Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- Lacework
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortiswitch 108e showing offline
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortiswitch 108e showing offline
Hello,
Recently acquired a FS 108E-POE. I factory reset the switch to ensure I was starting from scratch. I connected it to my Fortigate 70f through a dedicated fortilink port. The fortigate detects the switch, I was able to register the switch, but the switch is still showing offline. I ensured that the time was synced, rebooted several times, but cannot get it to come "online". Below is what I get from the fortigate when diagnosing:
FortiGate-70F # execute switch-controller get-conn-status
Managed-devices in current vdom root:
FortiLink interface : fortilink
SWITCH-ID VERSION STATUS FLAG ADDRESS JOIN-TIME NAME
S108EP5920004250 N/A Authorized/Down - 0.0.0.0 N/A -
Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3
Managed-Switches: 1 (UP: 0 DOWN: 1)
FortiGate-70F # execute switch-controller get-conn-status S108EP5920004250
Get managed-switch S108EP5920004250 connection status:
Admin Status: Authorized
Connection: Idle
Diagnosing...
FGT can not detect S108EP5920004250 at fortilink.
Please Check FortiGate:
CAPWAP in fortilink is enabled.
Please Check FortiSwitch:
1. S108EP5920004250 is in FortiLink mode.
2. S108EP5920004250 is managed via fortilink.
3. Execute 'execute switch-controller diagnose-connection S108EP5920004250' for further details.
FortiGate-70F # execute switch-controller diagnose-connection S108EP5920004250
Fortilink interface ... OK
fortilink enabled
DHCP server ... OK
fortilink enabled
NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled
ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:4 T:10 selected
server-version=3, stratum=1
reference time is ea6e5e80.0 -- UTC Tue Aug 20 00:14:56 2024
clock offset is 0.000203 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 50 msec
HA mode ... disabled
Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 3 seconds ago
No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
CAPWAP
Remote Address : N/A
Status ... Idle
FortiGate-70F # execute switch-controller diagnose-connection
Fortilink interface ... OK
Fortilink enabled
Fortilink interface ... OK
fortilink enabled
DHCP server ... OK
Fortilink enabled
DHCP server ... OK
fortilink enabled
NTP server ... FAIL
Fortilink not enabled
NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled
ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:4 T:10 selected
server-version=3, stratum=1
reference time is ea6e5c80.0 -- UTC Tue Aug 20 00:06:24 2024
clock offset is 0.000099 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 26 msec
any ideas what I could possibly do to get this switch to show online?
Labels:
- Labels:
-
FortiGate
-
FortiSwitch
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @saltwaffles,
What is the versions of FortiOS and FortiSwitch OS?
Please ensure that Security Fabric is enabled on the FortiLink interface.
Please refer to the following articles for further troubleshooting guidance and next steps.
FortiSwitch is unable to get online on Fo... - Fortinet Community
FortiSwitch cannot come online on FortiGa... - Fortinet Community
Managed FortiSwitch onboarding Troublesho... - Fortinet Community
Thanks,
Amandeep
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS - FortiGate-70F v7.0.15,build0632,240401 (GA.M) - I downgraded from 7.2.8 for troubleshooting purposes ( Obviously it did not work)
FortiswitchOS - FortiSwitch-108E-POE v6.2.3,build0202,191223 (GA)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this is the reason
NTP server ... FAIL
Fortilink not enabled
Use this guide to correct it.
Best Regards.
Secure Access Team LATAM TAC
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Adolfo_Z_H ,
In my original post, there was an error for NTP, and then right below that error, NTP was "OK". I ensured that Security Fabric was enabled on the Fortilink port and default VLAN for Fortilink, and now it is showing NTP Server OK:
FortiGate-70F # execute switch-controller diagnose-connection S108EP5920004250
Fortilink interface ... OK
fortilink enabled
DHCP server ... OK
fortilink enabled
NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled
ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:3 T:8 selected
server-version=3, stratum=1
reference time is ea6e6d80.0 -- UTC Tue Aug 20 01:18:56 2024
clock offset is -0.000856 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 11 msec
HA mode ... disabled
Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 1 seconds ago
No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
CAPWAP
Remote Address : N/A
Status ... Idle
I do not knot why it is showing "No CAPWAP IP address retrieved as I can successfully SSH into the switch from the Fortigate through the Fortilink Interface.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
for some reason, you have 2 fortilink interfaces enabled on your FGT devices
FortiGate-70F ## execute switch-controller diagnose-connectio
Fortilink interface ... OK
Fortilink enabled
Fortilink interface ... OK
fortilink enabled
One of them is healthy other is NTP misconfigured. please be sure wich one are you intended to use.
if technically is posible to use many Fortilink interfaces, it does not make sense if you dont want to separate control planes (ie, DMZ devices, Data center devices, Access devices)
maybe it is best for you delete no used Fortilink interfaces and troubleshoot remaining one.
Secure Access Team LATAM TAC
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250 <--- Means device is not capable to build CAPWAP tunnel for management. Most Frecuent cause of this issue is NTP sync fail between FGT and FSW.
Secure Access Team LATAM TAC
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, there is a second interface labeled "Fortilink", but it is disabled and there are no ports assigned to that interface. I am unable to delete it because there are references tied to it. That shouldn't be causing this issue though, right?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please do this fix
Enable the NTP server mode on the FortiLink interface. There must be an entry for the FortiLink interface in the configuration in order to use it as a server.
This is a configuration example on Fortigate CLI:
config system ntp
set ntpsync enable
set server-mode enable <- enable server mode if necessary
set interface "uplink" "lan" <- "fortilink” is not listed on this configuration - add the FortiLink interface
end
Secure Access Team LATAM TAC
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to delete the other Fortilink interface and now that error is no longer present:
execute switch-controller diagnose-connection S108EP5920004250
Fortilink interface ... OK
fortilink enabled
DHCP server ... OK
fortilink enabled
NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled
ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:1 T:7 selected
server-version=3, stratum=1
reference time is ea6e7900.0 -- UTC Tue Aug 20 02:08:00 2024
clock offset is 0.000472 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 98 msec
HA mode ... disabled
Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 2 seconds ago
No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
CAPWAP
Remote Address : N/A
Status ... Idle
NTP Seems fine now, but still getting No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- What FortiOS Event Logs should i... 207 Views
- FortiSwitch standalone offline 383 Views
- fortiswitch showing offline 712 Views
- FortiGate 120G SFP/DAC to FortiSwitch 224E-PoE:... 163 Views
Labels
-
FortiGate
7,873 -
FortiClient
1,572 -
5.2
801 -
FortiManager
659 -
5.4
639 -
FortiAnalyzer
505 -
6.0
416 -
FortiAP
411 -
FortiSwitch
410 -
5.6
362 -
FortiClient EMS
351 -
FortiMail
296 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
187 -
SSL-VPN
163 -
FortiNAC
153 -
IPsec
146 -
6.4
128 -
FortiGuard
124 -
FortiGateCloud
98 -
FortiSIEM
93 -
FortiCloud Products
93 -
FortiToken
84 -
SD-WAN
81 -
Customer Service
74 -
Wireless Controller
72 -
4.0MR3
64 -
FortiAuthenticator
61 -
FortiProxy
52 -
Firewall policy
51 -
FortiEDR
50 -
FortiADC
49 -
Fortivoice
47 -
FortiDNS
41 -
High Availability
40 -
FortiExtender
39 -
VLAN
39 -
FortiSandbox
38 -
FortiGate v5.4
35 -
ZTNA
35 -
FortiSwitch v6.4
33 -
DNS
33 -
LDAP
33 -
Routing
31 -
BGP
30 -
SAML
29 -
Interface
29 -
Certificate
29 -
NAT
26 -
FortiConnect
25 -
SSO
25 -
FortiWAN
24 -
Authentication
24 -
FortiGate v5.2
23 -
RADIUS
23 -
FortiConverter
22 -
VDOM
21 -
FortiLink
21 -
Virtual IP
19 -
Web profile
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Logging
17 -
FortiMonitor
16 -
Traffic shaping
16 -
Fortigate Cloud
15 -
FortiDDoS
15 -
Application control
15 -
FortiGate v5.0
14 -
SSL SSH inspection
14 -
FortiCASB
12 -
OSPF
12 -
SSID
12 -
FortiManager v5.0
11 -
SNMP
11 -
FortiPAM
11 -
Static route
11 -
Web application firewall profile
11 -
IP address management - IPAM
11 -
FortiRecorder
10 -
Admin
10 -
WAN optimization
10 -
4.0MR2
9 -
FortiSOAR
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiGate v4.0 MR3
8 -
FortiManager v4.0
8 -
FortiBridge
8 -
Automation
8 -
System settings
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
RMA Information and Announcements
7 -
IPS signature
7 -
Traffic shaping policy
7 -
Proxy policy
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Security profile
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiTester
5 -
Users
5 -
Port policy
5 -
3.6
4 -
FortiDeceptor
4 -
FortiToken Cloud
4 -
FortiScan
4 -
FortiDirector
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
DLP sensor
4 -
Email filter profile
4 -
Fabric connector
4 -
Web rating
4 -
Fortinet Engage Partner Program
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
Internet service database
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Netflow
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
FortiNDR
2 -
Application signature
2 -
Protocol option
2 -
Replacement messages
2 -
Schedule
2 -
Service
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
API
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
Authentication rule and scheme
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1 -
Cloud Management Security
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.