Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
laltuzar
Staff
Staff

Created on ‎08-06-2023 11:24 PM

Article Id 267633

Troubleshooting Tip: FortiSwitch cannot come online on FortiGate

Description

 

This article describes how to fix when a FortiSwitch cannot come online on FortiGate. When running the command 'execute switch-controller diagnose-connection <FSW_SN>' it displays the following output:

 

FGT-RAU-1 # execute switch-controller diagnose-connection S124E**********


Fortilink interface ... OK
fortilink enabled
WARNING : VLAN interface for default vlan-id is missing ... please check config <-

DHCP server ... OK
fortilink enabled
WARNING : NTP service for DHCP entry should be set to local mode .... please check config <-

 

Scope

 

FortiGate-60F-7.0.9.

FortiSwitch-124E-FPOE v7.2.3.

 

Solution

 

During the remote session, the customer did not have a VLAN 1 created. Let’s remember that by default it is generated on FortiGate and should not be used for any other purpose different than for FortiLink.

 

No VLAN 1 on FortiSwitch VLANsNo VLAN 1 on FortiSwitch VLANs

 

On the CLI, there was a VLAN with the name '_default' and vlanid1 but when trying to modify the VLAN id with the command vlanid x, the process fails:

 

VLAN _default could not be modifiedVLAN _default could not be modified

 

So a new VLAN was created with the name vsw.fortilink, although the name could have been any other.

 

VLAN 1 created from scratchVLAN 1 created from scratch

 

After the VLAN was created, the message 'WARNING : VLAN interface for default vlan-id is missing ... please check config' on the FortiLink diagnose connection disappeared; now it was time to fix the DHCP warning.

 

VLAN error does not appear anymoreVLAN error does not appear anymore

 

The DHCP server (in this case it was the number 30) is configured, so it ended like this:

 

DHCP server configurationDHCP server configuration

 

 

 

config system ntp
    set ntpsync enable
    set type fortiguard
    set syncinterval 60
    set source-ip 0.0.0.0
    set source-ip6 ::
    set server-mode enable
    set authentication disable
    set interface "fortilink"
end

 

config system dhcp server
    edit 30
        set dns-service local
        set ntp-service local
        set default-gateway 172.19.X.X
        set netmask 255.255.255.0
        set interface "fortilink"
            config ip-range
                edit 1
                    set start-ip 172.19.X.X
                    set end-ip 172.19.X.X
                next
            end
        set vci-match enable
        set vci-string "FortiSwitch" "FortiExtender"
    next
end

 

After configuring it, reboot the FortiSwitch to default settings again to trigger the FortiLink process again. After this, the issue got resolved. FortiSwitch came online on FortiGate and on CLI:

 

FortiLink came up on CLIFortiLink came up on CLI

 

FortiLink came up GUIFortiLink came up GUI

1642
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.