Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
sachitdas_FTNT
Staff
Staff

Created on ‎02-05-2018 01:56 AM

Article Id 198568

Technical Note: Debug command to check if config is pushed from FortiGate to managed FortiSwitch

Description
This article provides debug commands to run to check if a FortiGate is pushing config changes to a managed FortiSwitch.

Scope
All FortiSwitch models, v3.6.x

Solution
The following debugs can be useful if it taking a long time to push a config from the ForitGate to the FortiSwitch.  These debugs along with the config and network diagram should allow further troubelshooting.

On the FortiGate
# diagnose debug application flcfgd -1
# diag debug enable

On the FortiSwitch
# diagnose debug cli 8
# diagnose debug application flgd -1
# diag debug enable

Simultaneously run “diagnose sys top” on the switch to check if any process is going high.

In the following example, vlan on the switchport4 is changed from vlan20 to vlan1.

On the FortiGate
# config switch-controller managed-switch
 (managed-switch) # edit FS224D3Z14001524
(FS224D3Z14001524) # config ports
(ports) # edit port4
(port4) # set vlan vsw.Forti-Link

Logs on the FortiGate
574s:594ms:88us flcfg_cmf_upd_switch_port[211]:flcfg_cmf_upd_switch_port port4 vsw.Forti-Link native-vid=1
574s:594ms:456us flcfg_process_events[215]:processed event 18
574s:594ms:675us flcfg_process_switch_update_event[124]:got switch update event for vfid 0 switch FS224D3Z14001524 flags 0x1
575s:208ms:291us flcfg_populate_phy_info_from_switch_trunk[2277]:FS224D3Z14001524  0 :
575s:843ms:131us flcfg_configure_switch[1584]:configure ports for FS224D3Z14001524
575s:871ms:458us flcfg_configure_switch[1613]:configured phy port port4 for FS224D3Z14001524
576s:122ms:724us flcfg_configure_switch[1632]:configured switch port port4 for FS224D3Z14001524
576s:125ms:521us flcfg_configure_switch[2086]:Apply quarantine all_config=0 flags=0x0 quar=0
576s:125ms:810us flcfg_configure_switch[2184]:configured FS224D3Z14001524 with 0 failures
576s:139ms:128us flcfg_event_handler[268]:free data for event 18
576s:139ms:420us flcfg_event_handler[272]:received event 18

Logs on the FortiSwitch
0: config switch interface
0: edit "port4"
0: set native-vlan 1
0: end
open file 15 to write config
write config file success, prepare to save in flash
zip config file /data/./config/sys_global.conf.gz success!

Ensure that the debug is disabled after collecting the logs:
# diag debug disable
# diag debug reset

6386
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.