Configuring LLDP-MED settings
Starting in FortiOS 6.4.0 and FortiSwitchOS 6.4.0, LLDP neighbor devices are dynamically detected. By default, this feature is enabled in FortiOS but disabled in managed FortiSwitch units. Dynamic detection must be enabled in both FortiOS and FortiSwitchOS for this feature to work.
This section covers the following topics:
- Creating LLDP asset tags for each managed FortiSwitch
- Adding media endpoint discovery (MED) to an LLDP configuration
- Displaying LLDP information
- Configuring the LLDP settings
To configure LLDP profiles in FortiOS:
config switch-controller lldp-profile
edit <profile_name>
set med-tlvs (inventory-management | network-policy | power-management | location-identification)
set 802.1-tlvs port-vlan-id
set 802.3-tlvs {max-frame-size | power-negotiation}
set auto-isl {enable | disable}
set auto-isl-hello-timer <1-30>
set auto-isl-port-group <0-9>
set auto-isl-receive-timeout <3-90>
config med-network-policy
edit {guest-voice | guest-voice-signaling | softphone-voice | streaming-video | video-conferencing | video-signaling | voice | voice-signaling}
set status {enable | disable}
set vlan-intf <string>
set priority <0-7>
set dscp <0-63>
next
end
config med-location-service
edit {address-civic | coordinates | elin-number}
set status {enable | disable}
set sys-location-id <string>
next
end
config-tlvs
edit <TLV_name>
set oui <hexadecimal_number>
set subtype <0-255>
set information-string <0-507>
next
end
next
end
| Variable | Description |
| <profile_name> | Enable or disable |
| med-tlvs (inventory-management | network-policy | power-management | location-identification) | Select which LLDP-MED type-length-value descriptions (TLVs) to transmit: inventory-managment TLVs, network-policy TLVs, power-management TLVs for PoE, and location-identification TLVs. You can select one or more option. Separate multiple options with a space. |
| 802.1-tlvs port-vlan-id | Transmit the IEEE 802.1 port native-VLAN TLV. |
| 802.3-tlvs {max-frame-size | power-negotiation} | Select whether to transmit the IEEE 802.3 maximum frame size TLV, the power-negotiation TLV for PoE, or both. Separate multiple options with a space. |
| auto-isl {enable | disable} | Enable or disable the automatic inter-switch LAG. |
|
auto-isl-hello-timer <1-30> |
If you enabled auto-isl, you can set the number of seconds for the automatic inter-switch LAG hello timer. The default value is 3 seconds. |
|
auto-isl-port-group <0-9> |
If you enabled auto-isl, you can set the automatic inter-switch LAG port group identifier. |
|
auto-isl-receive-timeout <3-90> |
If you enabled auto-isl, you can set the number of seconds before the automatic inter-switch LAG times out if no response is received. The default value is 9 seconds. |
|
config med-network-policy |
|
|
{guest-voice | guest-voice-signaling | softphone-voice | streaming-video | video-conferencing | video-signaling | voice | voice-signaling} |
Select which Media Endpoint Discovery (MED) network policy type-length-value (TLV) category to edit. |
|
status {enable | disable} |
Enable or disable whether this TLV is transmitted. |
|
vlan-intf <string> |
If you enabled the status, you can enter the VLAN interface to advertise. The maximum length is 15 characters. |
|
priority <0-7> |
If you enabled the status, you can enter the advertised Layer-2 priority. Set to 7 for the highest priority. |
|
dscp <0-63> |
If you enabled the status, you can enter the advertised Differentiated Services Code Point (DSCP) value to indicate the level of service requested for the traffic. |
|
config med-location-service |
|
|
{address-civic | coordinates | elin-number} |
Select which Media Endpoint Discovery (MED) location type-length-value (TLV) category to edit. |
|
status {enable | disable} |
Enable or disable whether this TLV is transmitted. |
|
sys-location-id <string> |
If you enabled the status, you can enter the location service identifier. The maximum length is 63 characters. |
|
config-tlvs |
|
|
<TLV_name> |
Enter the name of a custom TLV entry. |
|
oui <hexadecimal_number> |
Ener the organizationally unique identifier (OUI), a 3-byte hexadecimal number, for this TLV. |
|
subtype <0-255> |
Enter the organizationally defined subtype. |
|
information-string <0-507> |
Enter the organizationally defined information string in hexadecimal bytes. |
To configure LLDP settings in FortiOS:
config switch-controller lldp-settings
set tx-hold <int>
set tx-interval <int>
set fast-start-interval <int>
set management-interface {internal | management}
set device-detection {enable | disable}
end
| Variable | Description |
| tx-hold | Number of tx-intervals before the local LLDP data expires. Therefore, the packet TTL (in seconds) is tx-hold times tx-interval. The range for tx-hold is 1 to 16, and the default value is 4. |
| tx-interval | How often the FortiSwitch transmits the LLDP PDU. The range is 5 to 4095 seconds, and the default is 30 seconds. |
| fast-start-interval | How often the FortiSwitch transmits the first 4 LLDP packets when a link comes up. The range is 2 to 5 seconds, and the default is 2 seconds. Set this variable to zero to disable fast start. |
| management-interface | Primary management interface to be advertised in LLDP and CDP PDUs. |
|
device-detection {enable | disable} |
Enable or disable whether LLDP neighbor devices are dynamically detected. By default, this setting is disabled. |
To configure dynamic detection of LLDP neighbor devices in FortiSwitchOS:
config switch lldp settings
set device-detection enable
end
Creating LLDP asset tags for each managed FortiSwitch
You can use the following commands to add an LLDP asset tag for a managed FortiSwitch:
config switch-controller managed-switch
edit <FortiSwitch_serial_number>
set switch-device-tag <string>
end
Adding media endpoint discovery (MED) to an LLDP configuration
You can use the following commands to add media endpoint discovery (MED) features to an LLDP profile:
config switch-controller lldp-profile
edit <lldp-profle>
config med-network-policy
edit guest-voice
set status {disable | enable}
next
edit guest-voice-signaling
set status {disable | enable}
next
edit guest-voice-signaling
set status {disable | enable}
next
edit softphone-voice
set status {disable | enable}
next
edit streaming-video
set status {disable | enable}
next
edit video-conferencing
set status {disable | enable}
next
edit video-signaling
set status {disable | enable}
next
edit voice
set status {disable | enable}
next
edit voice-signaling
set status {disable | enable}
end
config custom-tlvs
edit <name>
set oui <identifier>
set subtype <subtype>
set information-string <string>
end
end
Displaying LLDP information
You can use the following commands to display LLDP information:
diagnose switch-controller switch-info lldp stats <switch> <port>
diagnose switch-controller switch-info lldp neighbors-summary <switch>
diagnose switch-controller switch-info lldp neighbors-detail <switch>
Configuring the LLDP settings
The Fortinet data center switches support the Link Layer Discovery Protocol (LLDP) for transmission and reception wherein the switch will multicast LLDP packets to advertise its identity and capabilities. A switch receives the equivalent information from adjacent layer-2 peers.
Starting in FortiOS 6.4.3, you can also configure the lldp-status and lldp-profile settings of a virtual switch port in a tenant VDOM. NOTE: The auto-isl setting in config switch-controller lldp-profile is ignored, and the setting remains disabled for the tenantʼs ports.
Use the following commands to configure LLDP on a FortiSwitch port:
config switch-controller managed-switch
edit <FortiSwitch_serial_number>
config ports
edit <port_name>
set lldp-status {rx-only | tx-only | tx-rx | disable}
set lldp-profile <profile_name>
end
end
For example:
config switch-controller managed-switch
edit S524DF4K15000024
config ports
edit port2
set lldp-status tx-rx
set lldp-profile default
end
end
Use the following commands to configure LLDP on a virtual FortiSwitch port in a tenant VDOM:
config vdom
edit <VDOM_name>
config switch-controller managed-switch
edit <FortiSwitch_serial_number>
config ports
edit <port_name>
set lldp-status {rx-only | tx-only | tx-rx | disable}
set lldp-profile <profile_name>
next
end
end
end
For example:
config vdom
edit VDOM_1
config switch-controller managed-switch
edit "S424ENTF19000007"
config ports
edit port28
set lldp-status tx-rx
set lldp-profile lldpprofile1
next
end
end
end