Hot![SOLVED] Error creating switch-interface: entry not found in datasource

Author
NKL
Bronze Member
  • Total Posts : 26
  • Scores: 6
  • Reward points: 0
  • Joined: 2006/06/04 04:00:19
  • Status: offline
2017/12/01 11:23:15 (permalink)
0

[SOLVED] Error creating switch-interface: entry not found in datasource

We are trying to do some tests with fortigate feature "VXLAN" with devices FG60D, FG60E and FG100E, on FortiOS 5.4.5 and 5.6.2.

Following the steps of Fortinet Knowledge Base article FD40170 ( http://kb.fortinet.com/kb...FD40170&languageId ), we fail to reproduce the step of creating the soft-switch.

We are issuing the the following commands on the CLI, to form a soft-switch comprising the physical "port16" (which is free/unused so far) and a VPN-interface, that was setup for VXLAN beforehand:
 

RTR001 # config system switch-interface
RTR001 (switch-interface) # edit "VXLAN1"
new entry 'VXLAN1' added
RTR001 (VXLAN1) # set member "port16" "VXLANVPN"
entry not found in datasource
value parse error before 'port16'
Command fail. Return code -3
RTR001 (VXLAN1) #


The soft-switch cannot be created because of the error message "entry not found in datasource". Does anyone have an idea, why this is?
post edited by NKL - 2017/12/07 22:23:47
#1

5 Replies Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 5625
    • Scores: 382
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Error creating switch-interface 2017/12/03 07:11:58 (permalink)
    0
    When you enter "set member" (and nothing more!), hit '?' to see the available interfaces. I bet there are no VPN interfaces listed.
    If so, did you specify "set encapsulation vxlan" in phase1-interface?

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    NKL
    Bronze Member
    • Total Posts : 26
    • Scores: 6
    • Reward points: 0
    • Joined: 2006/06/04 04:00:19
    • Status: offline
    Re: Error creating switch-interface 2017/12/04 06:34:57 (permalink)
    0
    Funny enough, "set member ?" does not give me any interfaces:
    RTR001 # config system switch-interface
    RTR001 (switch-interface) # edit "VXLAN1"
    new entry 'VXLAN1' added
    RTR001 (VXLAN1) # set member ?
    *interface-name    Physical interface name.
    RTR001 (VXLAN1) # set member
     
    Phase1-Interface was created with "set enc vxlan":
    config vpn ipsec phase1-interface
        edit "VXLANVPN"
            set interface "port15"
            set peertype any
            set proposal aes256-sha256
            set dhgrp 14
            set encapsulation vxlan
            set encapsulation-address ipv4
            set encap-local-gw4 172.30.0.2
            set encap-remote-gw4 172.30.0.1
            set remote-gw 172.30.0.1
            set psksecret dummypsk123
        next
    end
    #3
    ede_pfau
    Expert Member
    • Total Posts : 5625
    • Scores: 382
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Error creating switch-interface 2017/12/05 10:47:09 (permalink)
    0
    OK, I followed your steps on my 60E. And didn't have a port to choose from in the beginning.
    Then,
    config system virtual-switch
        edit "internal"   config port
          delete port internal7
    end
    end

    and then...
    config system switch-interface
        edit "vxlan"
    set member ?
    ...
    gate (vxlan) # set member
    *interface-name    Physical interface name.
    internal7       interface

    Aha!
     
     

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #4
    NKL
    Bronze Member
    • Total Posts : 26
    • Scores: 6
    • Reward points: 0
    • Joined: 2006/06/04 04:00:19
    • Status: offline
    Re: Error creating switch-interface 2017/12/07 22:22:36 (permalink)
    0
    Fortinet TAC found a solution:
     
    For some reason (and apparently not always, as demonstrated by emnoc), you have to supply a "vdom", in which the newly created soft-switch should reside. So, after creating the soft-switch, but before adding the member-interfaces, type "set vdom <vdom_name>".
     
    The working config in my case (Fortigate not using vdoms) is:
    RTR001 # config system switch-interface
    RTR001 (switch-interface) # edit "VXLAN1"
    new entry 'VXLAN1' added
    RTR001 (VXLAN1) # set vdom root
    RTR001 (VXLAN1) # set member "port16" "VXLANVPN"
    RTR001 (VXLAN1) # end
    RTR001 #

    post edited by NKL - 2017/12/07 22:25:59
    #5
    ede_pfau
    Expert Member
    • Total Posts : 5625
    • Scores: 382
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Error creating switch-interface 2017/12/10 10:11:30 (permalink)
    0
    Thanks for the follow-up! Will make it's way into my archive...

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #6
    Jump to:
    © 2018 APG vNext Commercial Version 5.5