New Member

Solved

LLDP

Forum|Forum|9 years ago
February 15, 2017
2 replies
71253 views

Hello together,

I'm trying to get my Fortigates registered via LLDP in my Switches.

This works perfectly on two FGT-50E, currently on 5.4.1.

It does not work on 3x FGT-90D and on one 110C. These are all on 5.4.somewhat firmware.

What I did:

    edit "internal14"
        set vdom "root"
        set type physical
        set device-identification enable
        set lldp-transmission enable
    next

and:

config system global
    set lldp-transmission enable
end

Then:

diag lldpx restart

We use HP ProCurve switches.

Any idea?

Best answer by MasterBratac

Good news:

"This issue got resolved in code, a fix will be provided in he upcoming FortiOS releases end of Q2. FortiOS version 5.4.5 is scheduled for around end of May 2017, 5.6.1 for around end of June. Please note that these estimated release dates are still subject to change. As soon as the release dates are fixed we'll update this ticket. "

MikePruett

New Member

Silly question but figured I would start from the very top. Did we confirm that it is configured exactly as it is on the 50E's? Also, are you using the same type of switch at all locations?

MasterBratacAuthor

New Member

I have a new 50E and a new 90D right here on my desk ;-).

Both 5.4.4, both factoryreset.

Both doing the above config changes, nothing else.

50E working, 90D not. Both on the same switch (HP Procurve 5406).

MikePruett

New Member

That is incredibly frustrating. The only differences at this point are hardware and possible bugs tied to said hardware and existing FortiOS

emnoc

New Member

hmmm......

How did you capture if you using tcpreplay? Did you connect directly to the interface and run capture?

Are the HP enable for LLDP on the correct ports?

HP-switches are the same?

Can you change the HP out to a spare switch ( cisco ) ?

Can you cable 2 ports back to back and run the fortigates interfaces in vdom (a) and (b) and see if the forties recognize the LLDP neighborships?

And did you try kicking it in the pants and restart LLDPTX

e.g

diag lldptx restart

diag lldptx stats count

And I forgot to add did you run diag debug ?

e.g

diag debug application lldptx -1

diag debug en

if the interface(s) are enabled for lldl, you should get message on the cli terminal for ever time the schedule timer kicks off

ken

MasterBratacAuthor

New Member

I'll tell you, whtat exactly I did:

First of all, I'm a bit familliar with lldp, I was involved in the development of this:

[link]https://github.com/Prinzessor/WinLLDPService[/link]

I've two lab FGTs 50E and 90D here on my desk and a Procurve 5406.

Both FGTs are "sending" LLDP packets (proved with diag sniffer packet interface "not ip" 6).

The 50E is shown in the switch, the 90D not.

I connect the 50E not to the switch, but to my notebook running wireshark. I could capture LLDP packets.

I could send some on my notebook, and also see them in the FGTs sniffer.

Now I connect the 90D to my notebook. The FGTs sniffer shows, that packets are sent, but Wireshark does'nt see them, also NIC LED is not blinking. When I send packets with my Notebook, they show up in the FGT90s sniffer.

Now I used fortinets fgt2eth perl script to convert the FGT90s sniffer output (the lldp packets) to tcpdump/wireshark file, to analyse them in wireshark. They looked good. So I sent the pcap file from my notebook with tcpreplay to my switch, and it registered correctly.

Am I missing somewhat?

emnoc

New Member

Simple

1:did you tried restarting the LLDPTX

2: Run you run the suggest diag debug app lldptx -1

3: are you in multt-vdom mode?

4: how do you have the FGT90 running with regards to set lldp-transmission enable global vdom

5: Have you tried rebooting the FGT90D?

6: have you tried a different port?

7: are these ports in a AggreEthernet ? ( 5.4.x does not let you set AE up with lldp transmit enable )

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded