Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.2.7 Administration Guide
    7.2.7
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Configuration notes

    Configuration notes

    Review the following notes before configuring LLDP-MED:

    • When 802.1X and LLDP turn on at the same port, switching between LLDP profiles requires a manual reset of all authentication sessions.
    • Fortinet recommends LLDP-MED-capable phones.
    • The FortiSwitch unit functions as a Network Connectivity device (that is, NIC, switch, router, and gateway), and will only support sending TLVs intended for Network Connectivity devices.
    • LLDP supports up to 16 neighbors per physical port.
    • The FortiSwitch unit accepts and parses packets using the CDP (Cisco Discovery Protocol) and count CDP neighbors towards the neighbor limit on a physical port. If neighbors exist, the FortiSwitch unit transmits CDP packets in addition to LLDP.
    • With release 3.5.1, CDP is independently controllable through the set cdp-status command on the physical port. The FortiSwitch unit no longer requires a neighbor to trigger it to transmit CDP; it will transmit provided cdp-status is configured as tx-only or tx-rx. The default configuration for CDP-status is disabled. It still uses values pulled from the lldp-profile to configure its contents.
    • LLDP must be globally enabled under the config switch lldp settings command for CDP to be transmitted or received:
    • If a port is added into a virtual-wire (connects two ends of a controlled system using a radio frequency [RF] medium), the FortiSwitch unit will disable the transmission and receipt of LLDP and CDP packets and remove all neighbors from the port. This virtual-wire state is noted in the get switch lldp neighbor-summary command output.
    • If the combination of configured TLVs exceeds the maximum frame size on a port, that frame cannot be sent.
    • If a port is configured with an LLDP profile that has auto-isl enabled, the LLDP transmit frequency (normally set under config switch lldp settings with the set tx-interval command) for that port is overridden by the profileʼs auto-isl-hello-timer setting (the default is 3 seconds).
    • When the switch is in FortLink mode, all ports are changed to have profiles with auto-isl enabled by default, and the portsʼ normal transmit interval is overridden by the auto-isl-hello-timer setting in that profile (the default is 3 seconds).
    • The default-auto-isl LLDP profile, which is one of the two default LLDP profiles, has auto-isl enabled. Any port configured with the default-auto-isl profile will transmit LLDP PDUs every 3 seconds when the auto-isl-hello-timer option in that profile is set at the default of 3 seconds.
    • The Time to Live (TTL) value sent in the LLDP PDUs is still based on the tx-interval and tx-hold values under config switch lldp settings, even if the transmit interval has been overridden by the auto-isl-hello-timer setting.
    Previous
    Next

    Configuration notes

    Configuration notes

    Review the following notes before configuring LLDP-MED:

    • When 802.1X and LLDP turn on at the same port, switching between LLDP profiles requires a manual reset of all authentication sessions.
    • Fortinet recommends LLDP-MED-capable phones.
    • The FortiSwitch unit functions as a Network Connectivity device (that is, NIC, switch, router, and gateway), and will only support sending TLVs intended for Network Connectivity devices.
    • LLDP supports up to 16 neighbors per physical port.
    • The FortiSwitch unit accepts and parses packets using the CDP (Cisco Discovery Protocol) and count CDP neighbors towards the neighbor limit on a physical port. If neighbors exist, the FortiSwitch unit transmits CDP packets in addition to LLDP.
    • With release 3.5.1, CDP is independently controllable through the set cdp-status command on the physical port. The FortiSwitch unit no longer requires a neighbor to trigger it to transmit CDP; it will transmit provided cdp-status is configured as tx-only or tx-rx. The default configuration for CDP-status is disabled. It still uses values pulled from the lldp-profile to configure its contents.
    • LLDP must be globally enabled under the config switch lldp settings command for CDP to be transmitted or received:
    • If a port is added into a virtual-wire (connects two ends of a controlled system using a radio frequency [RF] medium), the FortiSwitch unit will disable the transmission and receipt of LLDP and CDP packets and remove all neighbors from the port. This virtual-wire state is noted in the get switch lldp neighbor-summary command output.
    • If the combination of configured TLVs exceeds the maximum frame size on a port, that frame cannot be sent.
    • If a port is configured with an LLDP profile that has auto-isl enabled, the LLDP transmit frequency (normally set under config switch lldp settings with the set tx-interval command) for that port is overridden by the profileʼs auto-isl-hello-timer setting (the default is 3 seconds).
    • When the switch is in FortLink mode, all ports are changed to have profiles with auto-isl enabled by default, and the portsʼ normal transmit interval is overridden by the auto-isl-hello-timer setting in that profile (the default is 3 seconds).
    • The default-auto-isl LLDP profile, which is one of the two default LLDP profiles, has auto-isl enabled. Any port configured with the default-auto-isl profile will transmit LLDP PDUs every 3 seconds when the auto-isl-hello-timer option in that profile is set at the default of 3 seconds.
    • The Time to Live (TTL) value sent in the LLDP PDUs is still based on the tx-interval and tx-hold values under config switch lldp settings, even if the transmit interval has been overridden by the auto-isl-hello-timer setting.
    Previous
    Next