Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
saltwaffles
New Contributor

Fortiswitch 108e showing offline

Hello,

 

Recently acquired a FS 108E-POE.  I factory reset the switch to ensure I was starting from scratch.  I connected it to my Fortigate 70f through a dedicated fortilink port.  The fortigate detects the switch, I was able to register the switch, but the switch is still showing offline.  I ensured that the time was synced, rebooted several times, but cannot get it to come "online".  Below is what I get from the fortigate when diagnosing:

 

FortiGate-70F # execute switch-controller get-conn-status
Managed-devices in current vdom root:

FortiLink interface : fortilink
SWITCH-ID VERSION STATUS FLAG ADDRESS JOIN-TIME NAME
S108EP5920004250 N/A Authorized/Down - 0.0.0.0 N/A -

Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3
Managed-Switches: 1 (UP: 0 DOWN: 1)

FortiGate-70F # execute switch-controller get-conn-status S108EP5920004250

Get managed-switch S108EP5920004250 connection status:
Admin Status: Authorized
Connection: Idle


Diagnosing...
FGT can not detect S108EP5920004250 at fortilink.
Please Check FortiGate:
CAPWAP in fortilink is enabled.
Please Check FortiSwitch:
1. S108EP5920004250 is in FortiLink mode.
2. S108EP5920004250 is managed via fortilink.
3. Execute 'execute switch-controller diagnose-connection S108EP5920004250' for further details.

 

FortiGate-70F # execute switch-controller diagnose-connection S108EP5920004250


Fortilink interface ... OK
fortilink enabled

DHCP server ... OK
fortilink enabled

NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled

ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:4 T:10 selected
server-version=3, stratum=1
reference time is ea6e5e80.0 -- UTC Tue Aug 20 00:14:56 2024
clock offset is 0.000203 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 50 msec


HA mode ... disabled


Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 3 seconds ago


No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
CAPWAP
Remote Address : N/A
Status ... Idle

 

 

FortiGate-70F # execute switch-controller diagnose-connection


Fortilink interface ... OK
Fortilink enabled

Fortilink interface ... OK
fortilink enabled

DHCP server ... OK
Fortilink enabled

DHCP server ... OK
fortilink enabled

NTP server ... FAIL
Fortilink not enabled

NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled

ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:4 T:10 selected
server-version=3, stratum=1
reference time is ea6e5c80.0 -- UTC Tue Aug 20 00:06:24 2024
clock offset is 0.000099 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 26 msec

 

any ideas what I could possibly do to get this switch to show online?

10 REPLIES 10
samandeep
Staff
Staff

Hello @saltwaffles,

 

What is the versions of FortiOS and FortiSwitch OS?

 

Please ensure that Security Fabric is enabled on the FortiLink interface.

 

Please refer to the following articles for further troubleshooting guidance and next steps.

 

FortiSwitch is unable to get online on Fo... - Fortinet Community

FortiSwitch cannot come online on FortiGa... - Fortinet Community

Managed FortiSwitch onboarding Troublesho... - Fortinet Community

 

Thanks,

Amandeep

saltwaffles

FortiOS - FortiGate-70F v7.0.15,build0632,240401 (GA.M) - I downgraded from 7.2.8 for troubleshooting purposes ( Obviously it did not work)

FortiswitchOS - FortiSwitch-108E-POE v6.2.3,build0202,191223 (GA)

Adolfo_Z_H
Staff
Staff

 

this is the reason

 

NTP server ... FAIL
Fortilink not enabled

 

Use this guide to correct it.

https://community.fortinet.com/t5/FortiSwitch/Technical-Tip-FortiSwitch-is-unable-to-get-online-on-F...

 

Best Regards.

Secure Access Team LATAM TAC
saltwaffles

Hi @Adolfo_Z_H ,

 

In my original post, there was an error for NTP, and then right below that error, NTP was "OK".  I ensured that Security Fabric was enabled on the Fortilink port and default VLAN for Fortilink, and now it is showing NTP Server OK:

 

FortiGate-70F # execute switch-controller diagnose-connection S108EP5920004250


Fortilink interface ... OK
fortilink enabled

DHCP server ... OK
fortilink enabled

NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled

ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:3 T:8 selected
server-version=3, stratum=1
reference time is ea6e6d80.0 -- UTC Tue Aug 20 01:18:56 2024
clock offset is -0.000856 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 11 msec


HA mode ... disabled


Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 1 seconds ago


No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
CAPWAP
Remote Address : N/A
Status ... Idle

 

I do not knot why it is showing "No CAPWAP IP address retrieved as I can successfully SSH into the switch from the Fortigate through the Fortilink Interface. 

Adolfo_Z_H

for some reason, you have 2 fortilink interfaces enabled on your FGT devices

 

FortiGate-70F ## execute switch-controller diagnose-connectio


Fortilink interface ... OK
Fortilink enabled

Fortilink interface ... OK
fortilink enabled

 

One of them is healthy other is NTP misconfigured. please be sure wich one are you  intended to use.

 

if technically is posible to use many Fortilink interfaces, it does not make sense if you dont want to separate control planes (ie, DMZ devices, Data center devices, Access devices) 

 

maybe it is best for you delete no used Fortilink interfaces and troubleshoot remaining one.

 

 

Secure Access Team LATAM TAC
Adolfo_Z_H

No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250 <--- Means device is not capable to build CAPWAP tunnel for management. Most Frecuent cause of this issue is NTP sync fail between FGT and FSW.

Secure Access Team LATAM TAC
saltwaffles

Yes, there is a second interface labeled "Fortilink", but it is disabled and there are no ports assigned to that interface.  I am unable to delete it because there are references tied to it.  That shouldn't be causing this issue though, right?

Adolfo_Z_H

Please do this fix

 

Enable the NTP server mode on the FortiLink interface. There must be an entry for the FortiLink interface in the configuration in order to use it as a server.

 

This is a configuration example on Fortigate CLI:

 

config system ntp

    set ntpsync enable

    set server-mode enable            <- enable server mode if necessary

    set interface "uplink" "lan"     <- "fortilink” is not listed on this configuration - add the FortiLink interface

end 

 

 

Secure Access Team LATAM TAC
saltwaffles

I was able to delete the other Fortilink interface and now that error is no longer present:

 

execute switch-controller diagnose-connection S108EP5920004250


Fortilink interface ... OK
fortilink enabled

DHCP server ... OK
fortilink enabled

NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled

ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:1 T:7 selected
server-version=3, stratum=1
reference time is ea6e7900.0 -- UTC Tue Aug 20 02:08:00 2024
clock offset is 0.000472 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 98 msec


HA mode ... disabled


Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 2 seconds ago


No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
CAPWAP
Remote Address : N/A
Status ... Idle

 

NTP Seems fine now, but still getting No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors