Skip to main content
TechConnect_JC
TechConnect_JC
New Member
June 4, 2018
Question

Set FortiSwitch Interface Speed/Duplex

  • June 4, 2018
  • 1 reply
  • 29042 views

It is often considered best-practice to disable interface auto-negotiation and manually set the speed/duplex to 1000/Full on both the server and network infrastructure.

 

I have a FortiSwitch 180D PoE, running 3.6.6, being managed by a FortiGate via FortiLink.

 

I am unable to find the setting to configure an individual interface's Auto-negotiation settings.

Checked the GUI and the CLI Admin Guide for a bit, but it wasn't obvious.

 

Suggestions?

 

Any other best-practice recommendations for a FortiSwitch port connected to a Server (example: enable Edge Mode, disable STP, disable Loop Guard, etc)?

 

Thanks!

1 reply

Nicholas_Doropoulos
Nicholas_Doropoulos
New Member
June 4, 2018

Hi,

 

First and foremost, I should challenge the statement that "it is often considered best practice to disable auto-negotiation" on an interface. For one, hard coding interfaces' settings is always an administrative overhead if you implement a consistent strategy across your network. For another, this will very likely cause issues with clients whose NICs might not support 1000Mbps.

 

Regarding your second question about best practices, I would ask as to what kind of server we are looking at. Is it a server providing business critical applications? Also, are we looking at servers sitting in the LAN along with your network's hosts or is the server located in a DMZ or otherwise isolated segment?

TechConnect_JC
TechConnect_JCAuthor
New Member
June 6, 2018

Auto-negotiate is a great feature until it automatically negotiates the incorrect speed/duplex. ;)

A mismatch is usually noticed by performance issues and seeing packet errors on the switch port.

 

Typically, we would only set speed/duplex on interfaces connected to servers or other mission-critical network infrastructure gear.

Also, many ISPs often require a manually set speed/duplex, so this is sometimes a requirement.

 

However, thankfully, now that Gigabit interfaces have become so common, and the standard is so much better than the older 10/100 auto-negotiate, this really has become a non-issue for most modern networks.

 

Anyways, to answer your questions:

Yes, this is a mission-critical VMware ESXi install on server hardware with several gigabit NICs (sadly, no 10GB yet).

Yes, the servers access VLAN and management VLAN will be separate from the client VLAN.

 

The question about disabling features on the switchport comes from experience discovering bugs on past versions of FortiSwitch, and also a desire to make sure the interface operates at full wire speed.

 

After chatting with some other Fortinet Engineers, we discovered how to change this setting on the switchports via the FortiGate FortiLink controller CLI:

config switch-controller managed-switch
 edit [Switch SN]
  config ports
   edit [port#]
    set speed [option]
      10half : 10M half-duplex.
      10full : 10M full-duplex.
      100half : 100M half-duplex.
      100full : 100M full-duplex.
      1000auto : Auto-negotiation (1G full-duplex only).
      auto : Auto-negotiation.
   end
  end

 

Thanks for any additional thoughts!

Terms & ConditionsAccessibility statement