New to Fortinet, so please bear with me.
I have a new Forti network environment managed by a FortiGate (7.0.12) and have trouble setting up a standalone switch (7.4). I do not want this switch managed by the FG at all. When I initially set up this switch, I set it up as managed, but when I realized that configuration wouldn't work I set it up as a standalone. This switch does appear in in FG managed Fortiswitches.
Each time I connect this switch to its uplink, that port goes from displaying my native vlan to displaying the name of the switch. (The native vlan is not set to data.fortilink.) When I hover over the name it shows "Dedicated to connect to peer FortiSwitch." I can't ping the switch once connected to the network. After disconnecting the uplink and waiting for a few minutes, the native vlan changes from switch name back to my original native vlan.
I've tried resetting via the recessed button several times, all to no avail. When I configure as standalone, the switch is not uplinked. Only afterward do I uplink and then the port change happens.
I assume this happens because I originally set up this switch as managed, and for some reason it won't let go. I ran across this:
I tried the suggested command: execute switch-controller switch-action set-standalone <switch-id>
The problem is, switch-action is not available. Nor is execute switch switch-action available.
All I need is a basic, standalone switch.
Any help is greatly appreciated.
Solved! Go to Solution.
Have a look here :
Converting to FortiSwitch Standalone
Hi Josh,
Have you deauthorized the switch and remove from the security fabric ?
I thought you might ask that. Yes, I tried but was not successful. I can deauthorize the switch but cannot remove. I get an error stating that the "Entry is used. * The entry is used by other 1 entries."
I've googled that as well as searched here, but couldn't find anything that helped. I assume that switch is associated with something, I just don't know what or where. Remember, new Forti guy, here.
Under Security Fabric > Fabric Connectors, it tells me to authorize the highlighted devices. This is the screen where I tried to delete.
Did you disable switch-controller feature at your FGT?
config system global
set switch-controller disable
end
Toshi
(Clicked the accept as solution button accidentally. Sorry)
No, I didn't. I have 8 other managed switches that need to stay that way.
Then look for any reference, usually you should have a column called Ref.
You need to make sure it shows value (0) . If it shows different number than click on it and it will show where it is referred in configuration.
Ok, duh! I've done that many other places but didn't think of it here. Alright, it's deleted now. What is the appropriate next step? Wipe the switch and configure again? Does it matter when I uplink?
Have a look here :
Converting to FortiSwitch Standalone
Created on 10-10-2023 12:45 PM Edited on 10-10-2023 12:46 PM
Well, like I mentioned in the OP, that command isn't available.
"command parse error before 'switch-action'
Command fail. Return code -61"
execute switch-controller ?
clear-nac-mac-cache Clear FortiSwitch NAC MAC cache.
delete-nac-mac-cache Delete FortiSwitch NAC MAC cache entry.
get-conn-status Get fortiswitch connection status.
get-nac-mac-cache Get FortiSwitch NAC MAC cache.
Working on this now. I realized that command needs to run on the Fortigate, not the switch itself.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.