• It is recommended to use non-PoE ports or SFP ports to establish links between FortiSwitches.
  
• In specific scenarios where PoE ports must be used for FortiLink, the following steps can be taken to disable PoE on all FortiLink ports.
  

Solution 1: Disabling PoE on Default Policies.

1. Verify the Current Configuration: run the following command to check the current configuration:

FortiGate# show full-configuration switch-controller auto-config default

    config switch-controller auto-config default
        set fgt-policy "default"
        set isl-policy "default"
        set icl-policy "default-icl"
    end

In the above output, the fgt-policy and isl-policy use the 'default' policy, while the icl-policy uses the 'default-icl' policy.

Run the following command to view details of the 'default' and 'default-icl' policies:

FortiGate# show full-configuration switch-controller auto-config policy
    config switch-controller auto-config policy
        edit "default"
            set qos-policy "default"
            set storm-control-policy "auto-config"
            set poe-status enable
            set igmp-flood-report disable
            set igmp-flood-traffic disable
        next
            edit "default-icl"
                set qos-policy "default"
                set storm-control-policy "auto-config"
                set poe-status disable
                set igmp-flood-report enable
                set igmp-flood-traffic enable
            next
        end

From the above output:

• The 'default' policy has PoE enabled.
  The 'default-icl' policy has PoE disabled.
   

2. Disable PoE in the Default Policy: run the following commands to disable PoE in the 'default' policy:

FortiGate # config switch-controller auto-config policy
    edit "default"
        set poe-status disable
    next
end

When prompted, type 'y' to confirm:

This policy is currently assigned; disabling of POE status could affect FortiSwitch units which are running in POE powered device mode.
Do you want to continue? (y/n)y

Note:

Ensure that the FortiSwitch is powered by an external power source before disabling PoE.

Solution 2: Creating and Applying a New Policy.

1. Create a New Policy: run the following commands to create a new policy with PoE disabled:

config switch-controller auto-config policy
edit "no-poe-isl"
set qos-policy "default"
set storm-control-policy "auto-config"
set poe-status disable <======= disable poe
set igmp-flood-report disable
set igmp-flood-traffic disable
next
end

Step 2: Apply the Policy to a Specific FortiLink Trunk.
Run the following commands to apply the new policy to a specific FortiLink trunk:

config switch-controller auto-config custom
    edit "_FlInK1_MLAG0_" <==== trunk name
        config switch-binding
            edit "248EF-3" <==== switch-id
                set policy "no-poe-isl"
            next
        end

After executing the end command, confirm the changes when prompted type y to confirm::

This policy contains disabling of POE status that could affect FortiSwitch units which are running in POE powered device mode.
Do you want to continue? (y/n)y

    next
end

Note:

Ensure that the FortiSwitch is powered by an external power source before disabling PoE.

Note:

• Replace the FortiLink trunk name with the name of the trunk where PoE needs to be disabled.
• To determine the switch ID, run the following command on the FortiGate: 'execute switch-controller get-conn-status'.