Technical Tip: How to display LLDP, trunk and STP information of a managed FortiSwitch from FortiGate CLI

Description

This article describes how to display LLDP, trunk and STP information of a managed FortiSwitch from the FortiGate CLI.

Scope

Managed FortiSwitch, FortiGate.

Solution

Topology:

LLDP Information:

The LLDP table of a managed FortiSwitch can be displayed with the FortiOS command  'diagnose switch-controller switch-info lldp neighbors-summary <FortiSwitch serial number>'.

The output below shows the LLDP table of FortiSwitch in this topology:

# diagnose switch-controller switch-info lldp neighbors-summary S108EPXXXXXXXXXX
Managed Switch : S108EPXXXXXXXXXX       0
Capability codes:
R:Router, B:Bridge, T:Telephone, C:DOCSIS Cable Device
W:WLAN Access Point, P:Repeater, S:Station, O:Other
MED type codes:
Generic:Generic Endpoint (Class 1), Media:Media Endpoint (Class 2)
Comms:Communications Endpoint (Class 3), Network:Network Connectivity Device
Portname    Status   Device-name                 TTL   Capability  MED-type  Port-ID
__________  _______  __________________________  ____  __________  ________  _______
port1       Down     -                           -     -           -         -
port2       Up       FortiAP-423E                120   BRW         -         e8:1c:ba:96:19:78
port3       Down     -                           -     -           -         -
port4       Up       FGT7                        120   BR          -         wan1
port5       Up       FGT-PRIMARY                     120   BR          -         internal6
port6       Up       FGT-PRIMARY                     120   BR          -         internal5
port7       Up       FGT-SECONDARY                     120   BR          -         internal6
port8       Up       FGT-SECONDARY                     120   BR          -         internal5
port9       Down     -                           -     -           -         -
port10      Down     -                           -     -           -         -

More LLDP details for each neighbor can be displayed with the FortiOS command 'diagnose switch-controller switch-info lldp neighbors-detail <FortiSwitch serial number> <port-number>'.

LLDP statistics can be displayed with the FortiOS command 'diagnose switch-controller switch-info lldp stats <FortiSwitch serial number>'.

Trunk (802.3ad) information:

The trunk (LAG/LACP) information of a managed FortiSwitch can be displayed with the FortiOS command  'diagnose switch-controller switch-info trunk status <FortiSwitch serial number>'.

The output below shows the trunk status of FortiSwitch in this topology:

#diagnose switch-controller switch-info trunk status S108EPXXXXXXXXXX

S108EPXXXXXXXXXX:
Switch Trunk Information, primary-Channel

Trunk Name:  GT61EXXXXXXXXXX
Mode:  lacp-active (auto-isl)
Port Selection Algorithm: src-dst-ip
Trunk MAC: E8:1C:BA:3A:E1:AB
Trunk ID:  0 

Active Port  Up  Time
 ___________  _________________________
 port5        1 days,1 hours,12 mins,21 secs
 port6        1 days,1 hours,12 mins,24 secs

Non-Active Port  Status
_______________  ____________________

LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled

status: up
ports: 2
LACP mode: active
LACP speed: slow
aggregator ID: 1
actor key: 17
actor MAC address: e8:1c:ba:3a:e1:ab
partner key: 17
partner MAC address: 70:4c:a5:27:b4:5b

slave: port5
status: up
link failure count: 0
permanent MAC addr: e8:1c:ba:3a:e1:ab
actor state: ASAIEE
partner state: ASAIEE
aggregator ID: 1

slave: port6
status: up
link failure count: 0
permanent MAC addr: e8:1c:ba:3a:e1:ac
actor state: ASAIEE
partner state: ASAIEE
aggregator ID: 1

Trunk Name:   GT61EXXXXXXXXXX
Mode:  lacp-active (auto-isl)
Port Selection Algorithm: src-dst-ip
Trunk MAC: E8:1C:BA:3A:E1:AD
Trunk ID:  1 

Active Port  Up  Time
___________  ________________________

port7        1 days,1 hours,12 mins,22 secs
port8        1 days,1 hours,12 mins,21 secs

Non-Active Port  Status
_______________  ____________________

LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled

status: up
ports: 2
LACP mode: active
LACP speed: slow
aggregator ID: 1
actor key: 17
actor MAC address: e8:1c:ba:3a:e1:ae
partner key: 17
partner MAC address: e8:1c:ba:a2:f6:91

slave: port8
status: up
link failure count: 0
permanent MAC addr: e8:1c:ba:3a:e1:ae
actor state: ASAIEE
partner state: ASAIEE
aggregator ID: 1

slave: port7
status: up
link failure count: 0
permanent MAC addr: e8:1c:ba:3a:e1:ad
actor state: ASAIEE
partner state: ASAIEE
aggregator ID: 1

STP information:

STP instance information for a managed FortiSwitch can be displayed with the FortiOS command  'diagnose switch-controller switch-info stp <FortiSwitch serial number>'  '<instance-id>' :

The output below shows the STP status of instance id 0 and 15 of FortiSwitch in this topology:

# diagnose switch-controller switch-info stp S108EPXXXXXXXXXX 0

S108EPXXXXXXXXXX:

MST Instance Information, primary-Channel:

Instance ID 0 (CST)
 Config         Priority 24576 
                Bridge MAC e81cba3ae1a6, MD5 Digest 9999b43d77cc58bba8854f9991c4a487
 
Root           MAC e81cba3ae1a6, Priority 24576, Path Cost 0, Remaining Hops 2
               (This bridge is the root)

Regional Root  MAC e81cba3ae1a6, Priority 24576, Path Cost 0
               (This bridge is the regional root)

Active Times   Forward Time 15, Max Age 20, Remaining Hops 20

TCN Events     Triggered 0 (0d 5h 58m 4s ago), Received 0 (0d 5h 58m 4s ago)

Port               Speed   Cost       Priority   Role         State        HelloTime  Flags
________________   ______  _________  _________  ___________  __________   _________  _______________
port1              -       200000000  128        DISABLED     DISCARDING   2          ED
port2              1G      20000      128        DESIGNATED   FORWARDING   2          EN ED
port3              -       200000000  128        DISABLED     DISCARDING   2          ED
port4              1G      20000      128        DESIGNATED   FORWARDING   2          EN ED
port9              -       200000000  128        DISABLED     DISCARDING   2          ED
port10             -       200000000  128        DISABLED     DISCARDING   2          ED
internal           1G      20000      128        DESIGNATED   FORWARDING   2          ED
GT61EXXXXXXXXXX    2G      10000      128        DESIGNATED   FORWARDING   2          ED
GT61EXXXXXXXXXX    2G      10000      128        DESIGNATED   FORWARDING   2          ED

Flags: EN(STP enable), ED(Edge), LP(Loop Protection Triggered)
RG(Root Guard Triggered), BG(BPDU Guard Triggered), IC(PVST Port Inconsistent)
MV(PVST Port Vlan Mismatch

# diagnose switch-controller switch-info stp S108EPXXXXXXXXXX 15

S108EPXXXXXXXXXX:

MST Instance Information, primary-Channel:

Instance ID 15
  Config         Priority 24576 , VLANs 4094
                 Bridge MAC e81cba3ae1a6
  Regional Root  MAC e81cba3ae1a6, Priority 24576, Path Cost 0
                 (This bridge is the regional root)

  TCN Events     Triggered 0 (0d 5h 58m 27s ago), Received 0 (0d 5h 58m 27s ago)

  Port               Speed   Cost       Priority   Role         State        Flags
  ________________   ______  _________  _________  ___________  __________   _______________

  internal           1G      20000      128        DESIGNATED   FORWARDING   ED
  GT61EXXXXXXXXXX    2G      10000      128        DESIGNATED   FORWARDING   ED
  GT61EXXXXXXXXXX    2G      10000      128        DESIGNATED   FORWARDING   ED

Related documents:

Technical Tip: Interface Trunk on FortiSwitch

diagnose switch-controller