Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BreakerBoy
New Contributor III

FortiGate won't let standalone switch be a standalone

New to Fortinet, so please bear with me.

 

I have a new Forti network environment managed by a FortiGate (7.0.12) and have trouble setting up a standalone switch (7.4). I do not want this switch managed by the FG at all. When I initially set up this switch, I set it up as managed, but when I realized that configuration wouldn't work I set it up as a standalone. This switch does appear in in FG managed Fortiswitches.

 

Each time I connect this switch to its uplink, that port goes from displaying my native vlan to displaying the name of the switch. (The native vlan is not set to data.fortilink.) When I hover over the name it shows "Dedicated to connect to peer FortiSwitch." I can't ping the switch once connected to the network. After disconnecting the uplink and waiting for a few minutes, the native vlan changes from switch name back to my original native vlan.

 

I've tried resetting via the recessed button several times, all to no avail. When I configure as standalone, the switch is not uplinked. Only afterward do I uplink and then the port change happens.

 

I assume this happens because I originally set up this switch as managed, and for some reason it won't let go. I ran across this:

https://docs.fortinet.com/document/fortiswitch/7.4.1/fortilink-guide/173266/discovering-authorizing-...

I tried the suggested command: execute switch-controller switch-action set-standalone <switch-id>

The problem is, switch-action is not available. Nor is execute switch switch-action available.

 

All I need is a basic, standalone switch.

Any help is greatly appreciated.

BB
BB
1 Solution
dbu

Have a look here :

Converting to FortiSwitch Standalone

https://docs.fortinet.com/document/fortiswitch/6.4.2/devices-managed-by-fortios/64268/optional-setup...

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

10 REPLIES 10
dbu
Staff
Staff

Hi Josh, 

Have you deauthorized the switch and remove from the security fabric ? 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
BreakerBoy
New Contributor III

I thought you might ask that. Yes, I tried but was not successful. I can deauthorize the switch but cannot remove. I get an error stating that the "Entry is used. * The entry is used by other 1 entries."

 

I've googled that as well as searched here, but couldn't find anything that helped. I assume that switch is associated with something, I just don't know what or where. Remember, new Forti guy, here.

 

Under Security Fabric > Fabric Connectors, it tells me to authorize the highlighted devices. This is the screen where I tried to delete.

BB
BB
Toshi_Esumi
Esteemed Contributor III

Did you disable switch-controller feature at your FGT?

config system global

  set switch-controller disable

end

 

Toshi

BreakerBoy

(Clicked the accept as solution button accidentally. Sorry)

 

No, I didn't. I have 8 other managed switches that need to stay that way.

BB
BB
dbu
Staff
Staff

Then look for any reference, usually you should have a column called Ref. 
You need to make sure it shows value (0) . If it shows different number than click on it and it will show where it is referred in configuration.

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
BreakerBoy
New Contributor III

Ok, duh! I've done that many other places but didn't think of it here. Alright, it's deleted now. What is the appropriate next step? Wipe the switch and configure again? Does it matter when I uplink?

BB
BB
dbu

Have a look here :

Converting to FortiSwitch Standalone

https://docs.fortinet.com/document/fortiswitch/6.4.2/devices-managed-by-fortios/64268/optional-setup...

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
BreakerBoy
New Contributor III

Well, like I mentioned in the OP, that command isn't available.

"command parse error before 'switch-action'

Command fail. Return code -61"

 

execute switch-controller ?

clear-nac-mac-cache   Clear FortiSwitch NAC MAC cache.

delete-nac-mac-cache Delete FortiSwitch NAC MAC cache entry.

get-conn-status           Get fortiswitch connection status.

get-nac-mac-cache     Get FortiSwitch NAC MAC cache.

 

 

BB
BB
BreakerBoy
New Contributor III

Working on this now. I realized that command needs to run on the Fortigate, not the switch itself.

BB
BB
Labels
Top Kudoed Authors