- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortiswitch Onboard via Aruba
to IT gurus.
What must be done on the Aruba switch port in order for Fortiswitch to initiate?
As of right now, the Aruba switch serves as our lone connection to FortiGate while we work to manage a new Fortiswitch. See the following quick topology.
- Fortigate connected to Aruba ( Trunk port Native Vlan1 ,)
- Aruba ( Trunk port Native Vlan1 ,) connected to Fortiswitch (Port 49 trunk, Native vlan1)
Fortigate sees the Fortiswitch and Athorises it however its status : "offline", "port disconnected"
Logs from Fortigate:
Switch-Controller authorized
CAPUTP session status notification
Switch-Controller Tunnel Up
Switch-Controller Switch Sync Error - Message global-lldp-settings failed:-13
Switch-Controller Switch Sync Error - Message global-lldp-profile failed:1
Switch-Controller Switch Sync Error -Message qos.dscp-map failed:-7621
NAC MAC cache sync - NAC MAC cache cleared on switch S14xxxxxxxxx port (null)
Switch-Controller Tunnel Down - CAPWAP Tunnel Down
CAPUTP session status notification -Message S1xxxxxxxxxxx echo message timed out
Switch-Controller Switch Sync Error-Message Config download failed
Switch-Controller Switch Sync Error - Message qos.queue-policy failed:-7621
Switch-Controller Daemon Log (Critical) Message - port add failed with default-vlan=_default
Switch-Controller Daemon Log (Critical) Message - port add failed for port1
Has anyone done it before, and is there an idea for how we can onboard Fortiswitch via Aruba switch?
cheers
Solved! Go to Solution.
- Labels:
-
FortiSwitch
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Alan,
the command of set source-ip fixed should be run in FortiGate:
fortiGateLab (port5) # show
config system interface
edit "port5"
set vdom "root"
set fortilink enable
set switch-controller-source-ip fixed <----
set ip 10.10.250.1 255.255.255.0
set allowaccess ping fabric
In addition to that check the following guide steps:
Make sure NTP and Native vlan are set as per the troubleshooting guide.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Alan1212,
is the FortiSwitch configured as per guide for FortiLink L3 mode?
Check the following: https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801182/fortilink-mod...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks, I've tried to follow the doco but Fortiswitch with 7.2 firmware do not have those commands anymore to convert Ports with L3 modes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Alan,
which commands exactly?
The doc for 7.2 Firmware: https://docs.fortinet.com/document/fortiswitch/7.2.9/fortilink-guide/801182/fortilink-mode-over-a-la...
|
Starting in FortiOS 7.2.1, the
config switch trunk edit <trunk_name> set static-isl enable set static-isl-auto-vlan {enable | disable} next end |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi sx11
I've followed this KB, here's the command output. Despite I've set the port49 as DHCP and all vlans on upswitch aruba's trunk port is allowed the port does not get any IP or can ping the fortigate.
--------------------------------------------------
S148F (port49) # config system interface
SS148F (port49) # edit port49
S148F set switch-controller-source-ip-fixed
command parse error before 'switch-controller-source-ip-fixed'
Command fail. Return code -61
S148F # config switch-controller global
S148F (global) # set ac-discovery-type static
S148F (global) # config ac-list
S148F (ac-list) #
new entry '1' added
S148F (global) ## set ac-discovery-type dhc
S148F (global) # setu ac-dhscp-option-code 138
S148F (trunk) # edit
name Trunk name.
S148F (trunk) # edit tr1
new entry 'tr1' added
S148F9 (tr1) # set set static-isl enable
S148F (tr1) # set static-isl-auto-vlan enable
S148F (tr1) # set members port49
S148F (tr1) # next
S148F (trunk) # end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Alan,
the command of set source-ip fixed should be run in FortiGate:
fortiGateLab (port5) # show
config system interface
edit "port5"
set vdom "root"
set fortilink enable
set switch-controller-source-ip fixed <----
set ip 10.10.250.1 255.255.255.0
set allowaccess ping fabric
In addition to that check the following guide steps:
Make sure NTP and Native vlan are set as per the troubleshooting guide.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sx11 thank you for the hints.
The fortiswitch is showing in FortiGate under Wifi&switch Controller/Fortiswitch Cleints now. The trunk ports on Aruba and Fortisiwtch are allowed to pass all necessary vlans and the fortiswitch's ports' are manageable from "Fortiswitch Ports" on Fortigate. it will allow us to work in this area for now until we'll get a dedicated link to FortiGate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's good news! Happy to have helped.
Regards