This article describes how to setup Tier-1 MCLAG-ICL and how to troubleshoot it in managed FortiSwitches after version 7.X.X.
FortiSwtich, Setup steps from MCLAG-ICL configs and Troubleshooting.
Configure FortiLink on FortiGate.
Step 1: Enable FortiLink and authorize FortiSwitch.
Troubleshooting Fortilink and MCLAG issues.
If Fortiswitch is not up, verify the below setting:
On FortiGate CLI:
execute switch-controller get-conn-status <----- Should show authorized/up and should have an IP address from the FortiLink interface.
exe switch-controller diagnose-connection <serial_number><----- Check for any warnings in this output.
On FortiSwitch CLI:
get sys interface <----- IP Address should be assigned on the internal interface from FortiLink interface IP.
diagnose switch trunk summary <----- Trunk should be formed with the uplink port.
If the trunk is not forming, check below:
Before Version V7.2.0:
config switch global
set switch-mgmt-mode fortilink
end
After Version V7.2.0:
config switch auto-network
set mgmt-vlan 4094
set status enable
end
config switch physical-port
edit port<>
set lldp-profile default-auto-isl ----- lldp profile needs to be set.
end
diagnose sys ntp status <----- Should be reachable and in sync with FortiLink IP Address.
get sys status <----- Time needs to be in sync.
If the switch is still not coming up after the above checks, reach out to Technical support with the output of the following from FortiGate CLI.
execute switch-controller get-conn-status
exe switch-controller diagnose-connection
get sys status
diagnose debug report
show full
If MCLAG-ICL is not forming or flapping on the FortiSwitches, check below:
diagnose switch trunk summary <----- Make sure trunk is up.
diagnose switch mclag-peer-consistency check <----- all inconsistencies needs to be cleared.
diagnose switch mclag icl <----- Should see the correct peer port.
diagnose switch physical-port linerate <portno> <----- Make sure Rx and Tx is passing on the port.
diagnose stp instance list<----- Check for TCN events and any loops.
If peer FortiSwitches are still not up, reach out to Technical support with the output of the above commands.
Notes:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.