Hi,

I am facing a problem of random packet loss only to the management interface (VLAN104) of SG-350 switches.

The physical connectivity is like, 

17 VLANs created on Fortigate FG-100E port15

The FG-100E 15th port is connected to a trunk port (Gi24) on SG-350 (Core Switch).

Ports on the SG-350 (Core Switch) are configured as TRUNK and connected to (Uplink) the 21 access switch's trunk ports.

VLAN-104 is the management VLAN and is assigned 192.168.14.0/24 range IPs to all the management VLAN Interfaces on switches.

Ping to the core switch has no drops.

But ping to the rest of switch's management VLAN interface has packet drops.

But, Ping to computers connected to the same VLAN-14 has no packet drop issues.

Please see the configurations below and help me to identify the root cause as well as a solution.

Core switch Config

SW-SG350-19#sh running-config
config-file-header
SW-SG350-19
v2.4.0.91 / RTESLA2.4_930_181_042
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 100-117
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname SW-SG350-19
username admin password encrypted 7221b4013c19eacdc8ad2ccee60acfc1dc8c61d7 privilege 15
ip ssh server
no ip http server
!
interface vlan 100
name Server_01
!
interface vlan 101
name server_02
!
interface vlan 102
name VoIP
!
interface vlan 103
name Local_Restricted
!
interface vlan 104
name Access_Control
ip address 192.168.14.169 255.255.255.0
!
interface vlan 105
name Management
!
interface vlan 106
name General_Dept
!
interface vlan 107
name Marketing
!
interface vlan 108
name Big_Data
!
interface vlan 109
name ML-Team
!
interface vlan 110
name Design_Dev
!
interface vlan 111
name Annotation
!
interface vlan 112
name Guest-Wi-Fi
!
interface vlan 113
name Reserved_02
!
interface vlan 114
name Reserved_03
!
interface vlan 115
name Reserved_04
!
interface vlan 116
name Reserved_05
!
interface vlan 117
name Reserved_06
!
interface GigabitEthernet2
switchport mode trunk
!
interface GigabitEthernet4
switchport mode trunk
!
interface GigabitEthernet5
switchport mode trunk
!
interface GigabitEthernet6
switchport mode trunk
!
interface GigabitEthernet7
switchport mode trunk
!
interface GigabitEthernet8
switchport mode trunk
!
interface GigabitEthernet9
switchport mode trunk
!
interface GigabitEthernet10
switchport mode trunk
!
interface GigabitEthernet11
switchport mode trunk
!
interface GigabitEthernet12
switchport access vlan 104
!
interface GigabitEthernet13
switchport access vlan 102
!
interface GigabitEthernet14
switchport access vlan 102
!
interface GigabitEthernet15
switchport access vlan 102
!
interface GigabitEthernet16
switchport access vlan 102
!
interface GigabitEthernet17
switchport access vlan 102
!
interface GigabitEthernet18
switchport access vlan 113
!
interface GigabitEthernet19
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type unknown
!
interface GigabitEthernet20
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type unknown
!
interface GigabitEthernet21
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type unknown
!
interface GigabitEthernet22
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type unknown
!
interface GigabitEthernet23
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type unknown
!
interface GigabitEthernet24
switchport mode trunk
!
interface GigabitEthernet25
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type unknown
!
interface GigabitEthernet26
switchport mode trunk
!
exit
banner login ^C
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit, authorized permission to access or configure this device.
Unauthorized attempts and actions to access or use this system may result in civil and/or
criminal penalties.
All activities performed on this device are logged and monitored.
^C
macro auto disabled
ip default-gateway 192.168.14.11

Access Switch Configuration

Using username "admin".

UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED
You must have explicit, authorized permission to access or configure this device .
Unauthorized attempts and actions to access or use this system may result in civ il and/or
criminal penalties.
All activities performed on this device are logged and monitored.

User Name:admin
Password:*************

SW-SG350-08#sh running-config
config-file-header
SW-SG350-08
v2.4.0.91 / RTESLA2.4_930_181_042
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 100-117
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
dot1x system-auth-control
bonjour interface range vlan 1
hostname SW-SG350-08
line console
exec-timeout 0
exit
line ssh
exec-timeout 0
exit
line telnet
exec-timeout 0
exit
encrypted radius-server host 192.168.14.150 key 27wScXv855Wbu7OZmy2rvopsVpPIMVybmQc6QEzLUkM=
no passwords complexity enable
username admin password encrypted 7221b4013c19eacdc8ad2ccee60acfc1dc8c61d7 privilege 15
ip ssh server
ip http timeout-policy 0
no ip http server
clock timezone " " +5 minutes 30
clock dhcp timezone
ip telnet server
!
interface vlan 100
name Server_01
!
interface vlan 101
name server_02
!
interface vlan 102
name VoIP
!
interface vlan 103
name Local_Restricted
!
interface vlan 104
name Access_Control
ip address 192.168.14.158 255.255.255.0
!
interface vlan 105
name Management
!
interface vlan 106
name General_Dept
!
interface vlan 107
name Marketing
!
interface vlan 108
name Big_Data
!
interface vlan 109
name ML-Team
!
interface vlan 110
name Design_Dev
!
interface vlan 111
name Annotation
!
interface vlan 112
name Guest-Wi-Fi
!
interface vlan 113
name Reserved_01
!
interface vlan 114
name Reserved_02
!
interface vlan 115
name Reserved_03
!
interface vlan 116
name Reserved_04
!
interface vlan 117
name Reserved_05
!
interface GigabitEthernet1
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet2
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet3
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet4
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet5
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet6
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet7
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet8
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet9
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet10
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet11
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet12
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet13
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet14
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet15
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet16
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet17
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet18
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet19
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet20
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet21
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet22
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet23
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet24
dot1x host-mode multi-sessions
dot1x reauthentication
dot1x authentication mac
dot1x radius-attributes vlan static
dot1x port-control auto
!
interface GigabitEthernet25
spanning-tree link-type point-to-point
switchport mode trunk
switchport access vlan 104
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type unknown
!
interface GigabitEthernet26
spanning-tree link-type point-to-point
switchport mode trunk
macro description "switch "
!next command is internal.
macro auto smartport dynamic_type unknown
!
exit
macro auto disabled
ip default-gateway 192.168.14.11
SW-SG350-08#