Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ahamza89
New Contributor

Switch disconnecting frequently

facing an issue with one of the access switch is going offline again and again. 

 

Fortigate as a controller running a on 6.4.9

Core Switch 1048E running v 6.4.11

Access Switch 124F running v6.4.11

 

Ntp is synced. only on switch 124F is having an issue.

 

core switch connected as MCLAG Peers other access swi has below configuration

 

config switch trunk
edit "E48T0000000213-0"   ----->>>>> to another Core SW 1048E
set mode lacp-active
set auto-isl 1
set mclag-icl enable
set members "port45"
next
edit "G6H00000000"  ------->>>  TO Fortigate
set auto-isl 1
set fortilink 1
set mclag enable
set members "port48"
next
edit "4FF00000009417-0"  -------------->>>> Access Sw 124F connected
set mode lacp-active
set auto-isl 1
set mclag enable
set members "port2"
next

 **************************************

************* Troubled switch logs 

 

connectivity

 

ahamza89_2-1662625717884.png

 

 

ahamza89_1-1662625390286.png

 

 

 

 

 

1 Solution
gfleming

6.4 is pretty stable. If all your switches are on same 6.4.11 then keep it that way IMO.

Cheers,
Graham

View solution in original post

18 REPLIES 18
gfleming
Staff
Staff

have you ruled out layer 1 (Cable, transceiver, interface errors, other connectivity issues?)

 

also am i reading this correctly? is the 124F connected to two different switches (two different trunk interfaces, *453-0 and *432-0)? what if you keep it connected to only one switch at a time?

Cheers,
Graham
ahamza89

Most of the Switches are connected in same way.

 


in actual design 2 of 3 124Fs have direct connections to 1048 and . 3rd 124F will have two trunks with each of two 124Fs.

 

 

gfleming

OK so the 124F that is disconnecting frequently is *371?

 

It is normally connected via two trunks to *432 and *453?


So far correct?

 

If so, what happens if you only keep on of the trunks active to either *432 or *452.


Also, have you looked at the interface stats. Any errors or disconnects there?

Cheers,
Graham
ahamza89

trunk config for *432

ahamza89_0-1662804646574.png

 

Trunk Config on Switch *453

 

ahamza89_1-1662804888168.png

 

I disable and enable trunk ports on other online switches, troubled switch came online. Don't know what actually happened here.

 

Troubled SW Trunk config.

 

ahamza89_2-1662806063734.png

 

 

 

gfleming

OK so it looks like you are splitting F7-SW-Y's trunk between two switches that are not in an MC-LAG config. That is probably your issue.

 

If SW-Z and SW-X were configured in MC-LAG then this split trunk would work but as of now it's going to constantly be erroring out as SW-Y thinks its talking to one switch, not two.

Cheers,
Graham
ahamza89

Almost 30 switches are configured in same format XYZ as these switches.
actual design is:

Sw-X connects to CORE-X

sw-Y connects to CORE-Y

SW-z connects to SW-X & SW-Y

SW-X & SW-Y have trunk between them 

 

what configuration mistake

I have done here , can you please guide me through. Do you need to look in Core Switch trunk/MCLAG configuration. 

ahamza89_0-1662826615834.png

 

 

gfleming

Are SW-X & SW-Y configured as MC-LAG peers with an ICL and upstream connectivity to the MC-LAG Core switch?

 

What you are describing is a multi-tiered MC-LAG topology which, from what I can tell with the info you have provided is not configured properly on your side. I could be wrong though as I said the info is not 100% clear right now.

 

Have a look here for more info and see if it makes sense to you what I am talking about: https://docs.fortinet.com/document/fortiswitch/7.2.1/fortilink-guide/801194/deploying-mclag-topologi...

Cheers,
Graham
ahamza89

Core SW-X trunk config

 

ahamza89_0-1662827188577.png

 Similar to all other FN-SW-X & Y

gfleming

So on FN-SW-X and -Y you have the same config "set mclag enable" "set auto-isl 1" etc? Can you show it?

Cheers,
Graham
Labels
Top Kudoed Authors