This article describes that in certain industrial environments, devices using Profinet communication—specifically PTCP (Precision Time Control Protocol) may send packets using the multicast MAC address 01:80:c2:00:00:0e. PTCP leverages LLDP-like behavior but uses a different ethertype (0x8892 instead of 0x88cc).
While in some setups this traffic remains local, in others, it traverses the LAN via FortiSwitch. Certain FortiSwitch models are unable to correctly handle these Profinet packets and enter CPU exhaustion due to the unexpected ethertype. This leads to FortiLink flapping and overall instability.
Validation: To confirm the issue, capture traffic using a port mirror on the FortiSwitch port connected to the industrial device. Look for Profinet packets with ethertype 0x8892 and destination MAC 01:80:c2:00:00:0e. Refer information on Mirror.
Solution 1: Block Profinet Traffic with ACL (if traffic is not required on FortiSwitch):
If Profinet traffic is not expected on the FortiSwitch, configure an ACL to drop it. The example below demonstrates how to drop traffic destined for 01:80:c2:00:00:0e on VLAN 100 from port1:
config switch acl ingress edit 1 config action set count enable set drop enable end config classifier set dst-mac 01:80:c2:00:00:0e set vlan-id 100 end set ingress-interface "port1" next end
Solution 2: Upgrade and Use Built-in LLDP option handling Profinet traffic:
FortiSwitch versions v7.4.5 and v7.6.1 introduce a new setting to control Profinet traffic forwarding via LLDP configuration:
config switch lldp settings set forward-profinet-packet enable ( default: disable) end
When this CLI option is enabled, traffic with the local multicast MAC address 01:80:C2:00:00:0E and EtherType 0x8892 (Profinet) will be forwarded.
When this CLI option is disabled, traffic with the local multicast MAC address 01:80:C2:00:00:0E and EtherType 0x8892 (Profinet) will be dropped.
