port that supports split port)

end

The following settings are available:

  • disable-port54—For 548D and 548D-FPOE, only port53 is splittable; port54 is unavailable.
  • disable-port41-48—For 548D and 548D-FPOE, port41 to port48 are unavailable, but you can configure port53 and port54 in split-mode.
  • 4x100G—For 1048E, enable the maximum speed (100G) of ports 49 through 52. Ports 53 and 54 are disabled.
  • 6x40G—For 1048E, enable the maximum speed (40G) of ports 49 through 54.
  • 4x4x25G—For 1048E, enable the maximum speed (100G) of ports 49 through 52; each split port has a maximum speed of 25G. Ports 47 and 48 are disabled.
  • single-port—Use the port at the full base speed without splitting it.
  • 4x25G—For 100G QSFP only, split one port into four subports of 25 Gbps each.
  • 4x10G—For 40G or 100G QSFP only, split one port into four subports of 10Gbps each.
  • 4x1G—For 40G or 100G QSFP only, split one port into four subports of 1 Gbps each.
  • 2x50G—For 100G QSFP only, split one port into two subports of 50 Gbps each.

In the following example, a FortiSwitch 3032D model is configured with ports 10, 14, and 28 set to 4x10G:

config switch phy-mode

set port5-phy-mode 1x40G

set port6-phy-mode 1x40G

set port7-phy-mode 1x40G

set port8-phy-mode 1x40G

set port9-phy-mode 1x40G

set port10-phy-mode 4x10G

set port11-phy-mode 1x40G

set port12-phy-mode 1x40G

set port13-phy-mode 1x40G

set port14-phy-mode 4x10G

set port15-phy-mode 1x40G

set port16-phy-mode 1x40G

set port17-phy-mode 1x40G

set port18-phy-mode 1x40G

set port19-phy-mode 1x40G

set port20-phy-mode 1x40G

set port21-phy-mode 1x40G

set port22-phy-mode 1x40G

set port23-phy-mode 1x40G

set port24-phy-mode 1x40G

set port25-phy-mode 1x40G

set port26-phy-mode 1x40G

set port27-phy-mode 1x40G

set port28-phy-mode 4x10G

end

In the following example, a FortiSwitch 1048E model is configured so that each port is split into four subports of 25 Gbps each.

config switch phy-mode

set port-configuration 4x4x25G

set port49-phy-mode 4x25G

set port50-phy-mode 4x25G

set port51-phy-mode 4x25G

set port52-phy-mode 4x25G

end

The system applies the configuration only after you enter the end command, displaying the following message:

This change will cause a ports to be added and removed, this will cause loss of configuration on removed ports. The system will have to reboot to apply this change.

Do you want to continue? (y/n)y

To configure one of the split ports, use the notation ".x" to specify the split port:

config switch physical-port

edit "port1"

set lldp-profile "default-auto-isl"

set speed 40000full

next

edit "port2"

set lldp-profile "default-auto-isl"

set speed 40000full

next

edit "port3"

set lldp-profile "default-auto-isl"

set speed 40000full

next

edit "port4"

set lldp-profile "default-auto-isl"

set speed 40000full

next

edit "port5.1"

set speed 10000full

next

edit "port5.2"

set speed 10000full

next

edit "port5.3"

set speed 10000full

next

edit "port5.4"

set speed 10000full

next

end

Configuring QSFP low-power mode

On FortiSwitch models with QSFP (quad small form-factor pluggable) ports, you can enable or disable the low-power mode with the following CLI commands:

config switch physical-port

edit <port_name>

set qsfp-low-power-mode {enabled | disabled}

end

For example:

config switch physical-port

edit port12

set qsfp-low-power-mode disabled

end

Configuring physical port loopbacks

You can use the CLI to loop a physical port back on itself, either locally or remotely:

  • The local loopback is a physical-layer loopback. If the hardware does not support a physical-layer loopback, a MAC-address loopback is used instead.
  • The remote loopback is a physical-layer lineside loopback.

By default this feature is disabled.

To configure a physical port loopback:

config switch physical-port

edit <port_name>

set loopback {disable | local | remote}

next

end

Physical port settings

Physical port settings

The following sections describe the configuration settings that are associated with FortiSwitch physical ports:

Configuring general port settings

Using the GUI:
  1. Go to Switch > Port > Physical.
  2. Select the port to update and then select Edit.
  3. Enter an optional description of the port in the Description field.
  4. Select Up or Down for the Administrative Status.
  5. Select Update to save your changes.
Using the CLI:

config switch physical-port

edit <port_name>

set status {up | down}

set description <string>

set max-frame-size <bytes_int>

end

General port settings include:

  • status—Administrative status of the port
  • description—Text description for the port
  • max-frame-size—Maximum frame size in bytes (between 68 and 9216)

NOTE: For the eight models in the FS-1xxE series, the max-frame-size command is under the config switch global command.

Viewing port statistics

Using the GUI:

Go to Switch > Monitor > Port Stats.

To clear the statistics on all ports, select Select All and then select Reset Stats.

To clear the statistics on some of the ports, select the ports and then select Reset Stats.

Using the CLI:

diagnose switch physical-ports port-stats list [<list_of_ports>]

For example:

diagnose switch physical-ports port-stats list 1,3,4-6

To clear all hardware counters (except for QoS, SNMP, and web GUI counters) on the specified ports:

diagnose switch physical-ports set-counter-zero [<list_of_ports>]

To restore hardware counters (except for QoS, SNMP, and web GUI counters) on the specified ports:

diagnose switch physical-ports set-counter-revert [<list_of_ports>]

Configuring flow control, priority-based flow control, and ingress pause metering

Flow control allows you to configure a port to send or receive a “pause frame” (that is, a special packet that signals a source to stop sending flows for a specific time interval because the buffer is full). By default, flow control is disabled on all ports.

config switch physical-port

edit <port_name>

set flow-control {both | rx | tx | disable}

end

Parameters enable flow control to do the following:

  • rx—receive pause control frames
  • tx—transmit pause control frames
  • both—transmit and receive pause control frames

Priority-based flow control allows you to avoid frame loss by stopping incoming traffic when a queue is congested.

After you enable priority-based flow control, you then configure whether a port sends or receives a priority-based control frame:

config switch physical-port

edit <port_name>

set priority-based-flow-control enable

set flow-control {both | rx | tx | disable}

end

When priority-based flow control is disabled, 802.3 flow control can be used.

NOTE: Priority-based flow control does not support half-duplex speed. When FortiSwitch ports are set to autonegotiate the port speed (the default), priority-based flow control is available if the FortiSwitch model supports it. Lossless buffer management and traffic class mapping are not supported.

If you enable flow control to transmit pause control frames (with the set flow-control tx command), you can also use ingress pause metering to limit the input bandwidth of an ingress port. Because ingress pause metering stops the traffic temporarily instead of dropping it, ingress pause metering can provide better performance than policing when the port is connected to a server or end station. To use ingress pause metering, you need to set the ingress metering rate in kilobits and set the percentage of the threshold for resuming traffic on the ingress port.

config switch physical-port

edit <port_name>

set flow-control tx

set pause-meter-rate <64–2147483647; set to 0 to disable>

set pause-resume {25% | 50% | 75%}

next

end

For example:

config switch physical-port

edit port29

set flow-control tx

set pause-meter-rate 900

set pause-resume 50%

next

end

Auto-module speed detection

When you enable auto-module speed detection, the system reads information from the module and sets the port speed to the maximum speed that is advertised by the module. If the system encounters a problem when reading from the module, it sets the default speed (default value is platform specific).

When auto-module sets the speed, the system creates a log entry noting this speed.

NOTE: Auto-speed detection is supported on 1/10G ports, but not on higher speed ports (such as 40G).

Setting port speed (autonegotiation)

By default, all of the FortiSwitch user ports are set to autonegotiate the port speed. You can also manually set the port speed. The port speeds available differ, depending on the port and switch.

Using the GUI:
  1. Go to Switch > Port > Physical and select the port.
  2. Select Edit.
  3. Select Auto-Negotiation or the appropriate port speed.
  4. Select Update.
Using the CLI:

config switch physical-port

edit <port>

set speed {1000auto | 100full | 100half | 10full | 10half | auto | 10000cr | 10000full | 10000sr | 1000full | auto-module}

end

Viewing auto-module configuration

Display the status of auto-module using following command:

config switch physical-port

edit port47

show

end

config switch physical-port

edit "port47"

set max-frame-size 16360

set speed 10000full

get

name : port47

description : (null)

flow-control : both

link-status : down

lldp-transmit : disable

max-frame-size : 16360

port-index : 47

speed : 10000full

status : up

end

Link-layer discovery protocol

The Fortinet data center switches support LLDP (transmission and reception). The link layer discovery protocol (LLDP) is a vendor-neutral layer-2 protocol that enables devices on a layer-2 segment to discover information about each other.

For details, refer to LLDP-MED.

Configuring power over Ethernet on a port

You can enable PoE, configure dynamic guard band, and set the priority power allocation for a specific port.

The dynamic guard band is set automatically to the expected power of a port before turning on the port. So, when a PoE device is plugged in, the dynamic guard band is set to the maximum power of the device type based on the AF or AT mode. The AF mode DGB is 15.4 W, and the AT mode DGB is 36 W. When the FortiSwitch unit is fully loaded, the dynamic guard band prevents a new PoE device from turning on.

When power to PoE ports is allocated by priority, lower numbered ports have higher priority so that port 1 has the highest priority. When more power is needed than is available, higher numbered ports are disabled first.

When power to PoE ports is allocated by first-come, first-served (FCFS), connected PoE devices receive power, but new devices do not receive power if there is not enough power.

If both priority power allocation and FCFS power allocation are selected, the physical port setting takes precedence over the global setting.

Enabling or disabling PoE in the GUI

  1. Go to Switch > Port > Physical.
  2. Select a port and then select Edit.
  3. For the POE Status, select Enable or Disable.
  4. Select a power priority for the port. You can select High Priority, Critical Priority, or Low Priority. If there is not enough power, power is allotted first to Critical Priority ports, then to High Priority ports, and then to Low Priority ports.
  5. Select Update.

Configuring PoE in the CLI

config switch physical-port

edit <port>

set poe-status {enable | disable}

set poe-port-mode {IEEE802_3AF | IEEE802_3AT}

set poe-port-priority {critical-priority | high-priority | low-priority}

set poe-pre-standard-detect {disable | enable}

end

note icon

PoE pre-standard detection is a global setting for the following FortiSwitch models: FSR-112D-POE, FS-548D-FPOE, FS-524D-FPOE, FS-108D-POE, FS-224D-POE, FS-108E-POE, FS-108E-FPOE, FS-124E-POE, and FS-124E-FPOE.

For the other FortiSwitch PoE models, PoE pre-standard detection is set on each port.

Determining the PoE power capacity

Using the GUI:

Go to Switch > Port > Physical. The Power column displays the power capacity for each PoE port.

Using the CLI:

get switch poe inline

Resetting the PoE power

Using the GUI:
  1. Go to Switch > Port > Physical.
  2. Select a port and then select POE Reset.
  3. In the confirmation dialog box, select Reset.
Using the CLI:

execute poe-reset <port>

Displaying PoE information

Using the GUI:

Go to Switch > Port > Physical to see information about each PoE port. Hover over the traffic column to get specific values.

Using the CLI:

diagnose switch poe status <port>

The following example displays the information for port 6:

diagnose switch poe status port6

Port(6) Power:4.20W, Power-Status: Delivering Power

Power-Up Mode: Normal Mode

Remote Power Device Type: IEEE802.3AT PD

Power Class: 4

Defined Max Power: 30.0W, Priority:3

Voltage: 54.00V

Current: 71mA

Energy-efficient Ethernet

When no data is being transferred through a port, energy-efficient Ethernet (EEE) puts the data link in sleep mode to reduce the power consumption of the FortiSwitch unit. When data flows through the port, the port resumes using the normal amount of power. EEE works over standard twisted-pair copper cables and supports 10 Mbps, 100 Mbps, 1 Gps, and 10 Ge. EEE does not reduce bandwidth or throughput.

If you are using the CLI, you can also specify the number of microseconds that circuits are turned off to save power and the number of microseconds during which no data is transmitted while the circuits that were turned off are being restarted.

In addition, you can use the LLDP 802.3 TLV to advertise the EEE configuration.

NOTE: EEE is not supported on SFP and QSFP modules.

Using the GUI:
  1. Go to Switch > Port > Physical.
  2. Select a port and then select Edit.
  3. Under Energy-Efficient Ethernet, select Enable.
  4. To save your changes, select Update.

To check which ports have EEE enabled, go to Switch > Port > Physical. A green arrow in the EEE column indicates that EEE is enabled for that port. A red arrow in the EEE column indicates that EEE is disabled for that port.

Using the CLI:

NOTE: When you change the eee-tx-wake-time value, the port resets, and the connection is lost briefly.

config switch physical-port

edit <port_name>

set energy-efficient-ethernet {enable | disable}

set eee-tx-idle-time <0-2560>

set eee-tx-wake-time <0-2560>

end

For example, to use EEE on port 7:

config switch physical-port

edit port7

set energy-efficient-ethernet enable

set eee-tx-idle-time 500

set ee-tx-wake-time 200

end

To check that EEE is enabled on port 7:

diagnose switch physical-ports eee-status port7

To check which ports have EEE enabled:

diagnose switch physical-ports eee-status

To advertise the EEE configuration in the LLDP 802.3 TLV:

config switch lldp profile

edit <profile_name>

set 802.3-tlvs eee-config

next

end

To check that the EEE configuration is being advertised:

diagnose switch physical-ports eee-status

Diagnostic monitoring interface module status

With diagnostic monitoring interface (DMI), you can view the following information

  • Module details (detail)
  • Eeprom contents (eeprom)
  • Module limits (limit)
  • Module status (status)
  • Summary information of all a port’s modules (summary)
Using the GUI:

Go to Switch > Monitor > Modules.

Using the CLI:

Use the following commands to enable or disable DMI status for the port. If you set the status to global, the port setting will match the global setting:

config switch physical-port

edit <interface>

set dmi-status {disable | enable | global}

end

Use the get switch modules detail/status command to display DMI information:

FS108E3W14000720 # get switch modules detail port10

____________________________________________________________

Port(port10)

identifier SFP/SFP+

connector Unk (0x00)

transceiver 1000-Base-T

encoding 8B/10B

Length Decode Common

length_smf_1km N/A

length_cable 100 meter

SFP Specific

length_smf_100m N/A

length_50um_om2 N/A

length_62um_om1 N/A

length_50um_om3 N/A

vendor FINISAR CORP.

vendor_oid 0x009065

vendor_pn FCLF-8521-3

vendor_rev A

vendor_sn PBR1X35

manuf_date 06/20/2007

The following is an example of the output for the switch modules status command:

FS108E3W14000720 # get switch modules status port9

____________________________________________________________

Port(port9)

alarm_flags 0x0040

warning_flags 0x0040

temperature 18.792969 C

voltage 3.315100 volts

laser_bias 0.750800 mAmps

tx_power -2.502637 dBm

rx_power -40.000000 dBm

options 0x000F ( TX_DISABLE TX_FAULT RX_LOSS TX_POWER_LEVEL1 )

options_status 0x000C ( RX_LOSS TX_POWER_LEVEL1 )

Configuring split ports

On FortiSwitch models that provide 40G QSFP (quad small form-factor pluggable) interfaces, you can install a breakout cable to convert one 40G interface into four 10G interfaces.

Notes

  • Splitting ports is supported on the following FortiSwitch models:
    • 3032D (ports 5 to 28 are splittable)
    • 3032E (Ports can be split into 4 x 25G when configured in 100G QSFP28 mode or can be split into 4 x 10G when configured in 40G QSFP mode. Use the set <port-name>-phy-mode disabled command to disable some 100G ports to allow up to sixty-two 100G/25G/10G ports.
    • 524D, 524D-FPOE (ports 29 and 30 are splittable)
    • 548D, 548D-FPOE (ports 53 and 54 are splittable)
    • 1048E (In the 4 x 100G configuration, ports 49, 50, 51, and 52 are splittable as 4 x 25G, 4 x 10G, 4 x 1G, or 2 x 50G. Only two of the available ports can be split.)
    • 1048E (In the 4 x 4 x 25G configuration, ports 49, 50, 51, and 52 are splittable as 4 x 4 x 25G or 2 x 50G. All four ports can be split, but ports 47 and 48 are disabled.)
    • 1048E (In the 6 x 40G configuration, ports 49, 50, 51, 52, 53, 54 are splittable as 4 x 10G or 4 x 1G.)

    Use the set port-configuration ? command to check which ports are supported for each model.

  • Currently, the maximum number of ports supported in software is 64 (including the management port). Therefore, only 10 QSFP ports can be split. This limitation applies to all of the models, but only the 3032D, the 3032E, and the 1048E models have enough ports to encounter this limit.
  • Starting in FortiOS 6.2.0, splitting ports is supported in FortiLink mode (that is, the FortiSwitch unit managed by a FortiGate unit).
  • Starting in FortiSwitchOS 6.4.0, FC-FEC (cl74) is enabled as the default setting for ports that have been split to 4x25G. Use the following commands to change the setting:

    config switch physical-port

    edit <split_port_name>

    set fec-state {cl74 | disabled}

    end

  • Starting in FortiSwitchOS 6.4.0, FC-FEC (cl74) is enabled as the default setting for ports that have been split to 4x100G. Use the following commands to change the setting:

    config switch physical-port

    edit <split_port_name>

    set fec {cl74 | disabled}

    end

  • Use 10000full for the general 10G interface configuration. If that setting does not work, use 10000cr for copper connections (with copper cables such as 10GBASE-CR) or use 10000sr for fiber connections (fiber optic transceivers such as 10GBASE-SR/-LR/-ER/-ZR).

Configuring a split port

Use the following commands to configure a split port:

config switch phy-mode

set port-configuration {default | disable-port54 | disable-port41-48 | 4x100G | 6x40G | 4x4x25G}

set {<port-name>-phy-mode <single-port| 4x25G | 4x10G | 4x1G | 2x50G}

...

(one entry for each port that supports split port)

end

The following settings are available:

  • disable-port54—For 548D and 548D-FPOE, only port53 is splittable; port54 is unavailable.
  • disable-port41-48—For 548D and 548D-FPOE, port41 to port48 are unavailable, but you can configure port53 and port54 in split-mode.
  • 4x100G—For 1048E, enable the maximum speed (100G) of ports 49 through 52. Ports 53 and 54 are disabled.
  • 6x40G—For 1048E, enable the maximum speed (40G) of ports 49 through 54.
  • 4x4x25G—For 1048E, enable the maximum speed (100G) of ports 49 through 52; each split port has a maximum speed of 25G. Ports 47 and 48 are disabled.
  • single-port—Use the port at the full base speed without splitting it.
  • 4x25G—For 100G QSFP only, split one port into four subports of 25 Gbps each.
  • 4x10G—For 40G or 100G QSFP only, split one port into four subports of 10Gbps each.
  • 4x1G—For 40G or 100G QSFP only, split one port into four subports of 1 Gbps each.
  • 2x50G—For 100G QSFP only, split one port into two subports of 50 Gbps each.

In the following example, a FortiSwitch 3032D model is configured with ports 10, 14, and 28 set to 4x10G:

config switch phy-mode

set port5-phy-mode 1x40G

set port6-phy-mode 1x40G

set port7-phy-mode 1x40G

set port8-phy-mode 1x40G

set port9-phy-mode 1x40G

set port10-phy-mode 4x10G

set port11-phy-mode 1x40G

set port12-phy-mode 1x40G

set port13-phy-mode 1x40G

set port14-phy-mode 4x10G

set port15-phy-mode 1x40G

set port16-phy-mode 1x40G

set port17-phy-mode 1x40G

set port18-phy-mode 1x40G

set port19-phy-mode 1x40G

set port20-phy-mode 1x40G

set port21-phy-mode 1x40G

set port22-phy-mode 1x40G

set port23-phy-mode 1x40G

set port24-phy-mode 1x40G

set port25-phy-mode 1x40G

set port26-phy-mode 1x40G

set port27-phy-mode 1x40G

set port28-phy-mode 4x10G

end

In the following example, a FortiSwitch 1048E model is configured so that each port is split into four subports of 25 Gbps each.

config switch phy-mode

set port-configuration 4x4x25G

set port49-phy-mode 4x25G

set port50-phy-mode 4x25G

set port51-phy-mode 4x25G

set port52-phy-mode 4x25G

end

The system applies the configuration only after you enter the end command, displaying the following message:

This change will cause a ports to be added and removed, this will cause loss of configuration on removed ports. The system will have to reboot to apply this change.

Do you want to continue? (y/n)y

To configure one of the split ports, use the notation ".x" to specify the split port:

config switch physical-port

edit "port1"

set lldp-profile "default-auto-isl"

set speed 40000full

next

edit "port2"

set lldp-profile "default-auto-isl"

set speed 40000full

next

edit "port3"

set lldp-profile "default-auto-isl"

set speed 40000full

next

edit "port4"

set lldp-profile "default-auto-isl"

set speed 40000full

next

edit "port5.1"

set speed 10000full

next

edit "port5.2"

set speed 10000full

next

edit "port5.3"

set speed 10000full

next

edit "port5.4"

set speed 10000full

next

end

Configuring QSFP low-power mode

On FortiSwitch models with QSFP (quad small form-factor pluggable) ports, you can enable or disable the low-power mode with the following CLI commands:

config switch physical-port

edit <port_name>

set qsfp-low-power-mode {enabled | disabled}

end

For example:

config switch physical-port

edit port12

set qsfp-low-power-mode disabled

end

Configuring physical port loopbacks

You can use the CLI to loop a physical port back on itself, either locally or remotely:

  • The local loopback is a physical-layer loopback. If the hardware does not support a physical-layer loopback, a MAC-address loopback is used instead.
  • The remote loopback is a physical-layer lineside loopback.

By default this feature is disabled.

To configure a physical port loopback:

config switch physical-port

edit <port_name>

set loopback {disable | local | remote}

next

end