Skip to main content
lk777
lk777
Visitor III
March 23, 2023
Question

FortiSwitch LLDP-MED profile DSCP marking problem

  • March 23, 2023
  • 1 reply
  • 2667 views

FortiSwitch 108E

Standalone mode

v. 7.2.3


I have created a LLDP-MED profile "Phone-LLDP" with MED TLVs:

VLAN 100

DSCP 46

for Voice and Voice Signaling.

And enabled LLDP on a physical port TX/RX with the "Phone-LLDP" profile.


Packet capture on both ends of the VoIP traffic (3CX PBX and Fanvil IP phone) confirms that DSCP 46 has not been applied.

VLAN assignment works.


Any ideas?


Thanks.

1 reply

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 23, 2023

First thing you need to do is to capture LLDP L2 frames between the FSW and the end device on both directions.
Below is one of Cisco switch's description but I think FSW's default behavior is the same.

"By default, the switch only sends LLDP packets until it receives LLDP-MED packets from the end device. It will then send LLDP packets with MED TLVs as well. When the LLDP-MED entry has been aged out, it only sends LLDP packets again. " I quoted from below:
https://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/trash/swlldp.html

To capture them you might need to set SPAN to mirror all frames/packets sent/received at the port to another port and run Wireshark on a machine hooked up at the mirror port. You can use a filter output with just "lldp".

I recently did that with an 224D and verified LLDP frames that contain the network-policy TLV I configured (vlan, dscp, cos priority) came out after my Polycom phone came up and sent out its LLDP frames to the FSW.

 

Toshi

lk777
lk777Author
Visitor III
March 23, 2023

Hi @Toshi_Esumi ,

 

Thank you for this detailed information. This is my first experience with LLDP-MED. If I understand it correctly, LLDP MED Network Policy doesn't do any traffic shaping on its own but rather instructs LLDP media end point to follow these policy, like VLAN, priority and DSCP.

Is this correct?

If I do not see any changes related to the DSCP on the IP phone (packet capture) I can assume that the phone just doesn't understand this DSCP part of the network policy, but complies with the VLAN part of it.

Is my understanding correct?

 

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 23, 2023

My understanding is the same as yours. It's just providing information to a device connected to the port. My guess was the FWS was sending LLDP-MED exactly what you configured, but the device is ignoring some of them whatever the reason is. When you sniff the LLDP frames you should be able to determine if that's the fact, or it's a bug of the FSW software missing some part of your config.

Terms & ConditionsAccessibility statement