Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johnlloyd_13
Contributor

Can't aggregate port1 and port2 in FG-201F

hi,

can't seem to aggregate port1 and port2 in a FG-201F.

i already factory reset the device.

i don't see port1 and port2 listed/available for the new aggregate interface (po1).

ports1-4 are patched to our cisco switch and they're green/up.

 

FW01 # config system interface

FW01 (interface) # edit "po1"
new entry 'po1' added

FW01 (po1) # set vdom "root"

FW01 (po1) # set type aggregate

FW01 (po1) # set member "port1" "port2"
node_check_object fail! for interface-name port1

value parse error before 'port1'
Command fail. Return code -651

 

FW01 (po1) # set member
interface-name Physical interface name.
ha interface
port17 interface
port18 interface
port19 interface
port20 interface
port21 interface
port22 interface
port23 interface
port24 interface
x1 interface
x2 interface
x3 interface
x4 interface

 

FW01 # show system interface
name Name.
ha static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
l2t.root static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable tunnel disable
lan static 0.0.0.0 0.0.0.0 192.168.100.99 255.255.255.0 up disable hard-switch disable
mgmt static 0.0.0.0 0.0.0.0 192.168.1.99 255.255.255.0 up disable physical disable
modem pppoe 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 down disable physical disable
naf.root static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable tunnel disable
po1 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable aggregate disable
port1 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port2 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port3 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port4 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port5 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port6 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port7 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port8 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port9 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port10 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port11 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port12 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port13 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port14 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port15 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port16 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port17 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port18 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port19 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port20 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port21 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port22 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port23 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
port24 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
ssl.root static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable tunnel disable
x1 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
x2 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
x3 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable
x4 static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical disable

 

FW01 # get system interface physical
== [onboard]
==[ha]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[mgmt]
mode: static
ip: 192.168.1.99 255.255.255.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[port1]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[port2]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[port3]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none
==[port4]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none

 

<SNIP>

 

 

Thanks,
John
Thanks,John
2 Solutions
hbac

Hi @johnlloyd_13,

 

I believe 'lan' is a default hardware switch and you can't delete it. However, you can just remove physical interfaces from it. To find object dependencies, please refer to the following links:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-Check-Referenced-Objects/ta-p/19481...

https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/163148/finding-object-depend...

 

Regards, 

View solution in original post

Toshi_Esumi
Esteemed Contributor III

You can always do "show | grep -f fortilink" at the top hierarchy of CLI tree.
But I believe the fortilink is always used in 1. config sys DHCP server and 2. config sys ntp.
For DHCP server you can simply remove it (likely "edit 2"). But for NTP, you can either disable the server mode (if you're not using the FGT as NTP server for devices on other interfaces) or remove the fortilink from the interface list.

Below is from 40F, but I think it's the same on 20xF.

config system ntp
    set ntpsync enable
    set server-mode enable
    set interface "fortilink"  <--- reference, "set server-mode disable" would remove this.
end

 

Toshi

View solution in original post

8 REPLIES 8
johnlloyd_13
Contributor

i saw it has a virtual switch and took the first 16 ports.

how do i "delete" the virtual switch in CLI and free up the these 16 ports?

 

FW01 # config system virtual-switch

FW01 (virtual-switch) # show
config system virtual-switch
edit "lan"
set physical-switch "sw0"
config port
edit "port1"
next
edit "port2"
next
edit "port3"
next
edit "port4"
next
edit "port5"
next
edit "port6"
next
edit "port7"
next
edit "port8"
next
edit "port9"
next
edit "port10"
next
edit "port11"
next
edit "port12"
next
edit "port13"
next
edit "port14"
next
edit "port15"
next
edit "port16"
next
end
next
end

Thanks,
John
Thanks,John
johnlloyd_13
Contributor

hi,

i tried to "free up" ports1-16 under the virtual-switch but can't delete "lan"

could someone advise what is the correct step/CLI?

 

FW01 # config system virtual-switch

FW01 (virtual-switch) # edit "lan"

FW01 (lan) # config port

FW01 (port) # delete port1

FW01 (port) # delete port2

FW01 (port) # delete port3

FW01 (port) # delete port4

FW01 (port) # delete port5

FW01 (port) # delete port6

FW01 (port) # delete port7

FW01 (port) # delete port8

FW01 (port) # delete port9

FW01 (port) # delete port10

FW01 (port) # delete port11

FW01 (port) # delete port12

FW01 (port) # delete port13

FW01 (port) # delete port14

FW01 (port) # delete port15

FW01 (port) # delete port16

FW01 (port) # end

FW01 (lan) # end


FW01 # config system virtual-switch

FW01 (virtual-switch) # delete
*name Name of the virtual switch.
lan

FW01 (virtual-switch) # delete lan
intf lan is used
command_cli_delete:6826 delete table entry lan unset oper error ret=-23
Command fail. Return code -23

Thanks,
John
Thanks,John
mle2802

Hi @johnlloyd_13.,
If you delete the port from virtual switch, it should be free up. Can you check again?

johnlloyd_13
Contributor

also, how do i remove these interface/config?

how to find its dependency. i lost GUI MGMT so i'm left with console/CLI only.

 

edit "lan"
set vdom "root"
set allowaccess ping https ssh fgfm fabric
set type hard-switch
set stp enable
set role lan
set snmp-index 35
next
edit "fortilink"
set vdom "root"
set allowaccess ping fabric
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 36

 

FW01 # config system interface

FW01 (interface) # delete lan
The entry is used by other 1 entries
Command fail. Return code -23

 

FW01 (interface) # delete fortilink
The entry is used by other 1 entries
Command fail. Return code -23

 

Thanks,
John
Thanks,John
hbac

Hi @johnlloyd_13,

 

I believe 'lan' is a default hardware switch and you can't delete it. However, you can just remove physical interfaces from it. To find object dependencies, please refer to the following links:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-Check-Referenced-Objects/ta-p/19481...

https://docs.fortinet.com/document/fortigate/7.4.2/administration-guide/163148/finding-object-depend...

 

Regards, 

Toshi_Esumi
Esteemed Contributor III

You can always do "show | grep -f fortilink" at the top hierarchy of CLI tree.
But I believe the fortilink is always used in 1. config sys DHCP server and 2. config sys ntp.
For DHCP server you can simply remove it (likely "edit 2"). But for NTP, you can either disable the server mode (if you're not using the FGT as NTP server for devices on other interfaces) or remove the fortilink from the interface list.

Below is from 40F, but I think it's the same on 20xF.

config system ntp
    set ntpsync enable
    set server-mode enable
    set interface "fortilink"  <--- reference, "set server-mode disable" would remove this.
end

 

Toshi

johnlloyd_13

hi,

i already removed NTP config.

 

FW01 # config system ntp

FW01 (ntp) # show
config system ntp
end

 

i saw there was a DHCP dependency for fortilink. deleted it and was able to remove fortilink. many thanks for your help!

 

FW01 # show | grep -f fortilink
config system interface
edit "fortilink" <---
set vdom "root"
set allowaccess ping fabric
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 36
next
end
config system dhcp server
edit 3
set ntp-service local
set default-gateway 10.255.1.1
set netmask 255.255.255.0
set interface "fortilink" <---
set vci-match enable
set vci-string "FortiSwitch" "FortiExtender"
next
end
config switch-controller storm-control-policy
edit "auto-config"
set description "storm control policy for fortilink-isl-icl port" <---
set storm-control-mode disabled
next
end

FW01 # config system dhcp server

FW01 (server) # delete 3

FW01 (server) # end

FW01 #
FW01 # config system interface

FW01 (interface) # delete fortilink

FW01 (interface) # end

FW01 #

 

 

Thanks,
John
Thanks,John
AEK
Honored Contributor

Hello

To recover WebUI access, just configure your management interface like this:

config system interface
edit mgmt
set ip 192.168.1.99/24
set allowaccess ping https ssh
end
end

You probably don't need to delete your "lan" and "fortilink" interfaces, just leave one unused interface in there and free up the others.

AEK
AEK
Labels
Top Kudoed Authors