- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: create new trunk in fortiswitch - unable to se...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
create new trunk in fortiswitch - unable to select some ports
I have a pair of fortiswitches configured with mc-lag icl. im running into an issue when i attempt to create a trunk. I want to use port 21 on switch 1 and port 21 on switch 2 but i am not able to select them . they do not show in the list?
what is preventing this? i dont see any configuration on the ports... just seems weird. i should be able to use any ports I want.
they are 24 port switches model 1024D. can anyone fortiswitch guru's chime in here? Thanks,
Labels:
- Labels:
-
FortiSwitch
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
They are probably used somehow in the configuration. Check if there is any reference to these interferences.
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check if those ports are already assigned to something else, like maybe they're part of another VLAN or something. Also, verify if the switches are recognizing the ports correctly.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @blackstark,
To check interface references, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-Check-Referenced-Objects/ta-p/19481...
Regards,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you configure and activate MCLAG you have to be aware of namings of interface, port, physical port, trunk, and trunkgoup.
For my understanding - or in my opinion:
a classical trunk ( or classical portchannel (static, lacp active, lacp slave)) is located an one physical switch.
a trunkgroup ( also called MCLAG-Static, MCLAG-Active, MCLAG-Slave) described a combination of a portgroup over two switches.
fswitch1 # show full-configuration switch interface esxr71_Mgmt_TG
config switch interface
edit "esxr71_Mgmt_TG"
set description ''
set native-vlan 999
unset allowed-vlans
unset untagged-vlans
set discard-mode none
set dhcp-snooping untrusted
set dhcp-snoop-learning-limit-check disable
set dhcp-snoop-option82-trust disable
set arp-inspection-trust untrusted
set stp-state enabled
set stp-loop-protection disabled
set stp-root-guard disabled
set stp-bpdu-guard disabled
set loop-guard disabled
set edge-port enabled
set rpvst-port disabled
set ip-mac-binding global
set auto-discovery-fortilink-packet-interval 5
set private-vlan disable
set igmp-snooping-flood-reports disable
set mcast-snooping-flood-traffic disable
set mld-snooping-flood-reports disable
set packet-sampler disabled
set sflow-counter-interval 0
set snmp-index 74
config qnq
set status disable
set stp-qnq-admin enable
end
set vlan-mapping-miss-drop disable
set vlan-tpid "default"
set trust-dot1p-map ''
set trust-ip-dscp-map ''
set default-cos 0
set qos-policy "default"
set ptp-policy "default"
set ptp-status enable
set sticky-mac disable
set log-mac-event disable
set nac disable
next
end
fswitch2 # show full-configuration switch trunk esxr71_Mgmt_TG
config switch trunk
edit "esxr71_Mgmt_TG"
set port-selection-criteria src-dst-ip
set description ''
set mode static
set bundle disable
set auto-isl 0
set fortilink 0
set isl-fortilink 0
set mclag enable
set static-isl disable
set static-isl-auto-vlan enable
set members "port24"
next
end
Example for a MC-LAG Static (without LACP)
!!! TG=TrunkGroup
In the following Example we try to use native vlan 999 (untagged/access) to the Trunkgroup named esxr71_Mgmt_TG which bind physical port 24 of switch fswitch1 + fswitch2 to an MCLAG-Static for a static Portchannel for Vshere ESXI vswitch0 Management (called Nic-Teaming).
fswitch1 (esxr71_Mgmt_TG) ## show
config switch trunk
edit "esxr71_Mgmt_TG"
set mclag enable
set members "port24"
next
end
fswitch1 (esxr71_Mgmt_TG) # get
name : esxr71_Mgmt_TG
trunk-id : 1
port-selection-criteria: src-dst-ip
description : (null)
mode : static
bundle : disable
auto-isl : 0
fortilink : 0
isl-fortilink : 0
mclag : enable
static-isl : disable
static-isl-auto-vlan: enable
members : port24
fswitch1 # show switch interface esxr71_Mgmt_TG
config switch interface
edit "esxr71_Mgmt_TG"
set native-vlan 999
set snmp-index 74
next
end
fswitch1 # show full-configuration switch physical-port port24
config switch physical-port
edit "port24"
set cdp-status disable
set description "esxr71 Eth 13/1 vSwitch0 Mgmt VLAN 999"
set dmi-status global
set egress-drop-mode enabled
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set priority-based-flow-control disable
set speed auto-module
set status up
set storm-control-mode global
next
end
----
!!! TG=TrunkGroup
fswitch2 (esxr71_Mgmt_TG) ## show
config switch trunk
edit "esxr71_Mgmt_TG"
set mclag enable
set members "port24"
next
end
fswitch2 (esxr71_Mgmt_TG) # get
name : esxr71_Mgmt_TG
trunk-id : 1
port-selection-criteria: src-dst-ip
description : (null)
mode : static
bundle : disable
auto-isl : 0
fortilink : 0
isl-fortilink : 0
mclag : enable
static-isl : disable
static-isl-auto-vlan: enable
members : port24
fswitch2 # show full-configuration switch physical-port port24
config switch physical-port
edit "port24"
set cdp-status disable
set description "esxr71 Eth 13/1 vSwitch0 Mgmt VLAN 999"
set dmi-status global
set egress-drop-mode enabled
set flapguard disabled
set flow-control disable
set fortilink-p2p disable
set l2-learning enabled
set lldp-profile "default-auto-isl"
set lldp-status tx-rx
set loopback disable
set max-frame-size 9216
set priority-based-flow-control disable
set speed auto-module
set status up
set storm-control-mode global
next
end
fswitch2 # show switch interface esxr71_Mgmt_TG
config switch interface
edit "esxr71_Mgmt_TG"
set native-vlan 999
set snmp-index 74
next
end
fswitch2 # diagnose switch physical-ports summary port24
Portname Status Tpid Vlan Duplex Speed Flags Discard
__________ ______ ____ ____ ______ _____ ____________ _________
port24 up 8100 999 full 10G ,TS, none
Flags: QS(802.1Q) QE(802.1Q-in-Q,external) QI(802.1Q-in-Q,internal)
TS(static trunk) TF(forti trunk) TL(lacp trunk); MD(mirror dst)
MI(mirror ingress) ME(mirror egress) MB(mirror ingress and egress)
CF (Combo Fiber), CC (Combo Copper) LL(LoopBack Local) LR(LoopBack Remote)
fswitch2 # diagnose switch mclag peer-consistency-check esxr71_Mgmt_TG
** Comparing "switch.trunk" config ....OK
** Comparing "switch.interface" config ....OK
** Comparing "switch.physical-port" config ....OK
** Comparing "switch.stp.instance" config ....OK
Comparing "LAG state"
-------------------
local ports port24
local inactive ports none
Peer ports port24
Peer inactive ports none
LAG state UP
Comparing "STP state"
-------------------
Local active-LAG ports port24
Local active ports FORWARDING
Remote active-LAG ports port24
Remote active ports FORWARDING
show / debug / verify:
show full-configuration switch interface esxr71_Mgmt_TG
show switch physical-port port24
show full-configuration switch trunk esxr71_Mgmt_TG
diagnose switch trunk list esxr71_Mgmt_TG
diagnose switch trunk summary esxr71_Mgmt_TG
diagnose switch physical-ports summary port24
diagnose switch mclag peer-consistency-check esxr71_Mgmt_TG
Related Posts
- Using FortiSwitch Interfaces in multiple VDOMs 269 Views
- FortiSwitch WebUI Error 279 Views
- Cannot find unauthorized devices in fortimanager 805 Views
- create new trunk in fortiswitch -... 545 Views
- Factory Reset FortiSwitch 108D POE? 1540 Views
Labels
-
FortiGate
6,679 -
FortiClient
1,330 -
5.2
801 -
5.4
639 -
FortiManager
578 -
FortiAnalyzer
422 -
6.0
416 -
5.6
362 -
FortiSwitch
342 -
FortiAP
339 -
FortiClient EMS
272 -
FortiMail
259 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
159 -
6.4
128 -
FortiNAC
110 -
FortiGuard
106 -
FortiSIEM
92 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
79 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
67 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
30 -
SD-WAN
30 -
Firewall policy
29 -
High Availability
24 -
FortiConnect
24 -
VLAN
22 -
FortiWAN
22 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Interface
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Logging
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
10 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
Authentication
8 -
SSL SSH inspection
8 -
Traffic shaping
8 -
SSO
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.