|
When a FortiGate HA cluster is operating, and a monitored interface fails on the primary unit, the primary unit usually becomes a subordinate unit, and another unit in the cluster becomes the primary unit. After a link failover, the new primary unit sends special ARP packets(called Gratuitous-ARP or G-ARP) to refresh the MAC forwarding tables (also called ARP tables) of the switches connected to the cluster. This is a normal link failover operation.
Some switches in the network may not be able to detect that the primary unit has become a subordinate unit, and will keep forwarding packets to the same. This occurs if the switch does not detect the failure and does not clear its MAC forwarding table.
This command forces the primary device to shut down all interfaces except the heartbeat device interface for 1 second when a failover occurs, so that the switch detects the failover and clears its MAC forwarding table. If the primary unit interfaces are shut down for one second, the switch should be able to detect this failure and clear its MAC forwarding tables. Then, when the new primary unit is operating, the switch can detect the G-ARP packets and update its MAC forwarding table correctly.
Command:
config system ha
set link-failed-signal enable
end
Helpful command to check:
diagnose sniffer packet <VLAN interface> "host switch ip" 4 0 a
Related article:
Technical Tip: HA Failover issues with layer-3 switches
|
