Hi Community
I have issues with member ports of an LACP on one of our managed FortiSwitche
The setup is:
SW1 and SW2 are configured with MCLAG
The LACP from SW1 and SW2 towards SW3 has MCLAG enabled set.
I have verifyed MCLAG consistensy on SW1 and SW2 with:
'diagnose switch-controller switch-info mclag peer-consistency-check '
Everything is fine from that point of view.
The links towards SW3 is the ISL, and the LACP is auto configured when the switch joined.
I use 1Gbps SFP fiber optic modules.
My issue is, that one of the ports on SW3 is in suspended mode
Port 49 = up
Port 50 = suspended
I can't seem to fine any documents or articles on the web how to get closer to the root cause.
I have used the 'get switch lldp neighbors-summary' on all 3 switches, and they are able to detect each other.
I have tried changing the speed settings from (default) Auto-module, 1000full and 1000auto but this changes nothing.
'execute log display' on the switch doesn't give me anything, other then the ports are going down.
Any ideas suggestion how I can proceed?
I suspect STP could be a factor, but not found any commands to be used for verifying this.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @JonasV ,
It looks like an STP is blocking the port to ensure a loop-free layer-2 network.
Have a look here to check your configuration and status of the ports :
Hi @dbu.
Indeed I have though of it also.
But STP shouldn't be running on the indivual ports, but on the LACP link, yes?
I don't see STP blocking my ports.
However I came across a different discovery.
Additional information is needed here.
We have + 10 FortiSwitches connected to SW1 and SW2.
Eatch switch ISL is an LACP.
SW3 is connected from local port 49 and 50 to both SW1 and SW2 on port 3
SW4 is connected from local port 49 and 50 to both SW1 and SW2 on port 5
When running 'get switch lldp neighbor-summery' on both SW3 and SW4, they for some reason detected that port 50 on them are swaped.
SW3 port 49 --> SW2 port 3
SW3 port 50 --> SW1 port 5
SW4 port 49 --> SW2 port 5
SW4 port 50 --> SW1 port 3
On SW4, ISL LACP members are port 49 and 50, and port 50 is also in status suspended, just like SW3
Executing the 'get switch lldp neighbor-summery' on SW1 and SW2 shows correct neighbor link.
I have come to suspicion that something is off on SW1.
I'll await a windows of opportunity to reload SW1 to see if this resolves the issue.
Reboot of the MCLAG switch didn’t resolve the issue.
My team and I spend some time again testing.
A combination of shutdown, module status (transceiver info) and LLDP neighbor-summery on our SW1, SW3 and SW4 indicated that the Tx fiber wire somewhere in the Fiber distribution box could be switched around.
Our next step is to have this looked at.
Hi @ribak31
I'm not sure if your comment if related to my post?
This is physical Fortinet equipment, not virtual Cisco images.
Kind regards
Hello @JonasV ,
Did you solved the issue or have a clue with the Suspended interface?
It seems that we have same problem with a trunk-group made in 2 fortiswitches in MC-LAG, so the trunk are both port25. One of them Suspended.
Regards.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.