Hello,
Recently acquired a FS 108E-POE. I factory reset the switch to ensure I was starting from scratch. I connected it to my Fortigate 70f through a dedicated fortilink port. The fortigate detects the switch, I was able to register the switch, but the switch is still showing offline. I ensured that the time was synced, rebooted several times, but cannot get it to come "online". Below is what I get from the fortigate when diagnosing:
FortiGate-70F # execute switch-controller get-conn-status
Managed-devices in current vdom root:
FortiLink interface : fortilink
SWITCH-ID VERSION STATUS FLAG ADDRESS JOIN-TIME NAME
S108EP5920004250 N/A Authorized/Down - 0.0.0.0 N/A -
Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3
Managed-Switches: 1 (UP: 0 DOWN: 1)
FortiGate-70F # execute switch-controller get-conn-status S108EP5920004250
Get managed-switch S108EP5920004250 connection status:
Admin Status: Authorized
Connection: Idle
Diagnosing...
FGT can not detect S108EP5920004250 at fortilink.
Please Check FortiGate:
CAPWAP in fortilink is enabled.
Please Check FortiSwitch:
1. S108EP5920004250 is in FortiLink mode.
2. S108EP5920004250 is managed via fortilink.
3. Execute 'execute switch-controller diagnose-connection S108EP5920004250' for further details.
FortiGate-70F # execute switch-controller diagnose-connection S108EP5920004250
Fortilink interface ... OK
fortilink enabled
DHCP server ... OK
fortilink enabled
NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled
ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:4 T:10 selected
server-version=3, stratum=1
reference time is ea6e5e80.0 -- UTC Tue Aug 20 00:14:56 2024
clock offset is 0.000203 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 50 msec
HA mode ... disabled
Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 3 seconds ago
No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
CAPWAP
Remote Address : N/A
Status ... Idle
FortiGate-70F # execute switch-controller diagnose-connection
Fortilink interface ... OK
Fortilink enabled
Fortilink interface ... OK
fortilink enabled
DHCP server ... OK
Fortilink enabled
DHCP server ... OK
fortilink enabled
NTP server ... FAIL
Fortilink not enabled
NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled
ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:4 T:10 selected
server-version=3, stratum=1
reference time is ea6e5c80.0 -- UTC Tue Aug 20 00:06:24 2024
clock offset is 0.000099 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 26 msec
any ideas what I could possibly do to get this switch to show online?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @saltwaffles,
What is the versions of FortiOS and FortiSwitch OS?
Please ensure that Security Fabric is enabled on the FortiLink interface.
Please refer to the following articles for further troubleshooting guidance and next steps.
FortiSwitch is unable to get online on Fo... - Fortinet Community
FortiSwitch cannot come online on FortiGa... - Fortinet Community
Managed FortiSwitch onboarding Troublesho... - Fortinet Community
Thanks,
Amandeep
FortiOS - FortiGate-70F v7.0.15,build0632,240401 (GA.M) - I downgraded from 7.2.8 for troubleshooting purposes ( Obviously it did not work)
FortiswitchOS - FortiSwitch-108E-POE v6.2.3,build0202,191223 (GA)
this is the reason
NTP server ... FAIL
Fortilink not enabled
Use this guide to correct it.
Best Regards.
Hi @Adolfo_Z_H ,
In my original post, there was an error for NTP, and then right below that error, NTP was "OK". I ensured that Security Fabric was enabled on the Fortilink port and default VLAN for Fortilink, and now it is showing NTP Server OK:
FortiGate-70F # execute switch-controller diagnose-connection S108EP5920004250
Fortilink interface ... OK
fortilink enabled
DHCP server ... OK
fortilink enabled
NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled
ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:3 T:8 selected
server-version=3, stratum=1
reference time is ea6e6d80.0 -- UTC Tue Aug 20 01:18:56 2024
clock offset is -0.000856 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 11 msec
HA mode ... disabled
Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 1 seconds ago
No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
CAPWAP
Remote Address : N/A
Status ... Idle
I do not knot why it is showing "No CAPWAP IP address retrieved as I can successfully SSH into the switch from the Fortigate through the Fortilink Interface.
for some reason, you have 2 fortilink interfaces enabled on your FGT devices
FortiGate-70F ## execute switch-controller diagnose-connectio
Fortilink interface ... OK
Fortilink enabled
Fortilink interface ... OK
fortilink enabled
One of them is healthy other is NTP misconfigured. please be sure wich one are you intended to use.
if technically is posible to use many Fortilink interfaces, it does not make sense if you dont want to separate control planes (ie, DMZ devices, Data center devices, Access devices)
maybe it is best for you delete no used Fortilink interfaces and troubleshoot remaining one.
No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250 <--- Means device is not capable to build CAPWAP tunnel for management. Most Frecuent cause of this issue is NTP sync fail between FGT and FSW.
Yes, there is a second interface labeled "Fortilink", but it is disabled and there are no ports assigned to that interface. I am unable to delete it because there are references tied to it. That shouldn't be causing this issue though, right?
Please do this fix
Enable the NTP server mode on the FortiLink interface. There must be an entry for the FortiLink interface in the configuration in order to use it as a server.
This is a configuration example on Fortigate CLI:
config system ntp
set ntpsync enable
set server-mode enable <- enable server mode if necessary
set interface "uplink" "lan" <- "fortilink” is not listed on this configuration - add the FortiLink interface
end
I was able to delete the other Fortilink interface and now that error is no longer present:
execute switch-controller diagnose-connection S108EP5920004250
Fortilink interface ... OK
fortilink enabled
DHCP server ... OK
fortilink enabled
NTP server ... OK
fortilink enabled
NTP server sync ... OK
synchronized: yes, ntpsync: enabled, server-mode: enabled
ipv4 server(132.163.96.1) 132.163.96.1 -- reachable(0xff) S:1 T:7 selected
server-version=3, stratum=1
reference time is ea6e7900.0 -- UTC Tue Aug 20 02:08:00 2024
clock offset is 0.000472 sec, root delay is 0.000244 sec
root dispersion is 0.000488 sec, peer dispersion is 98 msec
HA mode ... disabled
Fortilink
Status ... SWITCH_AUTHORIZED_READY
Last keepalive ... 2 seconds ago
No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
CAPWAP
Remote Address : N/A
Status ... Idle
NTP Seems fine now, but still getting No CAPWAP IP address retrieved for FortiSwitch S108EP5920004250
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1546 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.