Skip to main content
NKL
NKL
New Member
December 1, 2017
Question

[SOLVED] Error creating switch-interface: entry not found in datasource

  • December 1, 2017
  • 1 reply
  • 34416 views

We are trying to do some tests with fortigate feature "VXLAN" with devices FG60D, FG60E and FG100E, on FortiOS 5.4.5 and 5.6.2. Following the steps of Fortinet Knowledge Base article FD40170 ( http://kb.fortinet.com/kb...FD40170&languageId ), we fail to reproduce the step of creating the soft-switch. We are issuing the the following commands on the CLI, to form a soft-switch comprising the physical "port16" (which is free/unused so far) and a VPN-interface, that was setup for VXLAN beforehand:

 


RTR001 # config system switch-interface
RTR001 (switch-interface) # edit "VXLAN1"
new entry 'VXLAN1' added
RTR001 (VXLAN1) # set member "port16" "VXLANVPN"
entry not found in datasource
value parse error before 'port16'
Command fail. Return code -3
RTR001 (VXLAN1) #

The soft-switch cannot be created because of the error message "entry not found in datasource". Does anyone have an idea, why this is?

    1 reply

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    December 3, 2017

    When you enter "set member" (and nothing more!), hit '?' to see the available interfaces. I bet there are no VPN interfaces listed.

    If so, did you specify "set encapsulation vxlan" in phase1-interface?

    NKL
    NKLAuthor
    New Member
    December 4, 2017

    Funny enough, "set member ?" does not give me any interfaces:

    RTR001 # config system switch-interface
    RTR001 (switch-interface) # edit "VXLAN1"
    new entry 'VXLAN1' added
    RTR001 (VXLAN1) # set member ?
    *interface-name    Physical interface name.
    RTR001 (VXLAN1) # set member

     

    Phase1-Interface was created with "set enc vxlan":

    config vpn ipsec phase1-interface
        edit "VXLANVPN"
            set interface "port15"
            set peertype any
            set proposal aes256-sha256
            set dhgrp 14
            set encapsulation vxlan
            set encapsulation-address ipv4
            set encap-local-gw4 172.30.0.2
            set encap-remote-gw4 172.30.0.1
            set remote-gw 172.30.0.1
            set psksecret dummypsk123
        next
    end
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    December 5, 2017

    OK, I followed your steps on my 60E. And didn't have a port to choose from in the beginning.

    Then,

    config system virtual-switch
        edit "internal"   config port

          delete port internal7

    end

    end

    and then...

    config system switch-interface
        edit "vxlan"
    set member ?
    ...

    gate (vxlan) # set member
    *interface-name    Physical interface name.
    internal7       interface

    Aha!

     

     

    Terms & ConditionsAccessibility statement