|
After deploying a new firmware version on the FortiGate, the managed FortiSwitch status is Authorized/Down, and the FortiLink aggregate interface cannot link UP:
On the FortiGate side:
execute switch-controller get-conn-status <FortiSwitch_serial_number>
Admin Status: Authorized / down
Connection: Idle
To further diagnose the connection:
execute switch-controller diagnose-connection <FortiSwitch_serial_number>
No IP address retrieved for FortiSwitch <FortiSwitch_serial_number>
Remote Address: N/A
Status ... Idle
From the configuration of the FortiLink aggregate interface, the management VLAN ID should be checked:
config system interface
edit " fortilink"
show full
……
set switch-controller-mgmt-vlan 4094 <- This is the default management VLAN on FortiGate.
……
On the FortiSwitch side:
config switch auto-network
After rebooting the switch, the output from the command is as follows:
config switch auto-network
set mgmt-vlan 1 <- The management VLAN on FortiSwitch is switched to VLAN 1.
set status enable
For this reason, FortiSwitch cannot get the IP address from the FortiLink aggregate interface, and the following change should be made to fix the issue:
config switch auto-network
set mgmt-vlan 4094
set status enable
end
In some cases, 'execute switch-controller get-conn-status <FortiSwitch_serial_number>' may show that the FortiLink is not up.
Get managed-switch S448EXXXXXXXXXXXX connection status:
Admin Status: Authorized
Connection: Idle (capwap)
Diagnosing...
fortilink is not up, please check physical connection.
Under Network -> Interface, try disabling and re-enabling the FortiLink interface.
Note: After the FortiGate device is upgraded from FortiOS 7.6.0 to 7.6.1 or higher, when the LLDP configuration is set to vdom or disabled under the FortiLink interface, the FortiSwitch units are offline. The wrong configuration under the FortiLink interface is as below.
Challenger-kvm100 # config sys interface
Challenger-kvm100 (interface) # edit fortilink
Challenger-kvm100 (fortilink) # sh
config system interface
edit "fortilink"
set vdom "root"
set fortilink enable
set ip x.x.x.x
set allowaccess ping fabric
set type aggregate
set lldp-reception disable/vdom
set lldp-transmission enable
set snmp-index 14
next
end
Workaround:
- Make sure 'lldp-reception' and 'lldp-transmission' are enabled under global settings.
config system global
set lldp-reception enable
set lldp-transmission enable
end
- Enable lldp-reception and lldp-transmission under the FortiLink interface or rebuild the FortiLink interface.
config system interface
edit "fortilink"
set lldp-reception enable
set lldp-transmission enable
next
end
Related article:
|
