Troubleshooting Tip: Lockdown LLDP Profile error for FortiSwitch under Security Rating on FortiGate GUI
| Description | This article describes how to avoid the 'Lockdown LLDP Profile' error for FortiSwitch under Security Rating on FortiGate GUI. |
| Scope | FortiSwitch, FortiGate. |
| Solution | In the Security Rating section of the FortiGate GUI, an error or warning appears related to Lockdown LLDP Profile for FortiSwitch. This occurs when LLDP (Link Layer Discovery Protocol) profiles are not properly restricted, which may expose the network to accidental growth in network topology.
By default, the lldp-profile 'default-auto-isl' on all the ports. Make sure to change the profile to 'default profile' on all the edge ports.
config switch-controller managed-switch edit S248EFXXXXXX config ports (ports) # edit port3 (port3) # sh full
Once this change is done, the security rating will be set to 'passed'.
This can be achieved with the following command on FortiGate:
diagnose switch-controller switch-recommendation lock-down-topo-lldp-profile <fortilink interface name> <Serial number of the FortiSwitch>
Related article: Technical Tip: Enable lock-down-topo-lldp-profile on managed FortiSwitches |
