FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
mmontes
Staff
Staff
Purpose
This article explains why when connecting the FortiSwitch, there are no authorization to the FortiGate´s interface, enabled with FortiLink.

Expectations, Requirements
Access to the FortiGate and verify that the 'Dedicated to FortiSwitch' feature is enabled into the interfaces that connects to the FortiSwitches.
Troubleshooting
Run the following debug via CLI to check the FortiLink negotiation status:
# diag debug reset
# diag debug disable
# diag debug application fortilinkd -1
# diag debug enable

Some errors can appear like following ones showing that the FortiSwitch is not being authorized:
164s:474ms:56us flp_event_handler[605]:node: FortiLink received event 102 state FL_STATE_WAIT_CONN switchname S124DNXXXXXXXXXX flags 0x401      <-- In the FortiLink, will appear the real name the interface enabled with the FortiLink Feature
164s:474ms:83us flps_fsm_transition[138]:node: FortiLink(peer:S124DNXXXXXXXXXX owner:) | state: 0 | event: 102
164s:474ms:111us fl_switch_addlink[1016]:Discovery pkt being processed for switch S124DNXXXXXXXXXX tlv(1)
164s:474ms:214us fl_adjust_logical_portname[776]:port FortiLink does not have parent interface
164s:475ms:312us fl_is_switch_propperties_changed[321]:Change detected for switch S124DNXXXXXXXXXX old(1) new(1)

164s:475ms:351us fl_is_switch_propperties_changed[378]:fl_is_switch_propperties_changed: faceplate (len:316) <model type="s124dn">       <portgroup id="portgroup1" rows="2" label="">               <port id="port" switch_name="fsw" num="24"/>       </portgroup>       <portgroup id="portgroup2" rows="1" label="SFP">               <port id="port" start="25" switch_name="fsw" type="fiber"  num="2"/>       </portgroup></model>
164s:481ms:139us fl_add_switch_ports[649]:Add switch portcount 26 port(port)
164s:493ms:237us fl_switch_authorize[885]:Commit Failed for switch S124DNXXXXXXXXXX
164s:493ms:292us fl_switch_authorize[888]:auto-authorize for switch S124DNXXXXXXXXXX

Once previous errors are identified, following debug will help to identify that FortiLink interface is using vlan 1:
# diag debug reset
# diag debug disable
# diag debug cli 8
# diag debug enable

Outputs will appear as follow:
0: edit "vsw.FortiLink"                 <-- In the FortiLink, will appear the real name of the of the interface enabled with the FortiLink Feature0: set vdom "root"
0: set interface "FortiLink"
0: set vlanid 1
-651: end
0: config switch-controller managed-switch
0: edit "S124DNXXXXXXXXX"
0: set fsw-wan1-admin enable
0: config system interface
In the output of the previous debug, the vlan 1 is used for FortiLink negotiation.
Therefore, check that into the FortiLink main physical interface, there are no interface vlan configured using the vlan 1.
If there is,  change the vlan 1 of the vlan interface to another one and make sure to disable the debug as follow once troubleshooting is finished:

# diag debug reset
# diag debug disable



Contributors