I have a new 50E and a new 90D right here on my desk ;-).

Both 5.4.4, both factoryreset.

Both doing the above config changes, nothing else.

50E working, 90D not. Both on the same switch (HP Procurve 5406).

That is incredibly frustrating. The only differences at this point are hardware and possible bugs tied to said hardware and existing FortiOS

I think I'll open a support ticket ...

b4 you  do that did you diagnostic sniffer packet on the interface(s) and ensure that LLDP is  or not being sent

 

 

e.g

 

diag sniffer packet <interface_name> "not ip"

 

 

FWIW, we have  FGT90D that are working correct on 5.4.x

 

You are pointing me into the right direction I think.

The 90D is sending packets.

50E Packet:

29.967064 lan1 -- lldp 157 chassis 4 08:5b:0e:ea:69:57 port 1 'LAN Avaya' ttl 120 system 'FGT50E-WWW-AVAYA'
0x0000 0180 c200 000e 085b 0eea 6957 88cc 0207 .......[..iW....
0x0010 0408 5b0e ea69 5704 0a01 4c41 4e20 4176 ..[..iW...LAN.Av
0x0020 6179 6106 0200 780a 1046 4754 3530 452d aya...x..FGT50E-
0x0030 5757 572d 4156 4159 410c 2a46 6f72 7469 WWW-AVAYA.*Forti
0x0040 4761 7465 2d35 3045 2076 352e 342e 342c Gate-50E.v5.4.4,
0x0050 6275 696c 6431 3131 372c 3137 3032 3039 build1117,170209
0x0060 2028 4741 290e 0400 1400 1010 0c05 01c0 .(GA)...........
0x0070 a82a 0202 0000 0006 00fe 0900 120f 0300 .*..............
0x0080 0000 0006 fe09 0080 c207 0000 0000 06fe ................
0x0090 1808 090f 02b6 f8ee 5660 8361 e98c 8c3c ........V`.a...<
0x00a0 62f9 3913 7570 e7ee 5a00 00 b.9.up..Z..

 

90D packet:

29.760512 internal14 -- lldp 147 chassis 4 90:6c:ac:88:fa:19 port 5 'internal14' ttl 120 system 'Test1'
0x0000 0180 c200 000e 906c ac88 fa19 88cc 0207 .......l........
0x0010 0490 6cac 88fa 1904 0b05 696e 7465 726e ..l.......intern
0x0020 616c 3134 0602 0078 0a05 5465 7374 310c al14...x..Test1.
0x0030 2a46 6f72 7469 4761 7465 2d39 3044 2076 *FortiGate-90D.v
0x0040 352e 342e 342c 6275 696c 6431 3131 372c 5.4.4,build1117,
0x0050 3137 3032 3039 2028 4741 290e 0400 1400 170209.(GA).....
0x0060 1010 0c05 0182 32c7 c702 0000 0012 00fe ......2.........
0x0070 0900 120f 0300 0000 0012 fe09 0080 c207 ................
0x0080 0000 0000 12fe 1808 090f 0243 4a6f d7e1 ...........CJo..
0x0090 02e0 6401 00b0 e17a b993 f5f8 6660 d100 ..d....z....f`..
0x00a0 00 

 

Perhaps it is a switch related problem. I'll try with an other switch and/or firmware of the switch.

Do you use HP switches?

Or  run it on a  another interface-port and use  wireshark/tshark/windump on  a machine and see if the LLDP are being received if they are, than if you do see LLDP packets on the interval-advertisement than you  just rule that it is  the  hp-switch

 

 

Ken

 

I think it's definitly a fortinet problem.

The LLDP packets send by the fortigate, which show up in the fortinet sniffer are not coming out of the interface.

I can't fetch them with wireshark.

The other way is ok. If I'm generating LLDP packets and send them to the fortigate, they show up in the forti sniffer.

Btw, If I use tcpreplay to send the 90D packet to the switch, it shows up in the switchs lldp table.