|
Check group-id and change the value to a random number
Sometimes, issues on only one WAN interface occur when trying to form a PPPoE connection, despite how the PPPoE connection forms correctly when trying from a laptop or in any other interface.
This article assumes the following:
- FortiGate is operating in a cluster.
- All PPPoE credentials are correct.
- A PPPoE connection forms successfully when tested on another device/port.
When operating in a cluster interface, each FortiGate is assigned a virtual MAC address. The virtual MAC address is determined based on the following formula on virtual cluster 1:
00-09-0f-09-<group-id_hex>- (<vcluster_integer> <idx>)
<group-id_hex> is the HA Group ID for the cluster, converted to hexadecimal.
By default, the group ID of all HA clusters is 0.
If there is another HA cluster connected to the same PPPoE server, the virtual MAC may cause issues in forming the PPPoE connection. Change the group ID value in the HA config to fix this issue:
config system ha
set group-id <integer value>
end
Afterward, try to reform the PPPoE connection. If issues still persist, run the following commands to troubleshoot the issue:
diag debug console timestamp enable
diag debug app ppp -1
diag debug app pppoed -1
diag debug enable
Disable debugging with 'diag debug disable' when finished. Additionally, run packet sniffer:
diag sniffer packet <PPPoE_INTERFACE_NAME> none 6 0 l
Press CTRL+C to stop the packet sniffer at any time.
In the case where the customer does not accept to change the group-id. Another option to solve the issue is :
- Creating an EMAC VLAN underneath the HA wan1 network interface. This creates a MAC address that is unique on the ISP network and the PPPoE connection will come up.
For more info on troubleshooting PPPoE connections, refer to the following article:
Technical Tip: Troubleshooting PPPoE connection failed
|
