to IT gurus.
What must be done on the Aruba switch port in order for Fortiswitch to initiate?
As of right now, the Aruba switch serves as our lone connection to FortiGate while we work to manage a new Fortiswitch. See the following quick topology.
Fortigate sees the Fortiswitch and Athorises it however its status : "offline", "port disconnected"
Logs from Fortigate:
Switch-Controller authorized
CAPUTP session status notification
Switch-Controller Tunnel Up
Switch-Controller Switch Sync Error - Message global-lldp-settings failed:-13
Switch-Controller Switch Sync Error - Message global-lldp-profile failed:1
Switch-Controller Switch Sync Error -Message qos.dscp-map failed:-7621
NAC MAC cache sync - NAC MAC cache cleared on switch S14xxxxxxxxx port (null)
Switch-Controller Tunnel Down - CAPWAP Tunnel Down
CAPUTP session status notification -Message S1xxxxxxxxxxx echo message timed out
Switch-Controller Switch Sync Error-Message Config download failed
Switch-Controller Switch Sync Error - Message qos.queue-policy failed:-7621
Switch-Controller Daemon Log (Critical) Message - port add failed with default-vlan=_default
Switch-Controller Daemon Log (Critical) Message - port add failed for port1
Has anyone done it before, and is there an idea for how we can onboard Fortiswitch via Aruba switch?
cheers
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Alan,
the command of set source-ip fixed should be run in FortiGate:
fortiGateLab (port5) # show
config system interface
edit "port5"
set vdom "root"
set fortilink enable
set switch-controller-source-ip fixed <----
set ip 10.10.250.1 255.255.255.0
set allowaccess ping fabric
In addition to that check the following guide steps:
Make sure NTP and Native vlan are set as per the troubleshooting guide.
Hello Alan1212,
is the FortiSwitch configured as per guide for FortiLink L3 mode?
Check the following: https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801182/fortilink-mod...
thanks, I've tried to follow the doco but Fortiswitch with 7.2 firmware do not have those commands anymore to convert Ports with L3 modes.
Hi Alan,
which commands exactly?
The doc for 7.2 Firmware: https://docs.fortinet.com/document/fortiswitch/7.2.9/fortilink-guide/801182/fortilink-mode-over-a-la...
|
Starting in FortiOS 7.2.1, the
config switch trunk edit <trunk_name> set static-isl enable set static-isl-auto-vlan {enable | disable} next end |
hi sx11
I've followed this KB, here's the command output. Despite I've set the port49 as DHCP and all vlans on upswitch aruba's trunk port is allowed the port does not get any IP or can ping the fortigate.
--------------------------------------------------
S148F (port49) # config system interface
SS148F (port49) # edit port49
S148F set switch-controller-source-ip-fixed
command parse error before 'switch-controller-source-ip-fixed'
Command fail. Return code -61
S148F # config switch-controller global
S148F (global) # set ac-discovery-type static
S148F (global) # config ac-list
S148F (ac-list) #
new entry '1' added
S148F (global) ## set ac-discovery-type dhc
S148F (global) # setu ac-dhscp-option-code 138
S148F (trunk) # edit
name Trunk name.
S148F (trunk) # edit tr1
new entry 'tr1' added
S148F9 (tr1) # set set static-isl enable
S148F (tr1) # set static-isl-auto-vlan enable
S148F (tr1) # set members port49
S148F (tr1) # next
S148F (trunk) # end
Hi Alan,
the command of set source-ip fixed should be run in FortiGate:
fortiGateLab (port5) # show
config system interface
edit "port5"
set vdom "root"
set fortilink enable
set switch-controller-source-ip fixed <----
set ip 10.10.250.1 255.255.255.0
set allowaccess ping fabric
In addition to that check the following guide steps:
Make sure NTP and Native vlan are set as per the troubleshooting guide.
sx11 thank you for the hints.
The fortiswitch is showing in FortiGate under Wifi&switch Controller/Fortiswitch Cleints now. The trunk ports on Aruba and Fortisiwtch are allowed to pass all necessary vlans and the fortiswitch's ports' are manageable from "Fortiswitch Ports" on Fortigate. it will allow us to work in this area for now until we'll get a dedicated link to FortiGate.
That's good news! Happy to have helped.
Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.