Skip to main content
ahamza89
ahamza89
New Member
August 23, 2022
Question

FortiSwitches are status not stable appearing onlin/offline frequentl. High CPU usage on Fortilink.

  • August 23, 2022
  • 2 replies
  • 9510 views

I have a Fortigate 601E v6.4.9 as a switch controller, with 2 FotiSwitch 1048E as MCLAG peers and multiple 124F on distribution.

Few switches suddenly went offline including 1x 1048E.

in LOGS it shows 

NTP is fine.

ahamza89_2-1661255062371.png

 

ahamza89_1-1661254927504.png

 

2 replies

Adolfo_Z_H
Staff
Adolfo_Z_H
Staff
August 23, 2022

the most common reason for this issue is a network loop caused for cabling issues and misconfiguration on the MCLAG - ICL link between peers or between Tier1 and Tier2 switches.

 

Please open a TAC ticket if you need still support.

ahamza89
ahamza89Author
New Member
August 23, 2022

Thanks for your reply.. how can I figured it out. Any possibility through CLI. 

Adolfo_Z_H
Staff
Adolfo_Z_H
Staff
August 23, 2022

i am afraid this is too complex to check it using forum tools. Seems your networks is some kind complex.

 

there is some usefull comands on FGT side

 

execute switch-controller diagnose-connection

execute switch-controller get-conn-status

(take note of the fortilink interface/stack name)

execute switch-controller get-physical-conn standard FortiSwitch-Stack-FortiLink

 

Please check with this last command the name of the fortilink stack and change if it is necessary

diagnose switch-controller switch-info mclag peer-consistency-check

 

on FSW side you can try to check for non planed ports on STP blocked or backup status

diagnose stp instance list

 

also check if your intended network topology is matching LLDP outputs.

get switch lldp neighbors-summ

 

this command is assuming all relevant devices have LLDP enabled. Per default it is enabled on all FSW devices, but be aware some other 3rd party devices may not have it enabled, so doble check with STP diagnose command if these ports are not blocked.

 

i encourage you if this is an urgent matter, get in contact with TAC support.

 

ede_pfau
SuperUser
ede_pfau
SuperUser
August 27, 2022

do you really set ".ntp.org" as NTP server? the hostname part is missing.

Please post output of 'diag sys ntp status'.

ahamza89
ahamza89Author
New Member
August 28, 2022

I disconnected all the Access switch from core, MCLAG-ICL wasn't enabled between core Switches (1048)

 

Now when connect Access switches set mclag-icl enable is not working.

 

Below is the what connections look like

 

ahamza89_0-1661695855146.png

 

Terms & ConditionsAccessibility statement