Configuring LLDP MED for Voice VLAN tagging on Fortiswitch

There are three components to configuring LLDP-MED and making sure phones are automatically tagged with the correct VOICE VLAN:

Configure the VOICE VLAN
Configure the LLDP Profile
Attach Profile to switch port

To start, lets configure the voice VLAN and set dhcp enabled. This will be the VLAN we use for VOIP phones. Navigate to Network –> Interfaces –> Create New –> Interface:

Once here, configure your vlan with necessary settings:

Click OK to save your VLAN.

Now, open the CLI Console and run the following command:

config switch-controller lldp-profile

If you type “show” and hit enter, you will see all of the default LLDP profiles Fortigate has from the factory. You can create a new lldp profile if you’d like, but I typically just edit the “default” profile.

type:
edit default
config med-network-policy
edit voice

This puts you into the lldp policy for voice related devices in the default profile

next we’ll type:
set status enable
set assign-vlan enable
set vlan 2000 <whatever vlan id you created>
end
end
end
end

This enables the voice vlan within the LLDP profile and tells it to assign VLAN 2000 to any devices classified as VOICE related by the LLDP protocol.

Lastly, we need to assign this LLDP profile to our switch ports. I find the easiest way to do this is the gui. I err on the side of caution when changing the LLDP profile because it can disrupt your Fortilinks between switches.

In the GUI, go to WIFI and Switch Controller –> Fortiswitch Ports and hover over the top left area of the first column until you see a little gear icon. Click it and select LLDP Profile to be shown in the list of columns onscreen

Click Apply. Now that column should be visible when you scroll to the right:

By default, Fortiswitch has the “default-auto-isl” lldp profile attached to every port. We’ll need to change this on our switch ports to the “default” lldp profile we just edited. Click the pencil icon next to the profile name and select “default”