Description | This article describes how to resolve the issue where the user receives 'FortiLink: ISL timing-out for trunk(8EPTXXXX716-0)' on FortiSwitch. |
Scope | FortiSwitch. |
Solution |
From a CLI session in the FortiSwitch, enter:
execute log filter start-line 1
Refer to the following logs as an example of the Switch:
1: 1970-01-01 01:04:35 log_id=0106009008 type=event subtype=switch_controller pri=notice vd=root msg="FortiLink: ISL timing-out for trunk(8EPTF21000716-0) member port-num(52) port52 did not receive ISL pkt for(180) sec" 2: 1970-01-01 01:04:35 log_id=0106009008 type=event subtype=switch_controller pri=notice vd=root msg="FortiLink: ISL timing-out for trunk(8EPTF21000716-0) member port-num(51) port51 did not receive ISL pkt for(180) sec" 3: 1970-01-01 01:04:05 log_id=0106009008 type=event subtype=switch_controller pri=notice vd=root msg="FortiLink: ISL timing-out for trunk(8EPTF21000716-0) member port-num(52) port52 did not receive ISL pkt for(150) sec" 4: 1970-01-01 01:04:05 log_id=0106009008 type=event subtype=switch_controller pri=notice vd=root msg="FortiLink: ISL timing-out for trunk(8EPTF21000716-0) member port-num(51) port51 did not receive ISL pkt for(150) sec" 5: 1970-01-01 01:03:35 log_id=0106009008 type=event subtype=switch_controller pri=notice vd=root msg="FortiLink: ISL timing-out for trunk(8EPTF21000716-0) member port-num(52) port52 did not receive ISL pkt for(120) sec" 6: 1970-01-01 01:03:35 log_id=0106009008 type=event subtype=switch_controller pri=notice vd=root msg="FortiLink: ISL timing-out for trunk(8EPTF21000716-0) member port-num(51) port51 did not receive ISL pkt for(120) sec" 7: 1970-01-01 01:03:05 log_id=0106009008 type=event subtype=switch_controller pri=notice vd=root msg="FortiLink: ISL timing-out for trunk(8EPTF21000716-0) member port-num(52) port52 did not receive ISL pkt for(90) sec" 8: 1970-01-01 01:03:05 log_id=0106009008 type=event subtype=switch_controller pri=notice vd=root msg="FortiLink: ISL timing-out for trunk(8EPTF21000716-0) member port-num(51) port51 did not receive ISL pkt for(90) sec"
Sometimes, due to missing FortiLink packets from neighbours, the auto-created ISL trunk might face packet loss and generate the above logs.
To increase the stability and stop these messages, enable the static-isl on both the peer trunk interfaces.
For example: On both of the switches:
config switch trunk
Notice that there is a switch-recommendation available on FortiGate to achieve the same result automatically on all managed FortiSwitches.
Get fabric lockdown status:
FG # diagnose switch-controller switch-recommendation fabric-lockdown-check <FortiLink interface name>
Disable fabric lockdown:
FG # diagnose switch-controller switch-recommendation fabric-lockdown-disable <FortiLink interface name>
Enable fabric lockdown:
FG # diagnose switch-controller switch-recommendation fabric-lockdown-enable <FortiLink interface name>
When fabric lockdown is enabled, the FortiGate will push the 'static-isl enable' command to all the inter-switch link (ISL) trunks. But, it would not push the config to the FortiGate FortiLink trunk (trunk configured on the FortiSwitch port that's directly connected to FortiGate).
For example, the FortiSwitch(s) that are directly connected to the FortiGate form below trunk: configure 'set static-isl enable' manually on the trunk that's formed with the FortiGate.
config switch trunk
Before the recommendation:
After the recommendation:
|