Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Thonno
New Contributor II

Created on ‎07-10-2024 12:09 PM

FortiSwitch over a non-Fortinet Switch

Howdy
I'm asking for your help with a problem with the infrastructure I'm implementing.

 

I have a FortiGate with a fortilink interface configured.

The infrastructure requires one, or more, not fortinet switches between FortiGate and FortiSwitch.

 

For example:

FGT.png

The third-party switch is configured as follows:

  • int 1 (connected to the FortiGate fortilink)
    • Native VLAN 1
      allowed VLAN 400,401...
  • int 2 and int 3 (both connected to interfaces 24 of the two Fortiswitches)
    • Native VLAN 1
      allowed vlan 400,401....

Fortiswitches take IP directly from the fortilink physical interface.

 

The problem I'm having is that every once in a while fortiswitches go offline.

If I go to enable the Fortilink Split interface and turn it off again, the fortiswitches come back up.

Do you know how I can fix it?

 

 

Labels:
389
0 Kudos
5 REPLIES 5
clubinski
New Contributor II

Created on ‎07-10-2024 12:30 PM

Did you read on Fortilink over layer 3? 

 

You create a layer 3 vlan id and pass it through the 3rd switch to the Fortiswitches as an interface on the Fortilink Interface from the Gate.

 

 

https://docs.fortinet.com/document/fortiswitch/7.4.4/fortilink-guide/801182/fortilink-mode-over-a-la...

 

 

I ran into a similar issue but was unable to remove vlan 1 from production in order to get Fortilink enabled. I instead just ran the switches as standalone until the switch between was replaced with Fortinet. 

 

 

381
Thonno
New Contributor II
In response to clubinski

Created on ‎07-10-2024 01:37 PM

Hi and thanks for the help.

 

I don’t need L3 implementation, cause everything shall be connected in the same Layer 2 VLAN.


What I didn't understand is whether it's okay to have vlan 1 as native vlan on the 3rd switch or whether native vlan 4094 should be configured.

 

I’ll try tomorrow this guide, hoping for a success try.

https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801183/fortilink-ove...

359
0 Kudos
Thonno
New Contributor II

Created on ‎07-11-2024 05:39 AM

Further tests have shown that the FortiSwitches simply lose "sync" with the FortiGate, while the data connection between the various devices continues to work.

 

If, for example, I ping a device behind one of the offline FortiSwitches from FortiGate, I receive a response to the packets.

 

I've tried to set up fortlink-p2p but I always get the problem.

 

If I try to diagnose the FortiSwitch, I get "No CAPWAP IP address retrieved for FortiSwitch S448ENTFxxxxxxxx" error 


Fortilink, DHCP and NTP give me OK.

The fortiswitches switch interface is in DHCP mode and correctly receive IP from the Fortilink interface of the FortiGate.

 

Already tried everything from this guide:
Fix FortiSwitch showing with the 'Off... - Fortinet Community

297
hbac
Staff
Staff
In response to Thonno

Created on ‎07-11-2024 06:03 AM

Hi @Thonno,

 

Based on your diagram, FortiSwitches should be connected to each other for Inter Switch Link (ISL) connection. 

 

Regards, 

292
Thonno
New Contributor II
In response to hbac

Created on ‎07-13-2024 07:46 AM

Hello, due to physical distance between the two FortiSwitches it is not possible for me to connect them to each other.

We solved this by converting the devices to Standalone and configuring them as "simple" Switches.

Thanks anyway to everyone for the help!

229
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.