Multiple switches on a FortiGate not working

spackr · ‎04-15-2020

I am adding another building to an existing network and I am trying to create the following network setup:

[1st building]

cable modem ISP --> fortigate firewall --> JGS524NA --> cable to 2nd building

[2nd building]

cable from first building --> JGS524NA --> internal network of computers

The 1st building network has been excellent and has an existing switch to expand and support the onprem devices. Now I am trying to extend this network into a second building (less than 100m) away.

Here's the problem - when I plug in the cable from the first building into the new switch - its like the switch isn't even working - no lights show that the cable is plugged in. When I plug the cable directly into my laptop - it works just fine and I can get DHCP address.

But when I plug that cable into the switch and attach other devices to the switch - no other device will work.

Some observations:

[ol]

I purchased another switch - to rule out a hardware problem - same problem.

I also noted that when I plug in an old ($30 linksys router) everything works fine.[/ol]

So my concern is that somewhere the fortigate is not allowing the switch to work (for some reason).

As of now, I have tried connecting the switch directly to the 3 LAN interface on the firewall (rather than to the switch), but still have the same behavior.

When attaching multiple switches, do I need a dedicated interface?

Any thoughts on the above would be greatly appreciated!

lobstercreed · ‎04-15-2020

This really isn't a Fortinet-related query as the problem seems to somehow be cabling related. When you plugged in your laptop and it worked, were you in the 2nd building at the end of the same cable that you're plugging into the 2nd switch? I would use a network tester and make sure the cable run is good, because it sounds like something is messed up (maybe a T568A/B issue, idk).

Another thing to prove it is cabling and not something else (really no way the FortiGate would have anything to do with a link that's not even connected to it coming up or not)... Try moving the 2nd switch to the first building and plug in on the same port the 1st switch with a shorter patch cable. If still no link then something is wrong with the port config (though I think those are unmanaged switches?).

View solution in original post

ede_pfau · ‎04-29-2020

Frankly, you should not connect different buildings with a copper cable at all.

Ground potential could be different so that a current will flow between both grounds. I've seen this happening with some amperes flowing across a cable, thereby destroying the network card and nearly causing a fire.

If the distance is too far you're lucky. You will have to buy 2 converters anyway, so why not get a copper-to-fiber type and pull some fiber cable across? Instead of dedicated converters (which may have their merits) you could use simple (L2) unmanaged, desktop, fanless switches with 5 or 8 ports, one of which being an SFP port.

Depending on your FGT model the fiber could even be terminated directly in a FGT SFP port.

Just so afterwards you can't say I didn't warn you...

Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

lobstercreed · ‎04-15-2020

This really isn't a Fortinet-related query as the problem seems to somehow be cabling related. When you plugged in your laptop and it worked, were you in the 2nd building at the end of the same cable that you're plugging into the 2nd switch? I would use a network tester and make sure the cable run is good, because it sounds like something is messed up (maybe a T568A/B issue, idk).

Another thing to prove it is cabling and not something else (really no way the FortiGate would have anything to do with a link that's not even connected to it coming up or not)... Try moving the 2nd switch to the first building and plug in on the same port the 1st switch with a shorter patch cable. If still no link then something is wrong with the port config (though I think those are unmanaged switches?).

spackr · ‎04-16-2020

@lobstercreed - yes, you were right, I took the switch and plugged it directly into the fortigate and it worked just fine. I worked with technical support and we concluded the cable is too long (over the 100m) restriction. I'll be purchasing a repeater and that should solve this problem

sw2090 · ‎04-28-2020

Also take care that you don't build up Network loops. Moden Switches do have a loop protection enabled that will disable the port if it detects a loop. As you wrote of cable from AND to building #2 that may be an issue too.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

ede_pfau · ‎04-29-2020

Frankly, you should not connect different buildings with a copper cable at all.

Ground potential could be different so that a current will flow between both grounds. I've seen this happening with some amperes flowing across a cable, thereby destroying the network card and nearly causing a fire.

If the distance is too far you're lucky. You will have to buy 2 converters anyway, so why not get a copper-to-fiber type and pull some fiber cable across? Instead of dedicated converters (which may have their merits) you could use simple (L2) unmanaged, desktop, fanless switches with 5 or 8 ports, one of which being an SFP port.

Depending on your FGT model the fiber could even be terminated directly in a FGT SFP port.

Just so afterwards you can't say I didn't warn you...

Ede

"Kernel panic: Aiee, killing interrupt handler!"