Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TechConnect_JC
New Contributor

Set FortiSwitch Interface Speed/Duplex

It is often considered best-practice to disable interface auto-negotiation and manually set the speed/duplex to 1000/Full on both the server and network infrastructure.

 

I have a FortiSwitch 180D PoE, running 3.6.6, being managed by a FortiGate via FortiLink.

 

I am unable to find the setting to configure an individual interface's Auto-negotiation settings.

Checked the GUI and the CLI Admin Guide for a bit, but it wasn't obvious.

 

Suggestions?

 

Any other best-practice recommendations for a FortiSwitch port connected to a Server (example: enable Edge Mode, disable STP, disable Loop Guard, etc)?

 

Thanks!

2 REPLIES 2
Nicholas_Doropoulos
Contributor

Hi,

 

First and foremost, I should challenge the statement that "it is often considered best practice to disable auto-negotiation" on an interface. For one, hard coding interfaces' settings is always an administrative overhead if you implement a consistent strategy across your network. For another, this will very likely cause issues with clients whose NICs might not support 1000Mbps.

 

Regarding your second question about best practices, I would ask as to what kind of server we are looking at. Is it a server providing business critical applications? Also, are we looking at servers sitting in the LAN along with your network's hosts or is the server located in a DMZ or otherwise isolated segment?

NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3

TechConnect_JC

Auto-negotiate is a great feature until it automatically negotiates the incorrect speed/duplex. ;)

A mismatch is usually noticed by performance issues and seeing packet errors on the switch port.

 

Typically, we would only set speed/duplex on interfaces connected to servers or other mission-critical network infrastructure gear.

Also, many ISPs often require a manually set speed/duplex, so this is sometimes a requirement.

 

However, thankfully, now that Gigabit interfaces have become so common, and the standard is so much better than the older 10/100 auto-negotiate, this really has become a non-issue for most modern networks.

 

Anyways, to answer your questions:

Yes, this is a mission-critical VMware ESXi install on server hardware with several gigabit NICs (sadly, no 10GB yet).

Yes, the servers access VLAN and management VLAN will be separate from the client VLAN.

 

The question about disabling features on the switchport comes from experience discovering bugs on past versions of FortiSwitch, and also a desire to make sure the interface operates at full wire speed.

 

After chatting with some other Fortinet Engineers, we discovered how to change this setting on the switchports via the FortiGate FortiLink controller CLI:

config switch-controller managed-switch
 edit [Switch SN]
  config ports
   edit [port#]
    set speed [option]
      10half : 10M half-duplex.
      10full : 10M full-duplex.
      100half : 100M half-duplex.
      100full : 100M full-duplex.
      1000auto : Auto-negotiation (1G full-duplex only).
      auto : Auto-negotiation.
   end
  end

 

Thanks for any additional thoughts!