Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiLink Guide

    Home FortiSwitch 7.6.0 FortiLink Guide
    7.6.0
    7.6.0
    7.4.5
    7.4.4
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.6
    7.2.4
    7.2.1
    7.2.0

    Configuring QoS with managed FortiSwitch units

    Configuring QoS with managed FortiSwitch units

    Quality of Service (QoS) provides the ability to set particular priorities for different applications, users, or data flows.

    Note

    • The FortiGate unit does not support QoS for hard or soft switch ports.

    • The FS-1xxE and FS-1xxF models support a single QoS map. If there is more than one QoS map, the first configured map is used.

    The FortiSwitch unit supports the following QoS configuration capabilities:

    • Mapping the IEEE 802.1p and Layer 3 QoS values (Differentiated Services and IP Precedence) to an outbound QoS queue number.
    • Providing eight egress queues on each port.
    • Policing the maximum data rate of egress traffic on the interface.
    • If you select weighted-random-early-detection for the drop-policy, you can enable explicit congestion notification (ECN) marking to indicate that congestion is occurring without just dropping packets.
    To configure the QoS for managed FortiSwitch units:
    1. Configure a Dot1p map.

      A Dot1p map defines a mapping between IEEE 802.1p class of service (CoS) values (from incoming packets on a trusted interface) and the egress queue values. Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.

      NOTE: Do not enable trust for both Dot1p and DSCP at the same time on the same interface. If you do want to trust both Dot1p and IP-DSCP, the FortiSwitch uses the latter value (DSCP) to determine the queue. The switch will use the Dot1p value and mapping only if the packet contains no DSCP value.

      config switch-controller qos dot1p-map

      edit <Dot1p map name>

      set description <text>

      set priority-0 <queue number>

      set priority-1 <queue number>

      set priority-2 <queue number>

      set priority-3 <queue number>

      set priority-4 <queue number>

      set priority-5 <queue number>

      set priority-6 <queue number>

      set priority-7 <queue number>

      next

      end

    2. Configure a DSCP map. A DSCP map defines a mapping between IP precedence or DSCP values and the egress queue values. For IP precedence, you have the following choices:
      • network-control—Network control
      • internetwork-control—Internetwork control
      • critic-ecp—Critic and emergency call processing (ECP)
      • flashoverride—Flash override
      • flash—Flash
      • immediate—Immediate
      • priority—Priority
      • routine—Routine

      config switch-controller qos ip-dscp-map

      edit <DSCP map name>

      set description <text>

      configure map <map_name>

      edit <entry name>

      set cos-queue <COS queue number>

      set diffserv {CS0 | CS1 | AF11 | AF12 | AF13 | CS2 | AF21 | AF22 | AF23 | CS3 | AF31 | AF32 | AF33 | CS4 | AF41 | AF42 | AF43 | CS5 | EF | CS6 | CS7}

      set ip-precedence {network-control | internetwork-control | critic-ecp | flashoverride | flash | immediate | priority | routine}

      set value <DSCP raw value>

      next

      end

      end

    3. Configure the egress QoS policy. In a QoS policy, you set the scheduling mode for the policy and configure one or more CoS queues. Each egress port supports eight queues, and three scheduling modes are available:
      • With strict scheduling, the queues are served in descending order (of queue number), so higher number queues receive higher priority.
      • In simple round-robin mode, the scheduler visits each backlogged queue, servicing a single packet from each queue before moving on to the next one.
      • In weighted round-robin mode, each of the eight egress queues is assigned a weight value ranging from 0 to 63.

      config switch-controller qos queue-policy

      edit <QoS egress policy name>

      set schedule {strict | round-robin | weighted}

      config cos-queue

      edit queue-<number>

      set description <text>

      set min-rate <rate in kbps>

      set max-rate <rate in kbps>

      set drop-policy {taildrop | weighted-random-early-detection}

      set ecn {enable | disable}

      set weight <weight value>

      next

      end

      next

      end

    4. Configure the overall policy that will be applied to the switch ports.

      config switch-controller qos qos-policy

      edit <QoS egress policy name>

      set default-cos <default CoS value 0-7>

      set trust-dot1p-map <Dot1p map name>

      set trust-ip-dscp-map <DSCP map name>

      set queue-policy <queue policy name>

      next

      end

    5. Configure each switch port.

      config switch-controller managed-switch

      edit <switch-id>

      config ports

      edit <port>

      set qos-policy <CoS policy>

      next

      end

      next

      end

    6. Check the QoS statistics on each switch port.

      diagnose switch-controller switch-info qos-stats <FortiSwitch_serial_number> <port_name>

    Note

    For QoS commands to be successfully executed, the feature must be supported by the FortiSwitch unit. Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.
    Previous
    Next

    Configuring QoS with managed FortiSwitch units

    Configuring QoS with managed FortiSwitch units

    Quality of Service (QoS) provides the ability to set particular priorities for different applications, users, or data flows.

    Note

    • The FortiGate unit does not support QoS for hard or soft switch ports.

    • The FS-1xxE and FS-1xxF models support a single QoS map. If there is more than one QoS map, the first configured map is used.

    The FortiSwitch unit supports the following QoS configuration capabilities:

    • Mapping the IEEE 802.1p and Layer 3 QoS values (Differentiated Services and IP Precedence) to an outbound QoS queue number.
    • Providing eight egress queues on each port.
    • Policing the maximum data rate of egress traffic on the interface.
    • If you select weighted-random-early-detection for the drop-policy, you can enable explicit congestion notification (ECN) marking to indicate that congestion is occurring without just dropping packets.
    To configure the QoS for managed FortiSwitch units:
    1. Configure a Dot1p map.

      A Dot1p map defines a mapping between IEEE 802.1p class of service (CoS) values (from incoming packets on a trusted interface) and the egress queue values. Values that are not explicitly included in the map will follow the default mapping, which maps each priority (0-7) to queue 0. If an incoming packet contains no CoS value, the switch assigns a CoS value of zero.

      NOTE: Do not enable trust for both Dot1p and DSCP at the same time on the same interface. If you do want to trust both Dot1p and IP-DSCP, the FortiSwitch uses the latter value (DSCP) to determine the queue. The switch will use the Dot1p value and mapping only if the packet contains no DSCP value.

      config switch-controller qos dot1p-map

      edit <Dot1p map name>

      set description <text>

      set priority-0 <queue number>

      set priority-1 <queue number>

      set priority-2 <queue number>

      set priority-3 <queue number>

      set priority-4 <queue number>

      set priority-5 <queue number>

      set priority-6 <queue number>

      set priority-7 <queue number>

      next

      end

    2. Configure a DSCP map. A DSCP map defines a mapping between IP precedence or DSCP values and the egress queue values. For IP precedence, you have the following choices:
      • network-control—Network control
      • internetwork-control—Internetwork control
      • critic-ecp—Critic and emergency call processing (ECP)
      • flashoverride—Flash override
      • flash—Flash
      • immediate—Immediate
      • priority—Priority
      • routine—Routine

      config switch-controller qos ip-dscp-map

      edit <DSCP map name>

      set description <text>

      configure map <map_name>

      edit <entry name>

      set cos-queue <COS queue number>

      set diffserv {CS0 | CS1 | AF11 | AF12 | AF13 | CS2 | AF21 | AF22 | AF23 | CS3 | AF31 | AF32 | AF33 | CS4 | AF41 | AF42 | AF43 | CS5 | EF | CS6 | CS7}

      set ip-precedence {network-control | internetwork-control | critic-ecp | flashoverride | flash | immediate | priority | routine}

      set value <DSCP raw value>

      next

      end

      end

    3. Configure the egress QoS policy. In a QoS policy, you set the scheduling mode for the policy and configure one or more CoS queues. Each egress port supports eight queues, and three scheduling modes are available:
      • With strict scheduling, the queues are served in descending order (of queue number), so higher number queues receive higher priority.
      • In simple round-robin mode, the scheduler visits each backlogged queue, servicing a single packet from each queue before moving on to the next one.
      • In weighted round-robin mode, each of the eight egress queues is assigned a weight value ranging from 0 to 63.

      config switch-controller qos queue-policy

      edit <QoS egress policy name>

      set schedule {strict | round-robin | weighted}

      config cos-queue

      edit queue-<number>

      set description <text>

      set min-rate <rate in kbps>

      set max-rate <rate in kbps>

      set drop-policy {taildrop | weighted-random-early-detection}

      set ecn {enable | disable}

      set weight <weight value>

      next

      end

      next

      end

    4. Configure the overall policy that will be applied to the switch ports.

      config switch-controller qos qos-policy

      edit <QoS egress policy name>

      set default-cos <default CoS value 0-7>

      set trust-dot1p-map <Dot1p map name>

      set trust-ip-dscp-map <DSCP map name>

      set queue-policy <queue policy name>

      next

      end

    5. Configure each switch port.

      config switch-controller managed-switch

      edit <switch-id>

      config ports

      edit <port>

      set qos-policy <CoS policy>

      next

      end

      next

      end

    6. Check the QoS statistics on each switch port.

      diagnose switch-controller switch-info qos-stats <FortiSwitch_serial_number> <port_name>

    Note

    For QoS commands to be successfully executed, the feature must be supported by the FortiSwitch unit. Refer to the FortiSwitch feature matrix for details about the features supported by each FortiSwitch model.
    Previous
    Next