05-26-2025 02:57 AM
How to create SSH for Catalyst 1200-8FP-2G Smart Switch device type, I have problems when SSHing from device 1 to another device, or from the Fortigate device to the switch device, but if I SSH from a laptop there is no issue
05-26-2025 03:28 AM
@duwijakarta - What are the problems ? Can you provide screenshot(s) for instance ?
M.
05-26-2025 03:49 AM
05-26-2025 04:00 AM
- @duwijakarta That screenshot seems to be a simple authentication failure ; check logs from the switch
However when managing your network equipment , you are always better off by using
SSH from your laptop. Often these local ssh clients and servers have limited support for
available ciphers and that lead to conflicts and then the SSH will not work
M.
05-26-2025 04:24 AM
if on another type of device doing ssh from a different switch device there is no issue, does that mean that the cisco type 1200 does not support ssh from a switch device with the same type? and if I try ssh via fortigate which goes directly to the switch it still doesn't work.
05-26-2025 04:38 AM
@duwijakarta The same reasoning applies for switch-to-switch SSH , conflicting ciphers support between client and server
From the fortigate ; check the logs on the switch when trying (too).
But as I said earlier ; don't spend to much time on it ==> use your laptop,
M.
05-26-2025 05:25 AM
I don't mind, I just need to convince my boss that later the device can be remoted from afar, I can ssh because the LAN cable is directly to the switch device, but I can still remote to another switch from the device I direct, but I can't from fortigate, the assumption is that it will be an obstacle if it is later implemented in a remote location. How do I convince my boss that the remote trial from the laptop has no issue, meaning that later the device can also be remoted from afar, it's just that before from the switch device it needs to enter via fortigate, if from fortigate you can't ssh to the switch, will that be a problem later?
05-26-2025 05:38 AM
- @duwijakarta - If SSH access from the fortigate is a requirement, then you need to examine the logs on the switch when that is tried and look for insights,
M.
05-26-2025 06:39 AM
Okee, last question, I just want to make sure, is it possible to only use switchport trunk mode to the fortigate HA device, but if interface 1 is down it can still run towards the fortigate backup? because my problem is that I can't run towards the backup, but if the fortigate HA is unplugged, then there is no problem
05-26-2025 07:05 AM
- @duwijakarta You will also start by examining logs on both the switch and fortigate when troubleshooting the HA failover. You could also try to clear the ARP cache on the switch ,
M
05-26-2025 07:18 AM
indirectly does this c1200 switch support failover to forti HA with the configuration on the interface only using switchport trunk mode? or forti and the switch must be configured with lacp on each interface? thank you very much for your help
05-26-2025 07:53 AM
- @duwijakarta Yes you will need LACP on all ports , also.the fortigate. But in essence lacp is not designed for failover. The behavior of the fortigate is unpredictable. Presumed best setting on the switch will be : lacp mode on
M.
05-26-2025 07:24 PM
but I have a Catalys 9300 series that can run failover without LACP, is there a separate configuration in the 9300 type that is not supported in the 1200 type? I see there is a configuration, redundancy, sso mode. Is it necessary to use a specific STP mode setting in this 1200 type? or can you help me with best practice with the 2 switch and 2 forti HA method, thank you
05-26-2025 03:35 AM
I want to make settings with the condition of 2 HA fortigates, connected to 2 c1200 switches, in the c1200 configuration it does not use lacp, only switchport trunk to each fortigate, how do I do it so that if one of the switch connections to the primary fortigate has a problem, it can still be backed up to the backup fortigate, if using forti without HA there is no issue when using switchport trunk mode, but when using HA on the fortigate it doesn't work.
05-26-2025 03:46 AM
- @duwijakarta That is a different issue from the original post; you will have to examine logs on the switch
and fortigate to investigate this problem.
You may find this https://community.fortinet.com/t5/Support-Forum/Trunk-between-Cisco-switch-and-Fortigate-using-LACP/td-p/292805
useful because it also contains diagnostic commands,
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide