FortiSwitch 108E
Standalone mode
v. 7.2.3
I have created a LLDP-MED profile "Phone-LLDP" with MED TLVs:
VLAN 100
DSCP 46
for Voice and Voice Signaling.
And enabled LLDP on a physical port TX/RX with the "Phone-LLDP" profile.
Packet capture on both ends of the VoIP traffic (3CX PBX and Fanvil IP phone) confirms that DSCP 46 has not been applied.
VLAN assignment works.
Any ideas?
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
First thing you need to do is to capture LLDP L2 frames between the FSW and the end device on both directions.
Below is one of Cisco switch's description but I think FSW's default behavior is the same.
"By default, the switch only sends LLDP packets until it receives LLDP-MED packets from the end device. It will then send LLDP packets with MED TLVs as well. When the LLDP-MED entry has been aged out, it only sends LLDP packets again. " I quoted from below:
https://www.cisco.com/en/US/docs/switches/metro/me3600x_3800x/trash/swlldp.html
To capture them you might need to set SPAN to mirror all frames/packets sent/received at the port to another port and run Wireshark on a machine hooked up at the mirror port. You can use a filter output with just "lldp".
I recently did that with an 224D and verified LLDP frames that contain the network-policy TLV I configured (vlan, dscp, cos priority) came out after my Polycom phone came up and sent out its LLDP frames to the FSW.
Toshi
Hi @Toshi_Esumi ,
Thank you for this detailed information. This is my first experience with LLDP-MED. If I understand it correctly, LLDP MED Network Policy doesn't do any traffic shaping on its own but rather instructs LLDP media end point to follow these policy, like VLAN, priority and DSCP.
Is this correct?
If I do not see any changes related to the DSCP on the IP phone (packet capture) I can assume that the phone just doesn't understand this DSCP part of the network policy, but complies with the VLAN part of it.
Is my understanding correct?
My understanding is the same as yours. It's just providing information to a device connected to the port. My guess was the FWS was sending LLDP-MED exactly what you configured, but the device is ignoring some of them whatever the reason is. When you sniff the LLDP frames you should be able to determine if that's the fact, or it's a bug of the FSW software missing some part of your config.
Created on 03-23-2023 05:39 PM Edited on 03-23-2023 05:41 PM
I have mirrored ports on FortiSwitch; port6-source, port5-destination.
Wireshark output:
Telecommunications Industry Association TR-41 Committee - Network Policy
1111 111. .... .... = TLV Type: Organization Specific (127)
.... ...0 0000 1000 = TLV Length: 8
Organization Unique Code: 00:12:bb (Telecommunications In
Media Subtype: Network Policy (0x02)
Application Type: Voice (1)
0... .... .... .... .... .... = Policy: Defined
.1.. .... .... .... .... .... = Tagged: Yes
...0 0000 1100 100. .... .... = VLAN Id: 100
.... .... .... ...0 00.. .... = L2 Priority: 0
.... .... .... .... ..10 1110 = DSCP Priority: 46
And Fanvil X3U states :
Capabilities: 0x0003
.... .... .... ...1 = LLDP-MED Capabilities: Capable
.... .... .... ..1. = Network Policy: Capable
.... .... .... .0.. = Location Identification: Not capable
.... .... .... 0... = Extended Power via MDI-PSE: Not capable
.... .... ...0 .... = Extended Power via MDI-PD: Not capable
.... .... ..0. .... = Inventory: Not capable
It looks like the phone overestimates its capabilities.
Since it's capable taking the VLAN ID portion, it has to say "Capable". Otherwise, the FSW wouldn't even include the TLV. It's just not capable taking the DSCP value.
If you're lucky you might be able to configure it manually on the phone. But chances are no way configuring it on the phone, and you need to mark traffic on the port at the FSW.
For that part, I haven't done it myself with FSWs yet so ask somebody else if you need help. I think you can figure out yourself though.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.