fortiswitches show offline in fortigate - FortiLink - MCLAG config

Question

I recently deployed 11 Fortiswitches into an environment. I am using 6 248E-FPOE's, 1 124E-FPOE, and 4 108F-FPOE's. I have 2 of the 248's setup in a MCLAG config and the reset are downstream. The issue I am having is that after initial deployment, all switches were online and doing what they are supposed to do, but now I have 8 switches, including one of the Lag switches showing offline. I run the following commands to get status' and this is what I see for the Lag switch that is offline.

FortiGate Firmware 7.0.11

Switch Firmware 6.2.3

More info:

MCLAG config on switch that is online

edit "port50"
set speed 1000full
set vlan "_default"
set allowed-vlans "quarantine"
set untagged-vlans "quarantine"
set lldp-profile "default-auto-mclag-icl"
set export-to "root"
set mac-addr xxxxxx

MCLAG config on switch that is Offline

edit "port50"
set speed 1000full
set vlan "_default"
set allowed-vlans "quarantine"
set untagged-vlans "quarantine"
set lldp-profile "default-auto-mclag-icl"
set export-to "root"
set mac-addr ac:xxxxxxx
next

Fortilink interface config.

config system interface
edit "fortilink"
set vdom "root"
set fortilink enable
set ip 10.255.1.1 255.255.255.0
set allowaccess ping fabric
set type aggregate
set member "port19" "port20"
set lldp-reception enable
set lldp-transmission enable
set snmp-index 34
set auto-auth-extension-device enable
set fortilink-split-interface disable
set switch-controller-nac "fortilink"
set switch-controller-dynamic "fortilink"
set swc-first-create 255

Fortilink Debug

diagnose netlink aggregate name fortilink

LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled

status: up
npu: y
flush: n
asic helper: y
oid: 91
ports: 2
link-up-delay: 50ms
min-links: 1
ha: master
distribution algorithm: L4
LACP mode: active
LACP speed: slow
LACP HA: enable
aggregator ID: 2
actor key: 17
actor MAC address: xxxxxxxxx
partner key: 17
partner MAC address: ac:xxxxxxxxx

slave: port19
index: 0
link status: up
link failure count: 0
permanent MAC addr: xxxxxxxxx
LACP state: negotiating
actor state: ASAODD
actor port number/key/priority: 1 17 255
partner state: ASAIDD
partner port number/key/priority: 1 17 255
partner system: 0 ac:xxxxxxxxx
aggregator ID: 1
speed/duplex: 1000 1
RX state: CURRENT 6
MUX state: WAITING 2

slave: port20
index: 1
link status: up
link failure count: 0
permanent MAC addr: xxxxxxxx
LACP state: established
actor state: ASAIEE
actor port number/key/priority: 2 17 255
partner state: ASAIEE
partner port number/key/priority: 1 17 255
partner system: 0 ac:xxxxxxx
aggregator ID: 2
speed/duplex: 1000 1
RX state: CURRENT 6
MUX state: COLLECTING_DISTRIBUTING 4

execute switch-controller diagnose-connection S248EFTFxxxxxxxx

Fortilink interface ... OK
fortilink enabled

DHCP server ... OK
fortilink enabled

NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled

ipv4 server(ntp1.fortiguard.com) 208.91.112.61 -- reachable(0xff) S:5 T:266
server-version=4, stratum=2
reference time is e7ed2c45.766816f3 -- UTC Fri Apr 21 15:37:41 2023
clock offset is 0.010927 sec, root delay is 0.067551 sec
root dispersion is 0.010559 sec, peer dispersion is 374 msec

ipv4 server(ntp2.fortiguard.com) 208.91.112.62 -- reachable(0xef) S:5 T:272
server-version=4, stratum=2
reference time is e7ed2c45.766816f3 -- UTC Fri Apr 21 15:37:41 2023
clock offset is 0.018932 sec, root delay is 0.067551 sec
root dispersion is 0.010574 sec, peer dispersion is 222 msec

ipv4 server(ntp2.fortiguard.com) 208.91.112.60 -- reachable(0xff) S:5 T:257 selected
server-version=4, stratum=2
reference time is e7ed2c45.766816f3 -- UTC Fri Apr 21 15:37:41 2023
clock offset is 0.017357 sec, root delay is 0.067551 sec
root dispersion is 0.010544 sec, peer dispersion is 276 msec

ipv4 server(ntp1.fortiguard.com) 208.91.112.63 -- reachable(0xff) S:5 T:253
server-version=4, stratum=2
reference time is e7ed2c45.766816f3 -- UTC Fri Apr 21 15:37:41 2023
clock offset is 0.013255 sec, root delay is 0.067551 sec
root dispersion is 0.010544 sec, peer dispersion is 173 msec

HA mode ... disabled

Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 2 seconds ago

No CAPWAP IP address retrieved for FortiSwitch S248EFTFxxxxxxxx
CAPWAP
Remote Address : N/A
Status ... Idle

# config system ntp

(ntp) # show
config system ntp
set ntpsync enable
set server-mode enable
set interface "fortilink"
end

(ntp) # get
ntpsync : enable
type : fortiguard
syncinterval : 60
source-ip : 0.0.0.0
source-ip6 : ::
server-mode : enable
authentication : disable
interface : "fortilink"

Why do they lose connection to the fortigate switch management?

gfleming · Answer

Can you show the topology from the Managed FortiSwitches console?   Can you show your FortiLink interface configuration?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded