|
After upgrading the FortiGate to FortiOS v7.6.1 or later, administrators may observe that existing managed FortiSwitches will appear to go offline and be unavailable for management. In this case, check the Link-Layer Detection Protocol (LLDP) settings in the FortiGate global configuration and also on the FortiLink-enabled interface to ensure that both reception and transmission are enabled:
config system global
set lldp-reception enable
set lldp-transmission enable
end
config system interface
edit <FortiLink_Interface_Name>
set lldp-reception enable
set lldp-transmission enable
next
end
The reason that this issue occurs is due to Change #1061121 introduced in FortiOS v7.6.1, where the fortilink-neighbor-detect setting (configurable on FortiLink-enabled interfaces and used to control how FortiSwitches are discovered) was automatically changed from fortilink mode to lldp. This was done because the FortiLink discovery protocol is being replaced with LLDP- and CAPWAP-based discovery processes, and so the default was changed ahead of future deprecation (note that this is just the discovery aspect, and that FortiSwitches will continue to be managed in the same manner as before).
If the FortiGate did not already have lldp-reception and lldp-transmission enabled on the FortiLink interface before the firmware upgrade, then the FortiLink interface would be set to discover FortiSwitches via LLDP but would not actually be sending/receiving LLDP packets. This is what causes the FortiSwitches to show as offline and unavailable for management.
As an alternative to enabling LLDP, administrators may also manually modify the fortilink-neighbor-detect option under the FortiLink interface settings and change it back to the older fortilink option:
config system interface
edit <FortiLink_Interface_Name>
set fortilink-neighbor-detect [ lldp | fortilink ]
next
end
Important: older FortiOS versions (such as FortiOS v7.4) had fortilink-neighbor-detect set to fortilink by default, and this setting is preserved when upgrading to FortiOS v7.6.1 or later. Therefore, this issue only occurs when upgrading specifically from FortiOS v7.6.0 to v7.6.1 and generally does not occur when upgrading from older firmware versions.
For further info, refer to entry #1061121 in the FortiOS v7.6.1 Release Notes: Changes in default behavior.
Note regarding Hardware Switch-based FortiLink interfaces:
Hardware Switch-based FortiLink interfaces do not have the option to modify fortilink-neighbor-detect directly, and so there can be some confusion as to which discovery method is being utilized. Notably, the stp setting (for Spanning Tree) available for Hardware Switch interfaces also implicitly controls if FortiLink or LLDP is used for FortiSwitch discovery, with the enable setting the discovery mode to LLDP and the disable setting the discovery mode to FortiLink:
config system interface
edit <HW_Switch_FortiLink_Name>
set stp [ enable | disable ]
next
end
Additional note:
In some cases, users have reported that toggling device-identification on for the FortiLink interface can help resolve intermittent issues with FortiSwitches showing as offline. After checking the above first, consider also enabling device-identification on the FortiLink interface using the following commands:
config system interface
edit <FortiLink_Name>
set device identification enable
next
end
Related article:
Troubleshooting Tip: FortiSwitch Connection to FortiGate
|
