|
In these 1XX series switch, DHCP-snooping can only be enabled on 25 VLANS.
Additional VLAN with DHCP-snooping enabled won't be pushed until and unless the DHCP-snooping is disabled.
In scenarios of FortiSwitch managed by FortiGate, following error is seen when more than 25 VLANS with DHCP-snooping enabled is tried to push:
# execute switch-controller get-sync-status all
Managed-devices in current vdom root:
FortiLink interface : fortilink
SWITCH (NAME) STATUS CONFIG MAC-SYNC HTTP-UPGRADE
S108EF59XXXXXXXX Up SyncError SyncError Idle
[1]
command: https://169.254.1.6/api/v2/cmdb/switch/vlan/108
payload: { "json": { "id": "108", "description": "108", "dhcp-snooping": "enable", "dhcp-server-access-list": [ ], "dhcp-snooping-verify-mac": "disable", "dhcp-snooping-option82": "disable", "arp-inspection": "disable", "igmp-snooping": "disable", "access-vlan": "disable" } }
result : {
"http_method":"PUT",
"status":"error",
"http_status":400,
"vdom":"root",
"path":"switch",
"name":"vlan",
"mkey":"108",
"cmdb-index":"945",
"cmdb-checksum":"5119181017930907725",
"serial":"S108EF5919000859",
"version":"v6.4.9",
"build":488,
"timestamp":"2022-08-23T09:24:17Z",
"error_reason":"ACL-ID not available for VLAN 108\n"
On FortiSwitch, If a user tries to enable DHCP-snooping on more than 25 VLANS following error is seen:
# config switch vlan
edit 108
set dhcp-snooping enable
end
error locating available acl_id for VLAN 108
ACL-ID not available for VLAN 108
attribute set operator error, -9999, roll back the setting
Command fail. Return code -9999
Note: DHCP-snooping can be enabled on 25 VLANS but on the same switch more vlans (without DHCP-snooping) can be configured as per datasheet.
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSwitch_Secure_Access_Series.pd...
|
