I have a pair of fortiswitches configured with mc-lag icl. im running into an issue when i attempt to create a trunk. I want to use port 21 on switch 1 and port 21 on switch 2 but i am not able to select them . they do not show in the list?
what is preventing this? i dont see any configuration on the ports... just seems weird. i should be able to use any ports I want.
they are 24 port switches model 1024D. can anyone fortiswitch guru's chime in here? Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
They are probably used somehow in the configuration. Check if there is any reference to these interferences.
Check if those ports are already assigned to something else, like maybe they're part of another VLAN or something. Also, verify if the switches are recognizing the ports correctly.
Hi @blackstark,
To check interface references, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-Check-Referenced-Objects/ta-p/19481...
Regards,
If you configure and activate MCLAG you have to be aware of namings of interface, port, physical port, trunk, and trunkgoup.
For my understanding - or in my opinion:
a classical trunk ( or classical portchannel (static, lacp active, lacp slave)) is located an one physical switch.
a trunkgroup ( also called MCLAG-Static, MCLAG-Active, MCLAG-Slave) described a combination of a portgroup over two switches.
fswitch1 # show full-configuration switch interface esxr71_Mgmt_TG
config switch interface
edit "esxr71_Mgmt_TG"
set description ''
set native-vlan 999
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-mac-binding global
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set mld-snooping-flood-reports disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 74
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set default-cos 0
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set sticky-mac disable
set log-mac-event disable
set nac disable
next
end
fswitch2 # show full-configuration switch trunk esxr71_Mgmt_TG
config switch trunk
edit "esxr71_Mgmt_TG"
set port-selection-criteria src-dst-ip
set description ''
set mode static
set bundle disable
set auto-isl 0
set fortilink 0
set isl-fortilink 0
set mclag enable
set static-isl disable
set static-isl-auto-vlan enable
set members "port24"
next
end
Example for a MC-LAG Static (without LACP)
!!! TG=TrunkGroup
In the following Example we try to use native vlan 999 (untagged/access) to the Trunkgroup named esxr71_Mgmt_TG which bind physical port 24 of switch fswitch1 + fswitch2 to an MCLAG-Static for a static Portchannel for Vshere ESXI vswitch0 Management (called Nic-Teaming).
fswitch1 (esxr71_Mgmt_TG) ## show
config switch trunk
edit "esxr71_Mgmt_TG"
set mclag enable
set members "port24"
next
end
fswitch1 (esxr71_Mgmt_TG) # get
name : esxr71_Mgmt_TG
trunk-id : 1
port-selection-criteria: src-dst-ip
description : (null)
mode : static
bundle : disable
auto-isl : 0
fortilink : 0
isl-fortilink : 0
mclag : enable
static-isl : disable
static-isl-auto-vlan: enable
members : port24
fswitch1 # show switch interface esxr71_Mgmt_TG
config switch interface
edit "esxr71_Mgmt_TG"
set native-vlan 999
set snmp-index 74
next
end
fswitch1 # show full-configuration switch physical-port port24
config switch physical-port
edit "port24"
set cdp-status disable
set description "esxr71 Eth 13/1 vSwitch0 Mgmt VLAN 999"
set dmi-status global
set egress-drop-mode enabled
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set priority-based-flow-control disable
set speed auto-module
set status up
set storm-control-mode global
next
end
----
!!! TG=TrunkGroup
fswitch2 (esxr71_Mgmt_TG) ## show
config switch trunk
edit "esxr71_Mgmt_TG"
set mclag enable
set members "port24"
next
end
fswitch2 (esxr71_Mgmt_TG) # get
name : esxr71_Mgmt_TG
trunk-id : 1
port-selection-criteria: src-dst-ip
description : (null)
mode : static
bundle : disable
auto-isl : 0
fortilink : 0
isl-fortilink : 0
mclag : enable
static-isl : disable
static-isl-auto-vlan: enable
members : port24
fswitch2 # show full-configuration switch physical-port port24
config switch physical-port
edit "port24"
set cdp-status disable
set description "esxr71 Eth 13/1 vSwitch0 Mgmt VLAN 999"
set dmi-status global
set egress-drop-mode enabled
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set priority-based-flow-control disable
set speed auto-module
set status up
set storm-control-mode global
next
end
fswitch2 # show switch interface esxr71_Mgmt_TG
config switch interface
edit "esxr71_Mgmt_TG"
set native-vlan 999
set snmp-index 74
next
end
fswitch2 # diagnose switch physical-ports summary port24
Portname Status Tpid Vlan Duplex Speed Flags Discard
__________ ______ ____ ____ ______ _____ ____________ _________
port24 up 8100 999 full 10G ,TS, none
Flags: QS(802.1Q) QE(802.1Q-in-Q,external) QI(802.1Q-in-Q,internal)
TS(static trunk) TF(forti trunk) TL(lacp trunk); MD(mirror dst)
MI(mirror ingress) ME(mirror egress) MB(mirror ingress and egress)
CF (Combo Fiber), CC (Combo Copper) LL(LoopBack Local) LR(LoopBack Remote)
fswitch2 # diagnose switch mclag peer-consistency-check esxr71_Mgmt_TG
** Comparing "switch.trunk" config ....OK
** Comparing "switch.interface" config ....OK
** Comparing "switch.physical-port" config ....OK
** Comparing "switch.stp.instance" config ....OK
Comparing "LAG state"
-------------------
local ports port24
local inactive ports none
Peer ports port24
Peer inactive ports none
LAG state UP
Comparing "STP state"
-------------------
Local active-LAG ports port24
Local active ports FORWARDING
Remote active-LAG ports port24
Remote active ports FORWARDING
show / debug / verify:
show full-configuration switch interface esxr71_Mgmt_TG
show switch physical-port port24
show full-configuration switch trunk esxr71_Mgmt_TG
diagnose switch trunk list esxr71_Mgmt_TG
diagnose switch trunk summary esxr71_Mgmt_TG
diagnose switch physical-ports summary port24
diagnose switch mclag peer-consistency-check esxr71_Mgmt_TG
Hi everyone I lived same issue same problem And I could not find any solution ,please help me how can I exactly same problem
Can you specify your problem(s) with grafical snippset and / or show commands ?
Yes I checked there is no references interface that why it reason but ı recognize when I change de a vlan on wifi switch controller for that switch inteface ,switch can not apply this configuration adn when I connect to switch cli ssh and I recognized that interface which I changed the vlan on fortigate< wifi siwitc controller < fortiswitch ports ,there is no change on switch cli,I mean I use fortilink and my swtiches are managed swtich but I can not change any configuration realy my swtich ,but it is i teresting I dont see any issue for that switch and it seems autharize to fortilink,maybe that the reason for my problem how can I solve that ?
Can your show the wanted vlan and the configuring port in the Gui ?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.