Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Devices Managed by FortiOS

    Home FortiSwitch 7.0.8 Devices Managed by FortiOS
    7.0.8
    7.0.8
    7.0.4
    7.0.2
    7.0.1
    7.0.0
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0
    6.0.0
    3.6.3
    3.6.0
    3.5.4

    Voice device detection

    Voice device detection

    FortiSwitchOS is able to parse LLDP messages from voice devices such as FortiFone and pass this information to a FortiGate device for device detection. You can use a dynamic port policy to assign a device to an LLDP profile, QoS policy, and VLAN policy. When a detected device is matched to the dynamic port policy, the corresponding policy actions are applied on the switch port.

    In the following example, FortiFone is connected to port2 of the FortiSwitch unit. A dynamic port policy is created to apply a VLAN policy, LLDP policy, and QoS policy to the device family FortiFone.

    The following is a summary of the procedure:

    1. Use the FortiGate CLI to configure the VLAN policy, LLDP profile, and Quality of Service (QoS) policy. You can use the predefined voice-qos policy for QoS and the predefined fortivoice.fortilink profile for LLDP.
    2. Use the FortiGate GUI to configure a dynamic port policy to match the FortiFone device family with the actions from the assigned LLDP profile, QoS policy, and VLAN policy.
    3. Use the FortiGate GUI to assign the dynamic port policy to the FortiSwitch port.
    To create a dynamic port policy in the GUI and then assign it to a FortiSwitch port:
    1. Go to WiFi & Switch Controller > FortiSwitch Port Policies and click Dynamic Port Policies.
      1. Click Create New to create a dynamic port policy.
      2. In the Name field, enter FortiFone.

      3. Click Create new to create a dynamic port policy rule.
      4. In the Name field, enter FortiFone.
      5. Disable MAC address.
      6. Enable Device family and enter FortiFone.
      7. Enable LLDP profile and select a voice profile.
      8. Enable QoS policy and select a voice policy.
      9. Enable VLAN policy and select a voice policy.

      10. Click OK to save the dynamic port policy rule.

      11. Click OK to save the dynamic port policy.
    2. Go to WiFi & Switch Controller > FortiSwitch Ports.
    3. Right-click port2 and select Mode > Assign Port Policy.

    4. Click the pencil icon in the Port Policy column, select the FortiFone dynamic port policy, and then click Apply.

    5. Plug the FortiFone into port2 of the FortiSwitch unit.
    6. Go to Dashboard > Users & Devices and verify that the FortiFone is displayed in the FortiSwitch NAC VLANs pane.

    To configure voice device detection in the CLI:
    1. Use the FortiGate CLI to configure the VLAN policy, LLDP profile, and QoS policy.

      config switch-controller lldp-profile

      edit "fortivoice.fortilink"

      set med-tlvs inventory-management network-policy location-identification

      set auto-isl disable

      config med-network-policy

      edit "voice"

      set status enable

      set vlan-intf "voice"

      set assign-vlan enable

      set dscp 46

      next

      edit "voice-signaling"

      set status enable

      set vlan-intf "voice"

      set assign-vlan enable

      set dscp 46

      next

      edit "guest-voice"

      next

      edit "guest-voice-signaling"

      next

      edit "softphone-voice"

      next

      edit "video-conferencing"

      next

      edit "streaming-video"

      next

      edit "video-signaling"

      next

      end

      config med-location-service

      edit "coordinates"

      next

      edit "address-civic"

      next

      edit "elin-number"

      next

      end

      next

      end

      config switch-controller qos qos-policy

      edit "voice-qos"

      set trust-dot1p-map "voice-dot1p"

      set trust-ip-dscp-map "voice-dscp"

      set queue-policy "voice-egress"

      next

      end

      config switch-controller vlan-policy

      edit "fon"

      set fortilink "fortilink"

      set vlan "default_10"

      set allowed-vlans "quarantine" "voice"

      set untagged-vlans "quarantine"

      next

      end

    2. Configure a dynamic port policy to match the FortiFone device family with the actions from the assigned LLDP profile, QoS policy, and VLAN policy.

      config switch-controller dynamic-port-policy

      edit "FortiFone"

      set fortilink "fortilink"

      config policy

      edit "FortiFone"

      set family "FortiFone"

      set lldp-profile "fortivoice.fortilink"

      set qos-policy "voice-qos"

      set vlan-policy "fon"

      next

      end

      next

      end

    3. Assign the dynamic port policy to port2 of the FortiSwitch unit.

      config switch-controller managed-switch

      edit S108DVIJAK1VGG54

      config ports

      edit "port2"

      set vlan "default_10"

      set allowed-vlans "quarantine"

      set untagged-vlans "quarantine"

      set access-mode dynamic

      set port-policy "FortiFone"

      set export-to "root"

      set mac-addr 02:09:0f:00:2c:01

      next

      end

    4. The FortiSwitch unit receives an LLDP message from FortiFone after it is plugged into port2.
    5. Run the diagnose switch-controller mac-device dynamic command to check the device information on FortiGate device. The FortiFone is identified.

      FGT_Switch_Controller (root) # diagnose switch-controller mac-device dynamic 
Vdom: root
MAC                LAST-KNOWN-SWITCH  LAST-KNOWN-PORT    DYNAMIC-PORT-POLICY      POLICY             LAST-SEEN    COMMENTS
00:15:65:83:cb:16  S108DVIJAK1VGG54   port2              FortiFone                FortiFone          148          auto detected @ 2021-04-29 19:12:42

    Previous
    Next

    Voice device detection

    Voice device detection

    FortiSwitchOS is able to parse LLDP messages from voice devices such as FortiFone and pass this information to a FortiGate device for device detection. You can use a dynamic port policy to assign a device to an LLDP profile, QoS policy, and VLAN policy. When a detected device is matched to the dynamic port policy, the corresponding policy actions are applied on the switch port.

    In the following example, FortiFone is connected to port2 of the FortiSwitch unit. A dynamic port policy is created to apply a VLAN policy, LLDP policy, and QoS policy to the device family FortiFone.

    The following is a summary of the procedure:

    1. Use the FortiGate CLI to configure the VLAN policy, LLDP profile, and Quality of Service (QoS) policy. You can use the predefined voice-qos policy for QoS and the predefined fortivoice.fortilink profile for LLDP.
    2. Use the FortiGate GUI to configure a dynamic port policy to match the FortiFone device family with the actions from the assigned LLDP profile, QoS policy, and VLAN policy.
    3. Use the FortiGate GUI to assign the dynamic port policy to the FortiSwitch port.
    To create a dynamic port policy in the GUI and then assign it to a FortiSwitch port:
    1. Go to WiFi & Switch Controller > FortiSwitch Port Policies and click Dynamic Port Policies.
      1. Click Create New to create a dynamic port policy.
      2. In the Name field, enter FortiFone.

      3. Click Create new to create a dynamic port policy rule.
      4. In the Name field, enter FortiFone.
      5. Disable MAC address.
      6. Enable Device family and enter FortiFone.
      7. Enable LLDP profile and select a voice profile.
      8. Enable QoS policy and select a voice policy.
      9. Enable VLAN policy and select a voice policy.

      10. Click OK to save the dynamic port policy rule.

      11. Click OK to save the dynamic port policy.
    2. Go to WiFi & Switch Controller > FortiSwitch Ports.
    3. Right-click port2 and select Mode > Assign Port Policy.

    4. Click the pencil icon in the Port Policy column, select the FortiFone dynamic port policy, and then click Apply.

    5. Plug the FortiFone into port2 of the FortiSwitch unit.
    6. Go to Dashboard > Users & Devices and verify that the FortiFone is displayed in the FortiSwitch NAC VLANs pane.

    To configure voice device detection in the CLI:
    1. Use the FortiGate CLI to configure the VLAN policy, LLDP profile, and QoS policy.

      config switch-controller lldp-profile

      edit "fortivoice.fortilink"

      set med-tlvs inventory-management network-policy location-identification

      set auto-isl disable

      config med-network-policy

      edit "voice"

      set status enable

      set vlan-intf "voice"

      set assign-vlan enable

      set dscp 46

      next

      edit "voice-signaling"

      set status enable

      set vlan-intf "voice"

      set assign-vlan enable

      set dscp 46

      next

      edit "guest-voice"

      next

      edit "guest-voice-signaling"

      next

      edit "softphone-voice"

      next

      edit "video-conferencing"

      next

      edit "streaming-video"

      next

      edit "video-signaling"

      next

      end

      config med-location-service

      edit "coordinates"

      next

      edit "address-civic"

      next

      edit "elin-number"

      next

      end

      next

      end

      config switch-controller qos qos-policy

      edit "voice-qos"

      set trust-dot1p-map "voice-dot1p"

      set trust-ip-dscp-map "voice-dscp"

      set queue-policy "voice-egress"

      next

      end

      config switch-controller vlan-policy

      edit "fon"

      set fortilink "fortilink"

      set vlan "default_10"

      set allowed-vlans "quarantine" "voice"

      set untagged-vlans "quarantine"

      next

      end

    2. Configure a dynamic port policy to match the FortiFone device family with the actions from the assigned LLDP profile, QoS policy, and VLAN policy.

      config switch-controller dynamic-port-policy

      edit "FortiFone"

      set fortilink "fortilink"

      config policy

      edit "FortiFone"

      set family "FortiFone"

      set lldp-profile "fortivoice.fortilink"

      set qos-policy "voice-qos"

      set vlan-policy "fon"

      next

      end

      next

      end

    3. Assign the dynamic port policy to port2 of the FortiSwitch unit.

      config switch-controller managed-switch

      edit S108DVIJAK1VGG54

      config ports

      edit "port2"

      set vlan "default_10"

      set allowed-vlans "quarantine"

      set untagged-vlans "quarantine"

      set access-mode dynamic

      set port-policy "FortiFone"

      set export-to "root"

      set mac-addr 02:09:0f:00:2c:01

      next

      end

    4. The FortiSwitch unit receives an LLDP message from FortiFone after it is plugged into port2.
    5. Run the diagnose switch-controller mac-device dynamic command to check the device information on FortiGate device. The FortiFone is identified.

      FGT_Switch_Controller (root) # diagnose switch-controller mac-device dynamic 
Vdom: root
MAC                LAST-KNOWN-SWITCH  LAST-KNOWN-PORT    DYNAMIC-PORT-POLICY      POLICY             LAST-SEEN    COMMENTS
00:15:65:83:cb:16  S108DVIJAK1VGG54   port2              FortiFone                FortiFone          148          auto detected @ 2021-04-29 19:12:42

    Previous
    Next