Performance issues between Cisco C9300X-24Y and Fortinet 60 E

ashu-aggarwal-160 · ‎12-05-2022

We are experiencing intermittent performance issues for switch model# C9300X-24Y while using 1 gig copper GBIC# GLC-TE in conjunction with Fortinet 60 E model, Whenever the switch is being rebooted due to some planned maintenance, We are seeing packet drops on the port connecting to the firewall, There are no drops to any other device other than the firewall.We have ruled out any kind of port/cabling/GBIC issues.

Please suggest if anyone has experience similar issues and the possible root cause.

balaji.bandi · ‎12-05-2022

Can you post show run interface x/x and show interface x/x output

what version of code running ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ashu-aggarwal-160 · ‎12-05-2022

Thank for your response, The switch is running on 17.06.04 .

Here is the requested output, We have a layer 3 SVI created on switch for vlan 10 and just trying to ping firewall port in same vlan which shows significant packet loss. However when we connect the same cable either from switch to laptop or firewall to laptop, there is no loss observed. The issue is only when we connect switch to the fortinet firewall.

Switch#sh int Twe1/0/5
TwentyFiveGigE1/0/5 is up, line protocol is up (connected)
Hardware is Twenty Five Gigabit Ethernet, address is f8e5.7e12.d405 (bia f8e5.7e12.d405)
Description: Link to VLAN 10 to E60 10.x.x.4
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX SFP
input flow-control is on, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
286237 packets input, 23732350 bytes, 0 no buffer
Received 3135 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
249290 packets output, 18792141 bytes, 0 underruns
Output 38 broadcasts (132343 multicasts)
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

Switch#sh run int Twe1/0/5
Building configuration...

Current configuration : 159 bytes
!
interface TwentyFiveGigE1/0/5
description Link to VLAN x to E60 10.x.x.4
switchport access vlan x
switchport mode access
spanning-tree portfast
end

!

balaji.bandi · ‎12-05-2022

i do not see any errors on the interface, so suggestion try hardcode speed to 1000 and also try no negotiation and observe.

vlan 10 and just trying to ping firewall port in same vlan which shows significant packet loss.

Do you any example output ? do you see any spanning tree convergence ? is this VLAN only located on switch ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

EPHRAIM MANI · ‎03-17-2023

did you get the issued resolved ?

balaji.bandi · ‎03-17-2023

May be YES / NO - if the Poster not replied we take this was resolved.

if you having same issue, open a new thread with referring this URL and post your issue with more outputs.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

isommer · ‎03-28-2023

Hello,
I have found this case here and I run into the exact problem.
The only differnce is that we have FortiGate 81F.
We have found no solution so far.
Any help is very welcome.