Managed FortiSwitch LACP member suspended

JonasV · ‎02-22-2024

Hi Community

I have issues with member ports of an LACP on one of our managed FortiSwitche

The setup is:

SW1 and SW2 are configured with MCLAG

The LACP from SW1 and SW2 towards SW3 has MCLAG enabled set.

I have verifyed MCLAG consistensy on SW1 and SW2 with:
'diagnose switch-controller switch-info mclag peer-consistency-check '

Everything is fine from that point of view.

The links towards SW3 is the ISL, and the LACP is auto configured when the switch joined.

I use 1Gbps SFP fiber optic modules.

My issue is, that one of the ports on SW3 is in suspended mode

Port 49 = up

Port 50 = suspended

I can't seem to fine any documents or articles on the web how to get closer to the root cause.

I have used the 'get switch lldp neighbors-summary' on all 3 switches, and they are able to detect each other.

I have tried changing the speed settings from (default) Auto-module, 1000full and 1000auto but this changes nothing.

'execute log display' on the switch doesn't give me anything, other then the ports are going down.

Any ideas suggestion how I can proceed?

I suspect STP could be a factor, but not found any commands to be used for verifying this.

Kind regards

dbu · ‎02-22-2024

Hi @JonasV ,

It looks like an STP is blocking the port to ensure a loop-free layer-2 network.

Have a look here to check your configuration and status of the ports :

https://docs.fortinet.com/document/fortiswitch/6.4.6/administration-guide/364614/spanning-tree-proto...

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

JonasV · ‎02-22-2024

Hi @dbu.
Indeed I have though of it also.

But STP shouldn't be running on the indivual ports, but on the LACP link, yes?
I don't see STP blocking my ports.

However I came across a different discovery.
Additional information is needed here.
We have + 10 FortiSwitches connected to SW1 and SW2.
Eatch switch ISL is an LACP.

SW3 is connected from local port 49 and 50 to both SW1 and SW2 on port 3
SW4 is connected from local port 49 and 50 to both SW1 and SW2 on port 5

When running 'get switch lldp neighbor-summery' on both SW3 and SW4, they for some reason detected that port 50 on them are swaped.

SW3 port 49 --> SW2 port 3

SW3 port 50 --> SW1 port 5

SW4 port 49 --> SW2 port 5

SW4 port 50 --> SW1 port 3

On SW4, ISL LACP members are port 49 and 50, and port 50 is also in status suspended, just like SW3

Executing the 'get switch lldp neighbor-summery' on SW1 and SW2 shows correct neighbor link.

I have come to suspicion that something is off on SW1.

I'll await a windows of opportunity to reload SW1 to see if this resolves the issue.

Kind regards

JonasV · ‎02-27-2024

Reboot of the MCLAG switch didn’t resolve the issue.

My team and I spend some time again testing.

A combination of shutdown, module status (transceiver info) and LLDP neighbor-summery on our SW1, SW3 and SW4 indicated that the Tx fiber wire somewhere in the Fiber distribution box could be switched around.

Our next step is to have this looked at.

Kind regards

JonasV · ‎02-22-2024

Hi @ribak31

I'm not sure if your comment if related to my post?

This is physical Fortinet equipment, not virtual Cisco images.

Kind regards