I am trying to configure our core Cisco 9300 to pass vlan traffic to Standalone Fortiswitch FS-224E. I have a ticket opened with both Cisco and Fortinet and have had both engineers on the phone but we were not able to get it to work. Does anyone have this kind of setup that is working properly? Also, do I have to setup a different port to manage the fortiswitch? I have set a static ip to the internal interface but once I trunk the port on the cisco side i lose management and cannot ping the ip or get to the gui, I have cisco port 36 trunked and goes to directly to fortiswitch port 1 (I've tried trunking and tried without trunking set allow vlans and nothing works), I set a static route. Not sure what I'm missing but support has been no help on the Forti side. Have verified the trunk works on the cisco with another cisco trunked and vlans and traffic do work,
This is my Cisco Interface
interface GigabitEthernet1/0/36
description uplink to Fortiswitch
switchport trunk allowed vlan 100,200
switchport mode trunk
switchport nonegotiate
I have test this trunk to another Cisco and the vlans do pass.
Fortiswitch I've configured port 1 2 ways,
edit port1
set allowed-vlans 1,100,200
and I've also configured a trunk and added port 1 neither work.
This is what I got, the 9300 i pinged from was 10.76.2.1
S224ENTF23006427 # diag sniffer packet sp1
interfaces=[sp1]
filters=[none]
pcap_lookupnet: sp1: no IPv4 address assigned
0.429978 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
1.009970 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
1.069989 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
1.229974 802.1Q vlan#100 P0 -- fe80::d76f:d0b0:97a1:6ca9.58347 -> ff02::c.3702: udp 656 [flowlabel 0x57ab0] [hlim 1]
1.539976 802.1Q vlan#200 P0 -- arp who-has 172.16.2.147 tell 172.16.2.1
1.669967 802.1Q vlan#100 P6 -- 10.76.2.1 -> 224.0.0.10: ip-proto-88 40
1.674475 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
1.674538 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
2.030321 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
2.050317 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
2.795764 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
2.795823 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
2.796775 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
2.797215 802.1Q vlan#100 P0 -- 10.76.2.174.60979 -> 224.0.0.252.5355: udp 27
2.799981 802.1Q vlan#100 P0 -- 10.76.2.174.61590 -> 224.0.0.252.5355: udp 27
3.009993 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
3.040761 802.1Q vlan#200 P0 -- 172.16.2.72.65125 -> 239.255.255.250.1900: udp 176
3.050311 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
3.224637 802.1Q vlan#100 P0 -- 10.76.2.174.60979 -> 224.0.0.252.5355: udp 27
3.224702 802.1Q vlan#100 P0 -- 10.76.2.174.61590 -> 224.0.0.252.5355: udp 27
3.539968 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
3.674509 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
3.674575 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
3.794901 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
3.794960 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
3.880001 802.1Q vlan#100 P0 -- arp who-has 10.76.2.204 tell 10.76.2.1
4.030318 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
4.050326 802.1Q vlan#200 P0 -- 172.16.2.72.65125 -> 239.255.255.250.1900: udp 176
4.053182 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
4.300000 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
4.379990 802.1Q vlan#200 P6 -- 172.16.2.1 -> 224.0.0.10: ip-proto-88 40
4.559979 802.1Q vlan#200 P0 -- arp who-has 172.16.2.147 tell 172.16.2.1
5.009984 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
5.047547 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
5.047689 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
5.048087 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
5.048235 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
5.048698 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
5.048751 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
5.049252 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
5.049296 802.1Q vlan#100 P0 -- 10.76.2.174.57640 -> 224.0.0.252.5355: udp 27
5.049571 802.1Q vlan#100 P0 -- 10.76.2.174.63812 -> 224.0.0.252.5355: udp 27
5.049841 802.1Q vlan#100 P0 -- 10.76.2.174.53262 -> 224.0.0.252.5355: udp 27
5.049881 802.1Q vlan#100 P0 -- 10.76.2.174.62355 -> 224.0.0.252.5355: udp 27
5.059988 802.1Q vlan#200 P0 -- 172.16.2.72.65125 -> 239.255.255.250.1900: udp 176
5.461307 802.1Q vlan#100 P0 -- 10.76.2.174.62355 -> 224.0.0.252.5355: udp 27
5.461369 802.1Q vlan#100 P0 -- 10.76.2.174.53262 -> 224.0.0.252.5355: udp 27
5.461528 802.1Q vlan#100 P0 -- 10.76.2.174.63812 -> 224.0.0.252.5355: udp 27
5.461570 802.1Q vlan#100 P0 -- 10.76.2.174.57640 -> 224.0.0.252.5355: udp 27
5.499982 802.1Q vlan#1 P0 -- loopback
5.678737 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
5.678804 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
5.795848 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
5.795910 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
6.030329 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
6.046275 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
6.046834 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
6.046881 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
6.050308 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
6.073860 802.1Q vlan#200 P0 -- 172.16.2.72.65125 -> 239.255.255.250.1900: udp 176
6.219970 802.1Q vlan#100 P6 -- 10.76.2.1 -> 224.0.0.10: ip-proto-88 40
6.259982 802.1Q vlan#200 P0 -- 172.16.2.10.138 -> 172.16.3.255.138: udp 201
6.277060 802.1Q vlan#200 P0 -- 172.16.2.81.5353 -> 224.0.0.251.5353: udp 102
6.279970 802.1Q vlan#200 P0 -- 192.168.210.1.5353 -> 224.0.0.251.5353: udp 194
6.539987 802.1Q vlan#200 P0 -- 172.16.2.10.5353 -> 224.0.0.251.5353: udp 96
6.545970 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
6.546021 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
7.009978 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
7.059988 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
7.306482 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
7.306630 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
7.307017 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
7.307065 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
7.307435 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
7.307477 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
7.308297 802.1Q vlan#100 P0 -- 10.76.2.174.49283 -> 224.0.0.252.5355: udp 27
7.308367 802.1Q vlan#100 P0 -- 10.76.2.174.62066 -> 224.0.0.252.5355: udp 27
7.308766 802.1Q vlan#100 P0 -- 10.76.2.174.51777 -> 224.0.0.252.5355: udp 27
7.308810 802.1Q vlan#100 P0 -- 10.76.2.174.51731 -> 224.0.0.252.5355: udp 27
7.559988 802.1Q vlan#200 P0 -- 172.16.2.10.5353 -> 224.0.0.251.5353: udp 96
7.674688 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
7.674756 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
7.729854 802.1Q vlan#100 P0 -- 10.76.2.174.51731 -> 224.0.0.252.5355: udp 27
7.729918 802.1Q vlan#100 P0 -- 10.76.2.174.51777 -> 224.0.0.252.5355: udp 27
7.730134 802.1Q vlan#100 P0 -- 10.76.2.174.62066 -> 224.0.0.252.5355: udp 27
7.739588 802.1Q vlan#100 P0 -- 10.76.2.174.49283 -> 224.0.0.252.5355: udp 27
8.030318 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
8.058799 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
8.060345 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
8.061723 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
8.309590 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
8.309907 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
8.309995 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
8.569972 802.1Q vlan#200 P0 -- arp who-has 172.16.2.147 tell 172.16.2.1
8.709990 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 350
8.824545 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 350
8.824611 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
8.829982 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
8.859966 802.1Q vlan#100 P0 -- arp who-has 10.76.2.204 tell 10.76.2.1
8.929423 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 350
8.929994 802.1Q vlan#200 P6 -- 172.16.2.1 -> 224.0.0.10: ip-proto-88 40
9.040781 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 348
9.050320 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
9.095546 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
9.141177 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 348
9.249981 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 348
9.359977 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 336
9.469979 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 336
9.574621 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
9.574678 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
9.575773 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
9.576251 802.1Q vlan#100 P0 -- 10.76.2.174.50681 -> 224.0.0.252.5355: udp 27
9.577558 802.1Q vlan#100 P0 -- 10.76.2.174.64908 -> 224.0.0.252.5355: udp 27
9.579983 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 336
9.676224 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
9.676289 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
9.689999 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 424
9.799995 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 424
9.909970 802.1Q vlan#200 P0 -- 172.16.2.181.49860 -> 239.255.255.250.1900: udp 424
9.988329 802.1Q vlan#100 P0 -- 10.76.2.174.64908 -> 224.0.0.252.5355: udp 27
9.988388 802.1Q vlan#100 P0 -- 10.76.2.174.50681 -> 224.0.0.252.5355: udp 27
10.030321 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
10.059976 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
10.319987 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
10.569312 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
10.569373 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
10.868771 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.1
11.009990 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
11.059979 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
11.067013 802.1Q vlan#200 P0 -- 172.16.2.181.138 -> 172.16.3.255.138: udp 201
11.071161 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
11.089133 802.1Q vlan#100 P6 -- 10.76.2.1 -> 224.0.0.10: ip-proto-88 40
11.677025 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
11.677095 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
11.765226 802.1Q vlan#200 P0 -- 172.16.2.80.60328 -> 172.16.3.255.1947: udp 40
11.765294 802.1Q vlan#200 P0 -- 172.16.2.80.60329 -> 255.255.255.255.1947: udp 40
11.825957 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
11.826022 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
11.827053 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
11.827403 802.1Q vlan#100 P0 -- 10.76.2.174.55003 -> 224.0.0.252.5355: udp 27
11.829969 802.1Q vlan#100 P0 -- 10.76.2.174.63373 -> 224.0.0.252.5355: udp 27
12.050322 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
12.169979 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
12.249624 802.1Q vlan#100 P0 -- 10.76.2.174.63373 -> 224.0.0.252.5355: udp 27
12.249685 802.1Q vlan#100 P0 -- 10.76.2.174.55003 -> 224.0.0.252.5355: udp 27
12.579982 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
12.831177 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
12.831245 802.1Q vlan#100 P0 -- 10.76.2.174.5353 -> 224.0.0.251.5353: udp 33
12.839992 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.1
13.009972 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
13.059991 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
13.339984 802.1Q vlan#100 P0 -- 10.76.2.174.137 -> 10.76.2.255.137: udp 50
13.675628 802.1Q vlan#200 P6 -- 172.16.2.1 -> 224.0.0.10: ip-proto-88 40
13.678281 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
13.678350 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
13.859967 802.1Q vlan#100 P0 -- arp who-has 10.76.2.204 tell 10.76.2.1
14.030317 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
14.055488 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
14.685201 802.1Q vlan#100 P0 -- 10.76.2.164.5353 -> 224.0.0.251.5353: udp 43
14.685259 802.1Q vlan#100 P0 -- fe80::e0d7:eee6:e29:fae6.5353 -> ff02::fb.5353: udp 43 [flowlabel 0x80675] [hlim 1]
14.839985 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.1
15.144257 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
15.409970 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
15.499965 802.1Q vlan#1 P0 -- loopback
15.676132 802.1Q vlan#100 P0 -- 10.76.2.164.5353 -> 224.0.0.251.5353: udp 43
15.676192 802.1Q vlan#100 P0 -- fe80::e0d7:eee6:e29:fae6.5353 -> ff02::fb.5353: udp 43 [flowlabel 0x80675] [hlim 1]
15.679252 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
15.679321 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
16.067773 802.1Q vlan#100 P0 -- 172.16.2.77 -> 224.0.0.1: ip-proto-2 8
16.067878 802.1Q vlan#100 P6 -- 10.76.2.1 -> 224.0.0.10: ip-proto-88 40
16.069305 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
16.070650 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
16.229971 802.1Q vlan#200 P0 -- 172.16.2.19.138 -> 172.16.3.255.138: udp 201
16.389992 802.1Q vlan#1 P0 -- Ether type 0x22 printer havn't been added to sniffer.
16.566220 802.1Q vlan#200 P0 -- arp who-has 172.16.2.147 tell 172.16.2.1
16.842446 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.1
17.009981 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
17.059976 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
17.679539 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
17.679612 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
18.030318 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
18.050308 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
18.062789 802.1Q vlan#200 P6 -- 172.16.2.1 -> 224.0.0.10: ip-proto-88 40
18.839987 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.1
18.869983 802.1Q vlan#100 P0 -- arp who-has 10.76.2.204 tell 10.76.2.1
19.009981 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
19.050316 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
19.299707 802.1Q vlan#200 P0 -- 172.16.2.20.137 -> 172.16.3.255.137: udp 50
19.299975 802.1Q vlan#200 P0 -- 172.16.2.20.5353 -> 224.0.0.251.5353: udp 36
19.301207 802.1Q vlan#200 P0 -- 172.16.2.20.5353 -> 224.0.0.251.5353: udp 36
19.301265 802.1Q vlan#200 P0 -- 172.16.2.20.53691 -> 224.0.0.252.5355: udp 30
19.309984 802.1Q vlan#200 P0 -- 172.16.2.20.57106 -> 224.0.0.252.5355: udp 30
19.679812 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
19.679881 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
19.712377 802.1Q vlan#200 P0 -- 172.16.2.20.53691 -> 224.0.0.252.5355: udp 30
19.719967 802.1Q vlan#200 P0 -- 172.16.2.20.57106 -> 224.0.0.252.5355: udp 30
20.030319 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
20.050313 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
20.051734 802.1Q vlan#200 P0 -- 172.16.2.20.137 -> 172.16.3.255.137: udp 50
20.299897 802.1Q vlan#200 P0 -- 172.16.2.20.5353 -> 224.0.0.251.5353: udp 36
20.309975 802.1Q vlan#200 P0 -- 172.16.2.20.5353 -> 224.0.0.251.5353: udp 36
20.509971 802.1Q vlan#100 P6 -- 10.76.2.1 -> 224.0.0.10: ip-proto-88 40
20.829976 802.1Q vlan#200 P0 -- 172.16.2.20.137 -> 172.16.3.255.137: udp 50
21.030327 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
21.059997 802.1Q vlan#100 P0 -- arp who-has 10.76.2.205 tell 10.76.2.74
21.681474 802.1Q vlan#100 P7 -- Ether type 0x32 printer havn't been added to sniffer.
21.681550 802.1Q vlan#200 P7 -- Ether type 0x32 printer havn't been added to sniffer.
21.989985 802.1Q vlan#200 P0 -- fe80::2390:7575:fa91:50a.546 -> ff02::1:2.547: udp 57 [flowlabel 0x8e73b] [hlim 1]
22.030322 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
22.969970 802.1Q vlan#200 P6 -- 172.16.2.1 -> 224.0.0.10: ip-proto-88 40
23.009984 802.1Q vlan#200 P0 -- arp who-has 172.16.2.82 tell 172.16.2.81
^C
212 packets received by filter
0 packets dropped by kernel
Created on 04-23-2024 08:12 AM Edited on 04-23-2024 08:13 AM
So the C9300 is sending ARP request for 10.76.2.205 to return its MAC address on VLAN 100 but the 224E side is not returning any ARP reply. Definitely Cisco side is fine but a FSW config problem.
Let's go back to the starting point and show us below:
- show switch physical-port port1
- show switch interface port1
- show switch interface internal
- show system interface
By the way, what's your FortiSwitchOS version?
Toshi
S224ENTF23006427 # show switch physical-port port1
config switch physical-port
edit "port1"
set lldp-profile "default-auto-isl"
set speed auto
next
end
S224ENTF23006427 # show switch interface port1
config switch interface
edit "port1"
set allowed-vlans 100,200
set auto-discovery-fortilink enable
set packet-sampler enabled
set packet-sample-rate 1
set snmp-index 1
next
end
S224ENTF23006427 # show switch interface internal
config switch interface
edit "internal"
set allowed-vlans 100
set stp-state disabled
set snmp-index 29
next
end
S224ENTF23006427 # show system int
config system interface
edit "mgmt"
set mode dhcp
set allowaccess ping https ssh
set type physical
set secondary-IP enable
set snmp-index 31
set defaultgw enable
config secondaryip
edit 1
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh
next
end
next
edit "internal"
set ip 10.76.2.205 255.255.255.0
set allowaccess ping https ssh
set type physical
set snmp-index 30
next
end
FortiSwitch-224E v7.2.4,build0444,230317
Created on 04-23-2024 08:23 AM Edited on 04-23-2024 08:56 AM
config switch interface
edit port1
set auto-discovery-fortilink disable
next
edit internal
unset allowed-vlans
set native-vlan 100
next
end
Then try again.
Toshi
Awesome, that worked I can ping the switch now with the ports trunked. And for assigning Vlans to ports native Vlan should stay at 1 and allowed vlans should be either 100 or 200 depending on which one I want them on?
If you want to make a port to access port VLAN 200 on FSWs, you need to make native-vlan 200, then you don't have to configure anything in allowed-vlans.
Toshi
Thanks you have been beyond helpful, this is now working for me. If i want to copy all of the current configuration to a notepad for future reference what command can I run from cli? I know on cisco i do something similar using show run command.
From CLI, I would do just "show" at the top of CLI hierarchy while saving the session into a file at the terminal emulator software.
Toshi
Ok, so new issue, when I put the switch in the building where it's going to go, what's going on now is that when I power cycle the switch I lose access to it I can only connect using cli. Any idea?
Update: The settings are saving the issue is with the internal port,
it is set to this
config switch interface
edit internal
set native-vlan 100
Somehow it is losing that config, when I console back in and add that to port 1 I gain access to gui and ping.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.