DescriptionThis article describes how FortiOS 6.2 enables LLDP reception on WAN interfaces, and prompts FortiGates that are joining the Security Fabric if the upstream FortiGate asks. -If an interface's role is undefined, LLDP reception and transmission inherit settings from the VDOM.-If an interface's role is WAN, LLDP reception is enabled.-If an interface's role is LAN, LLDP transmission is enabled.
When a FortiGate B's WAN interface detects that FortiGate A's LAN interface is immediately upstream (through the default gateway), and FortiGate A has Security Fabric enabled, FortiGate B will show a notification on the GUI asking to join the Security Fabric.
SolutionTo configure LLDP reception and join a Security Fabric:
1) Go to Network -> Interfaces.
2) Configure an interface:
-If the interface's role is undefined, under Administrative Access, set Receive LLDP and Transmit LLDP to Use VDOM Setting.
Using the CLI:
#config system interface
edit "port3"
set lldp-reception vdom
set lldp-transmission vdom
set role undefined
...
next
end
-If the interface's role is WAN, under Administrative Access, set Receive LLDP to Enable and Transmit LLDP to Use VDOM Setting.
Using the CLI:
#config system interface
edit "wan1"
set lldp-reception enable
set lldp-transmission vdom
set role wan
...
next
end
-If the interface's role is LAN, under Administrative Access, set Receive LLDP to Use VDOM Setting and Transmit LLDP to Enable.
Using the CLI:
#config system interface
edit "port2"
set lldp-reception vdom
set lldp-transmission enable
set role lan
...
next
end
A notification will be shown on FortiGate B.
Click Apply to save the settings.
Using the CLI:
#config system csf
set status enable
set upstream-ip 10.2.200.1
end