Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
0
Helpful
5
Replies

Cisco 3850 To Fortigate 60E OSPF Connection Via EtherChannel

xxsamixx18
Level 1
Level 1

‎06-07-2025 08:26 PM

Hi,

I am trying to set up a connection via OSPF between my Cisco 3850 layer 3 switch and my FortiGate 60E firewall throw OSPF, but it's not working, has anyone done it before. I pasted my configuration below, note if you see misconfiguration it is just me trying different thing to make it work so far no luck. 

!
interface Port-channel1
no switchport
ip address 10.240.240.2 255.255.255.252
ip pim sparse-mode
ip ospf authentication-key 7 121A0A05430E470524
ip ospf dead-interval 40
ip ospf mtu-ignore
ip ospf 901 area 0
ip ospf cost 10
ipv6 address 2001:4000:FD60:C10:240:240::/64
ipv6 enable
ipv6 ospf 900 area 0
ipv6 ospf cost 10
end

ITS-Core-BS1#sh run int gi1/1/1
Building configuration...

Current configuration : 141 bytes
!
interface GigabitEthernet1/1/1
description Link To FW-60E
no switchport
no ip address
ip ospf 901 area 0
channel-group 1 mode on
end

ITS-Core-BS1#sh run int gi1/1/2
Building configuration...

Current configuration : 113 bytes
!
interface GigabitEthernet1/1/2
no switchport
no ip address
ip ospf 901 area 0
channel-group 1 mode on
end

config router ospf
set router-id 10.10.0.10
config area
edit 0.0.0.0
next
end

router ospf 901
router-id 10.10.0.100
network 10.10.0.100 0.0.0.0 area 0
network 10.240.240.0 0.0.0.3 area 0



config ospf-interface
edit "CISCO-OSPF"
set interface "Port-Channel 1"
set authentication text
set authentication-key ENC 6EAg4vNk5Wh/bE4QWTApWGmCT3ON8WS+ViZMeWRJRJKvpctlqD2hB+08d5uXP1SsqbPQuaWiipuqrSjUGR/j8BuEH4eOPKm8VdyV7rg8Dsq60cLGXpKKURqqUMkASLOy4Q12gtFE4V+KHtGxvXvostmzBumFcunBP1DuRIgPL2e9i4AKQvbXT4ghEy+AsRnk0whWGg==
set cost 10
set dead-interval 40
set hello-interval 10
set mtu-ignore enable
next
edit "Loop"
set interface "FW OSPF Loop"  <<< Passive enabled
set cost 10
set dead-interval 40
set hello-interval 10
next
end
config network
edit 1
set prefix 10.240.240.0 255.255.255.252
next
edit 2
set prefix 10.10.0.10 255.255.255.255
next
end

Labels:
0 Helpful
5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame

‎06-07-2025 08:30 PM - edited ‎06-07-2025 08:35 PM

For the sake of troubleshooting, I'd remove the OSPF authentication because it is at a broken state (and serves no purpose). 

conf t
router ospf 901
 NO passive-interface Po1
end

Next, I'd run a debug from the switch.  

1.  Disable the port.

2.  Command: debug ip ospf events

3.  Enable the port

4.  Wait for 45 seconds worth of output and disable the debug (undebug all).

5.  Put the output from Step 4 into a text file and attach it.

0 Helpful

paul driver
VIP
VIP

‎06-08-2025 12:06 AM

Hello

@xxsamixx18 wrote:

 

interface Port-channel1
no switchport
ip address 10.240.240.2 255.255.255.252
ip ospf 901 area 0
ip ospf cost 10
ipv6 address 2001:4000:FD60:C10:240:240::/64
ipv6 enable
ipv6 ospf 900 area 0
ipv6 ospf cost 10


router ospf 901
router-id 10.10.0.100

You have OSPV2-3 running so would expect your cfg to accommodate both versions?

ip routing
ipv6 unicast-routing
router ospfv3 901
address-family ipv4 unicast
router-id 10.10.0.100
exit-address-family
address-family ipv6 unicast
router-id 10.10.0.100
exit-address-family


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

xxsamixx18
Level 1
Level 1
In response to paul driver

‎06-08-2025 05:27 AM

ip routing and ipv6 uncast-routing is enabled

0 Helpful

MHM Cisco World
VIP
VIP
In response to xxsamixx18

‎06-14-2025 10:25 PM

No switchport under port member of port channel and you add ospf under it?

I think you misconfig ospf 

You need to 

-Under port member

1- use no switchport

2- no IP and no ospf config 

- under port channel 

1- add no switchport 

2- add IP

3- add ospf 

- under ospf 

Disable lls if it enable if it disable enable it' I dont know if forti use lls or not

MHM

0 Helpful

paul driver
VIP
VIP
In response to xxsamixx18

‎06-15-2025 03:05 AM

Hello
i dont see any ospfv3 routing process to either the cisco/fortigate -unless that is your just not showing it?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents