Which drop policy mode, if assigned to a congested port, will drop incoming packets until there is no congestion on the egress port?

1. A. Tail-drop mode
2. B. Weighted round robin mode.
3. C. Random early detection mode
4. D. Strict mode

Correct Answer: A
Tail-drop mode is a congestion management technique used in network devices, including FortiSwitches, to handle congestion on network ports:
Tail-Drop Mode (A):
Behavior:When a queue reaches its maximum capacity on a congested port, tail-drop mode simply drops any incoming packets that arrive after the buffer is full. This continues until the congestion is alleviated and there is space in the queue to accommodate new packets.
Application:This is a straightforward approach used when the device??s buffer allocated to the port becomes full due to sustained high traffic, preventing buffer overflow and maintaining system stability.
References:For more details on congestion management techniques and settings on FortiSwitch, you can refer to the configuration manuals available on:Fortinet Product Documentation

How is traffic routed on FortiSwitch?

1. A. Hardware-based routing on FortiSwitch is handled by the CPU.
2. B. FortiSwitch looks up the hardware routing table and then the forwarding information base (FIB).
3. C. ASIC hardware routing can only handle dynamic routing, if supported.
4. D. Layer 3 routing can be configured on FortiSwitch, while managed by FortiGate.

Correct Answer: D
Layer 3 routing can be configured on FortiSwitch, while managed by FortiGate (D): FortiSwitch, when managed by FortiGate, supports Layer 3 routing capabilities. This allows for routing between VLANs directly on the switch, enhancing network efficiency by reducing the need to pass traffic through higher network layers for inter-VLAN communication. This configuration enables more sophisticated network setups and efficient routing directly at the switch level.

What can an administrator do to maintain the existing standalone FortlSwltch configuration while changing the management mode to FortLink?

1. A. Use a migration tool based on python script to convert the configuration
2. B. Enable the Forti-link setting on FortiSwitch before the authorization process
3. C. FortiGate will automatically save the existing FortiSwitch configuration during the Forti-link management process.
4. D. Register FortiSwitch to For1ISwitch Cloud to save a copy before managing by Forti-Gate.

Correct Answer: B

Which statement about using MAC, IP, and protocol-based VLANs on FortiSwitch is true?

1. A. lt is a scalable and secure solution in comparison to other Layer 2 security measures.
2. B. FortiSwitch uses only the Ethernet type to assign traffic to VLANs.
3. C. It provides benefits that can be obtained when using 802.1X authentication.
4. D. Endpoints are required to use the same FortiSwitch port to remain members of the VLAN.

Correct Answer: C
It provides benefits that can be obtained when using 802.1X authentication (C): MAC, IP, and protocol-based VLANs on FortiSwitch are beneficial in network environments where additional granularity is needed in traffic segmentation and security, similar to what can be achieved through 802.1X authentication. These VLAN types allow for dynamic assignment of ports to VLANs based on the characteristics of the incoming traffic, enhancing both security and network efficiency.

Refer to the exhibit.

The profile shown in the exhibit is assigned to a group of managed FortiSwitch ports, and these ports are connected to endpoints which are powered by PoE.
Which configuration action can you perform on the LLDP profile to cause these endpoints to exchange PoE information and negotiate power with the managed FortiSwitch?

1. A. Create new a LLDP-MED application type to define the PoE parameters.
2. B. Assign a new LLDP profile to handle different LLDP-MED TLVs.
3. C. Define an LLDP-MED location ID to use standard protocols for power.
4. D. Add power management as part of LLDP-MED TLVs to advertise.

Correct Answer: D
To cause endpoints to exchange PoE information and negotiate power with the managed FortiSwitch via LLDP, you should configure the LLDP profile to include power management in the advertised LLDP-MED TLVs. Here are the steps:
Access the LLDP Profile Configuration:Start by entering the LLDP profile configuration mode with the command:
config switch-controller lldp-profile
edit "LLDP-PROFILE"
Enable MED-TLVs:Ensure that MED-TLVs (Media Endpoint Discovery TLVs) are enabled. These TLVs are used for extended discovery relating to network policies, including PoE, and are essential for PoE negotiation. They include power management which is crucial for the negotiation of PoE parameters between devices. The command to ensure network policies are set might look like:
set med-tlvs network-policy
Add Power Management TLV:Specifically add or ensure the power management TLV is part of the configuration. This will advertise the PoE capabilities and requirements, enabling dynamic power allocation between the FortiSwitch and the connected devices (like VoIP phones or wireless access points). This can typically be done within the network-policy settings:
config med-network-policy
edit
set poe-capability
next
end
Save and Apply Changes:Exit the configuration blocks properly ensuring changes are saved:
End
Verify Configuration:It's always good practice to verify that your configurations have been applied correctly. Use the appropriateshoworgetcommands to review the LLDP profile settings.
By adding the power management as part of LLDP-MED TLVs, the FortiSwitch will be able to communicate its power requirements and capabilities to the endpoints, thereby facilitating a dynamic power negotiation that is crucial for efficient PoE utilization.
References:For more detailed information and additional configurations, you can refer to the FortiSwitch Managed Switches documentation available on Fortinet??s official documentation site:Fortinet Product Documentation