Fortinet black logo

Administration Guide

Configuration notes

Copy Link
Copy Doc ID 2d1d802e-71d2-11ed-8e6d-fa163e15d75b:585563
Download PDF

Configuration notes

Review the following notes before configuring LLDP-MED:

  • When 802.1X and LLDP turn on at the same port, switching between LLDP profiles requires a manual reset of all authentication sessions.
  • Fortinet recommends LLDP-MED-capable phones.
  • The FortiSwitch unit functions as a Network Connectivity device (that is, NIC, switch, router, and gateway), and will only support sending TLVs intended for Network Connectivity devices.
  • LLDP supports up to 16 neighbors per physical port.
  • The FortiSwitch unit accepts and parses packets using the CDP (Cisco Discovery Protocol) and count CDP neighbors towards the neighbor limit on a physical port. If neighbors exist, the FortiSwitch unit transmits CDP packets in addition to LLDP.
  • With release 3.5.1, CDP is independently controllable through the set cdp-status command on the physical port. The FortiSwitch unit no longer requires a neighbor to trigger it to transmit CDP; it will transmit provided cdp-status is configured as tx-only or tx-rx. The default configuration for CDP-status is disabled. It still uses values pulled from the lldp-profile to configure its contents.
  • LLDP must be globally enabled under the config switch lldp settings command for CDP to be transmitted or received:
  • If a port is added into a virtual-wire (connects two ends of a controlled system using a radio frequency [RF] medium), the FortiSwitch unit will disable the transmission and receipt of LLDP and CDP packets and remove all neighbors from the port. This virtual-wire state is noted in the get switch lldp neighbor-summary command output.
  • If the combination of configured TLVs exceeds the maximum frame size on a port, that frame cannot be sent.
  • If a port is configured with an LLDP profile that has auto-isl enabled, the LLDP transmit frequency (normally set under config switch lldp settings with the set tx-interval command) for that port is overridden by the profileʼs auto-isl-hello-timer setting (the default is 3 seconds).
  • When the switch is in FortLink mode, all ports are changed to have profiles with auto-isl enabled by default, and the portsʼ normal transmit interval is overridden by the auto-isl-hello-timer setting in that profile (the default is 3 seconds).
  • The default-auto-isl LLDP profile, which is one of the two default LLDP profiles, has auto-isl enabled. Any port configured with the default-auto-isl profile will transmit LLDP PDUs every 3 seconds when the auto-isl-hello-timer option in that profile is set at the default of 3 seconds.
  • The Time to Live (TTL) value sent in the LLDP PDUs is still based on the tx-interval and tx-hold values under config switch lldp settings, even if the transmit interval has been overridden by the auto-isl-hello-timer setting.

Configuration notes

Review the following notes before configuring LLDP-MED:

  • When 802.1X and LLDP turn on at the same port, switching between LLDP profiles requires a manual reset of all authentication sessions.
  • Fortinet recommends LLDP-MED-capable phones.
  • The FortiSwitch unit functions as a Network Connectivity device (that is, NIC, switch, router, and gateway), and will only support sending TLVs intended for Network Connectivity devices.
  • LLDP supports up to 16 neighbors per physical port.
  • The FortiSwitch unit accepts and parses packets using the CDP (Cisco Discovery Protocol) and count CDP neighbors towards the neighbor limit on a physical port. If neighbors exist, the FortiSwitch unit transmits CDP packets in addition to LLDP.
  • With release 3.5.1, CDP is independently controllable through the set cdp-status command on the physical port. The FortiSwitch unit no longer requires a neighbor to trigger it to transmit CDP; it will transmit provided cdp-status is configured as tx-only or tx-rx. The default configuration for CDP-status is disabled. It still uses values pulled from the lldp-profile to configure its contents.
  • LLDP must be globally enabled under the config switch lldp settings command for CDP to be transmitted or received:
  • If a port is added into a virtual-wire (connects two ends of a controlled system using a radio frequency [RF] medium), the FortiSwitch unit will disable the transmission and receipt of LLDP and CDP packets and remove all neighbors from the port. This virtual-wire state is noted in the get switch lldp neighbor-summary command output.
  • If the combination of configured TLVs exceeds the maximum frame size on a port, that frame cannot be sent.
  • If a port is configured with an LLDP profile that has auto-isl enabled, the LLDP transmit frequency (normally set under config switch lldp settings with the set tx-interval command) for that port is overridden by the profileʼs auto-isl-hello-timer setting (the default is 3 seconds).
  • When the switch is in FortLink mode, all ports are changed to have profiles with auto-isl enabled by default, and the portsʼ normal transmit interval is overridden by the auto-isl-hello-timer setting in that profile (the default is 3 seconds).
  • The default-auto-isl LLDP profile, which is one of the two default LLDP profiles, has auto-isl enabled. Any port configured with the default-auto-isl profile will transmit LLDP PDUs every 3 seconds when the auto-isl-hello-timer option in that profile is set at the default of 3 seconds.
  • The Time to Live (TTL) value sent in the LLDP PDUs is still based on the tx-interval and tx-hold values under config switch lldp settings, even if the transmit interval has been overridden by the auto-isl-hello-timer setting.