Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10081
Views
0
Helpful
3
Replies

Cisco to Fortiswitch connection Problem

_young_
Level 1
Level 1

‎05-16-2020 11:17 AM

My cisco switch which is 2960x , can not connect internet.  My network is Fortigate 100E  <----> Fortiswitch(448D-poe) <----> cisco 2960x. 

FG and FS are working fine but 2960x can not connect internet.

One of FS port(port 45) is trunk port and  connect to 2960x(port 48).

Trunk port are 3 vlan (native: vlan10 data, allowed vlan: vlan 20 voice,vlan 30 Wireless)

FS is working fine. But 2960x does not working. I mean can not connect internet.

2960x config

-----------------------------------

Switch#sh config
Using 2898 out of 524288 bytes
!
! Last configuration change at 23:54:12 UTC Thu May 14 2020
! NVRAM config last updated at 23:54:15 UTC Thu May 14 2020
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-48fps-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
!
interface Port-channel1
description #### UPLINK ####
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
             |

             |

             |

interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30
switchport mode trunk
switchport nonegotiate
speed 1000
duplex full
channel-group 1 mode on
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description #### DATA VLAN ####
ip address 172.168.10.254 255.255.255.0
!
ip http server
ip http secure-server
!
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end


-------------------------------------------

Switch#
Switch#
Switch#sh ip int b
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan10 172.168.10.254 YES NVRAM up up
FastEthernet0 unassigned YES NVRAM administratively down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset down down

             |

             |

 GigabitEthernet1/0/44 unassigned YES unset down down
GigabitEthernet1/0/45 unassigned YES unset down down
GigabitEthernet1/0/46 unassigned YES unset down down
GigabitEthernet1/0/47 unassigned YES unset down down
GigabitEthernet1/0/48 unassigned YES unset up up
GigabitEthernet1/0/49 unassigned YES unset down down
GigabitEthernet1/0/50 unassigned YES unset down down
GigabitEthernet1/0/51 unassigned YES unset down down
GigabitEthernet1/0/52 unassigned YES unset down down
Port-channel1 unassigned YES unset up up
Switch#

-----------------  -------------------------------

sh int trunk


Port Mode Encapsulation Status Native vlan
Po1 on 802.1q trunking 10

Port Vlans allowed on trunk
Po1 10,20,30

Port Vlans allowed and active in management domain
Po1 10,20,30

Port Vlans in spanning tree forwarding state and not pruned
Po1 10,20,30
Switch#

--------------------------------------------------

Switch#show interface po1
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is dceb.9430.2b30 (bia dceb.9430.2b30)
Description: #### UPLINK ####
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is unknown
input flow-control is off, output flow-control is unsupported
Members in this channel: Gi1/0/48
ARP type: ARPA, ARP Timeout 04:00:00
Last input 01:53:22, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
711 packets input, 137024 bytes, 0 no buffer
Received 695 broadcasts (661 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 661 multicast, 0 pause input
0 input packets with dribble condition detected
13697 packets output, 1025018 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Switch#

=====================================================

Switch#show ip route
Default gateway is 172.168.10.254

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

 

----------------------------------------------------------

FT interface

config switch interface
edit "port1"
set native-vlan 20
set allowed-vlans 4093
set untagged-vlans 4093
set dhcp-snooping trusted
set sflow-counter-interval 30
set snmp-index 1
next
edit "port2"
set native-vlan 10
set allowed-vlans 20,30,4093
set untagged-vlans 4093
set dhcp-snooping trusted
set sflow-counter-interval 30
set snmp-index 2
next
edit "port3"
set native-vlan 10
set allowed-vlans 20,30,4093
set untagged-vlans 4093
set sflow-counter-interval 30
set snmp-index 3
next

...

edit "IntoOut"
set native-vlan 10
set allowed-vlans 10,20,30
set loop-guard enabled
set sflow-counter-interval 30
set snmp-index 57
next

---------------------------------

I don't know why can not connect internet through 2960x. 

Please help me, You can save my day.

Thank you.

Labels:
0 Helpful
3 Replies 3

JELA
Level 1
Level 1

‎05-16-2020 12:24 PM

Correct me if I'm wrong but in the output of the "show ip route" it seems that the default gateway of the Switch is itself?

What is the IP of the Firewall on the Vlan10 allowing access to internet?

 

I suggest to configure the switch with : ip default-gateway FW_IP_address

0 Helpful

Edgar Bonnell
Level 1
Level 1

‎09-09-2021 03:56 AM

So...what is up with the single member port channel on the 2960x? Why do you want a port channel with only one member port?

 

You say the uplink (trunk) on the 2960x is port 48. Port-channel aside, it is a trunk port. VLANs 10,20,30 are allowed, 10 is native.

You say port 45 on the 40switch is the corresponding port (cant call it a trunk port because Fortinet says a trunk port is an aggregated port). You did not show us the configuration of this port 45.

 

I see you pinned gi1/0/48 at 1000fd. Did you likewise pin port 45 on the 40switch? What's wrong with leaving both ports at auto?

 

I wonder if this is the problem?

int gi1/0/48

.

.

channel-group 1 mode on

 

on Forces the port to channel without PAgP or LACP. In the on mode, an EtherChannel exists only when a port group in the on mode is connected to another port group in the on mode.

0 Helpful

jrdi89
Level 1
Level 1

‎10-04-2021 03:47 AM

Try on port 48 from cisco switch ->  speed nonegotiate.

 

It's work for me.

 

JR

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card