Fortiswitch and Cisco phones + PC

Hello edwina, 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Hello,

We are still looking for an answer to your question.

We will come back to you ASAP.

Hello again edwina,

To configure a FortiSwitch to recognize both a Cisco phone and a PC on different VLANs, you need to ensure that the LLDP-MED (Link Layer Discovery Protocol - Media Endpoint Discovery) is properly configured to assign the correct VLANs to each device. Here are the steps you should follow:

Configuration Steps

1. Create LLDP Profile:

   • Ensure you have an LLDP profile configured for the voice VLAN. This profile should include the necessary MED network policies to assign the voice VLAN to the phone.
     
     

   config switch-controller lldp-profile edit "Phone" set med-tlvs inventory-management network-policy location-identification config med-network-policy edit "voice" set status enable set vlan-intf "VOICE-VLAN" set assign-vlan enable set dscp 46 next end 

2. Assign LLDP Profile to Switch Port: Assign the LLDP profile to the port where the phone and PC are connected. Ensure that LLDP is enabled for both transmission and reception.
   
   

1. config switch-controller managed-switch edit <SWITCH SERIAL NUMBER> config ports edit "port#" set vlan "DATA-VLAN" set allowed-vlans "VOICE-VLAN" set lldp-profile "Phone" set lldp-status tx-rx next end 

2. Configure Port Security and VLANs:

   • Ensure that the port security settings allow for both devices to be recognized and that the VLANs are correctly assigned.
     
     

   config switch interface edit "port#" set native-vlan 200 set allowed-vlans 100 200 set untagged-vlans 200 set security-groups "CISEGRP" set snmp-index 1 config port-security set mac-auth-bypass disable set eap-auto-untagged-vlans disable set port-security-mode 802.1X-mac-based end next end

Additional Considerations

• 802.1X Authentication: If you are using 802.1X authentication, ensure that the RADIUS server is configured to dynamically assign VLANs based on the device type.
• Device Detection: Make sure that the FortiSwitch is capable of detecting the devices correctly. This might involve configuring dynamic port policies to match device types and apply the correct VLANs.

Follow-ups and Clarification Questions

• Have you verified that the LLDP-MED settings on the Cisco phone are compatible with the FortiSwitch configuration?
• Is the PC behind the phone, and if so, is the phone configured to pass through the correct VLAN tags?
• Are there any specific error messages or logs that indicate why the devices are not being recognized on the correct VLANs?

If you have further questions or need additional assistance, please provide more details about your current configuration and any error messages you are encountering.