OS 6860N-U28 Problem

Dear Team
We have installed Two core switches of model No: OS 6860N-U28 model in One site. They are providing Internet through Fortinet firewall. One primary switch has port no 1/1/17 and the other secondary switch has 2/1/17.
In normal condition internet is working properly but after rebooting the switch the internet appears to have stopped. Internet is up after removing firewall cable. What can be done? Please help in resolving.

Hi Rakesh,

This will depend on your topology and how routing/switching is configured. It might be spanning tree blocking the link, or the firewall configuration. Are you able to provide the topology and further details of your setup?

Thanks,

Dear Adongula
This is the configuration of Core switch:
FW LAN - 172.16.0.1/20

FW_LAN - 10.10.10.1/30
Core Switch - out 10.10.10.2/30

aaa authentication default “local”
aaa authentication console “local”
aaa authentication ftp “local”
aaa authentication http “local”
aaa authentication ssh “local”

vlan 99 name to_fw
vlan 100 name MGMT
vlan 101 name DATA_Basement
vlan 103 name DATA_Steel_Floor
vlan 105 name DATA_Ground_Floor
vlan 107 name DATA_First_Floor
vlan 109 name DATA_Second_Floor
vlan 111 name DATA_Third_Floor
vlan 113 name Camera_NVR_Server
vlan 121 name WIFI

ip interface to_fw address 10.10.10.2 mask 255.255.255.252 vlan 99
ip static-route 0.0.0.0 mask 0.0.0.0 gateway 10.10.10.1 metric 1
ip static-route 0.0.0.0/0 gateway 10.10.10.1 metric 1

1/1/17 - 2/1/17 (linkagg port-fw)
linkagg static agg 1 size 2 name fw admin-state enable
linkagg static port 1/1/17 agg 1
linkagg static port 2/1/17 agg 1
vlan 99 members linkagg 1 untagged
vlan 99 members port 2/1/18 untagged-----> testing(DS)
vlan 101 members port 2/1/19 untagged-----> testing

ip interface Camera_NVR_Server address 172.16.0.1 mask 255.255.240.0 vlan 113
ip interface MGMT address 172.16.16.1 mask 255.255.255.0 vlan 100
ip interface DATA_Basement address 172.16.17.1 mask 255.255.255.0 vlan 101
ip interface DATA_Steel_Floor address 172.16.19.1 mask 255.255.255.0 vlan 103
ip interface DATA_Ground_Floor address 172.16.21.1 mask 255.255.255.0 vlan 105
ip interface DATA_First_Floor address 172.16.23.1 mask 255.255.255.0 vlan 107
ip interface DATA_Second_Floor address 172.16.25.1 mask 255.255.255.0 vlan 109
ip interface DATA_Third_Floor address 172.16.27.1 mask 255.255.255.0 vlan 111
ip interface WIFI address 172.15.0.1 mask 255.255.240.0 vlan 121

1/1/1 - 2/1/1 (linkagg basement_sw)
linkagg static agg 2 size 2 name Basement admin-state enable
linkagg static port 1/1/1 agg 2
linkagg static port 2/1/1 agg 2
vlan 100 members linkagg 2 tagged
vlan 101 members linkagg 2 tagged
vlan 121 members linkagg 2 tagged
vlan 113 members linkagg 2 tagged

1/1/2 - 2/1/2 (linkagg basement_sw2)
linkagg static agg 3 size 2 name Basement2 admin-state enable
linkagg static port 1/1/2 agg 3
linkagg static port 2/1/2 agg 3
vlan 100 members linkagg 3 tagged
vlan 101 members linkagg 3 tagged
vlan 121 members linkagg 3 tagged
vlan 113 members linkagg 3 tagged

1/1/3 - 2/1/3 (linkagg steel_sw)
linkagg static agg 4 size 2 name steel_sw admin-state enable
linkagg static port 1/1/3 agg 4
linkagg static port 2/1/3 agg 4
vlan 100 members linkagg 4 tagged
vlan 103 members linkagg 4 tagged
vlan 121 members linkagg 4 tagged
vlan 113 members linkagg 4 tagged

1/1/4 - 2/1/4 (linkagg GF_sw)
linkagg static agg 5 size 2 name GF_sw1 admin-state enable
linkagg static port 1/1/4 agg 5
linkagg static port 2/1/4 agg 5
vlan 100 members linkagg 5 tagged
vlan 105 members linkagg 5 tagged
vlan 121 members linkagg 5 tagged
vlan 113 members linkagg 5 tagged

1/1/5 - 2/1/5 (linkagg GF_sw2)
linkagg static agg 6 size 2 name GF_sw2 admin-state enable
linkagg static port 1/1/5 agg 6
linkagg static port 2/1/5 agg 6
vlan 100 members linkagg 6 tagged
vlan 105 members linkagg 6 tagged
vlan 121 members linkagg 6 tagged
vlan 113 members linkagg 6 tagged

1/1/6 - 2/1/6 (linkagg FF_sw1)
linkagg static agg 7 size 2 name FF_sw1 admin-state enable
linkagg static port 1/1/6 agg 7
linkagg static port 2/1/6 agg 7
vlan 100 members linkagg 7 tagged
vlan 107 members linkagg 7 tagged
vlan 121 members linkagg 7 tagged
vlan 113 members linkagg 7 tagged

1/1/7 - 2/1/7 (linkagg FF_sw2)
linkagg static agg 8 size 2 name FF_sw2 admin-state enable
linkagg static port 1/1/7 agg 8
linkagg static port 2/1/7 agg 8
vlan 100 members linkagg 8 tagged
vlan 107 members linkagg 8 tagged
vlan 121 members linkagg 8 tagged
vlan 113 members linkagg 8 tagged

1/1/8 - 2/1/8 (linkagg SF_sw1)
linkagg static agg 9 size 2 name SF_sw1 admin-state enable
linkagg static port 1/1/8 agg 9
linkagg static port 2/1/8 agg 9
vlan 100 members linkagg 9 tagged
vlan 109 members linkagg 9 tagged
vlan 121 members linkagg 9 tagged
vlan 113 members linkagg 9 tagged

1/1/9 - 2/1/9 (linkagg SF_sw1)
linkagg static agg 10 size 2 name SF_sw2 admin-state enable
linkagg static port 1/1/9 agg 10
linkagg static port 2/1/9 agg 10
vlan 100 members linkagg 10 tagged
vlan 109 members linkagg 10 tagged
vlan 121 members linkagg 10 tagged
vlan 113 members linkagg 10 tagged

1/1/10 - 2/1/10 (linkagg Terrace_sw)
linkagg static agg 11 size 2 name Terrace_sw admin-state enable
linkagg static port 1/1/10 agg 11
linkagg static port 2/1/10 agg 11
vlan 100 members linkagg 11 tagged
vlan 111 members linkagg 11 tagged
vlan 121 members linkagg 11 tagged
vlan 113 members linkagg 11 tagged

1/1/11 - 2/1/11 (linkagg main_gate_sw)
linkagg static agg 12 size 2 name main_gate_sw admin-state enable
linkagg static port 1/1/11 agg 12
linkagg static port 2/1/11 agg 12
vlan 100 members linkagg 12 tagged
vlan 103 members linkagg 12 tagged
vlan 121 members linkagg 12 tagged
vlan 113 members linkagg 12 tagged

Dear Adongula,
this is another configuration snapshot of the same.
linkagg static agg 1 size 2 admin-state enable
linkagg static agg 1 name “fw”
linkagg static agg 2 size 2 admin-state enable
linkagg static agg 2 name “Basement”
linkagg static agg 3 size 2 admin-state enable
linkagg static agg 3 name “Basement2”
linkagg static agg 4 size 2 admin-state enable
linkagg static agg 4 name “steel_sw”
linkagg static agg 5 size 2 admin-state enable
linkagg static agg 5 name “GF_sw1”
linkagg static agg 6 size 2 admin-state enable
linkagg static agg 6 name “GF_sw2”
linkagg static agg 7 size 2 admin-state enable
linkagg static agg 7 name “FF_sw1”
linkagg static agg 8 size 2 admin-state enable
linkagg static agg 8 name “FF_sw2”
linkagg static agg 9 size 2 admin-state enable
linkagg static agg 9 name “SF_sw1”
linkagg static agg 10 size 2 admin-state enable
linkagg static agg 10 name “SF_sw2”
linkagg static agg 11 size 2 admin-state enable
linkagg static agg 11 name “Terrace_sw”
linkagg static agg 12 size 2 admin-state enable
linkagg static agg 12 name “main_gate_sw”
linkagg static port 1/1/1 agg 2
linkagg static port 1/1/2 agg 3
linkagg static port 1/1/3 agg 4
linkagg static port 1/1/4 agg 5
linkagg static port 1/1/5 agg 6
linkagg static port 1/1/6 agg 7
linkagg static port 1/1/7 agg 8
linkagg static port 1/1/8 agg 9
linkagg static port 1/1/9 agg 10
linkagg static port 1/1/10 agg 11
linkagg static port 1/1/11 agg 12
linkagg static port 1/1/17 agg 1
linkagg static port 2/1/1 agg 2
linkagg static port 2/1/2 agg 3
linkagg static port 2/1/3 agg 4
linkagg static port 2/1/4 agg 5
linkagg static port 2/1/5 agg 6
linkagg static port 2/1/6 agg 7
linkagg static port 2/1/7 agg 8
linkagg static port 2/1/8 agg 9
linkagg static port 2/1/9 agg 10
linkagg static port 2/1/10 agg 11
linkagg static port 2/1/11 agg 12
linkagg static port 2/1/17 agg 1

! VLAN:
vlan 1 admin-state enable
vlan 99-113 admin-state enable
vlan 99 name “to_FW”
vlan 100 name “MGMT”
vlan 101 name “DATA_Basement”

vlan 103 name “DATA_Steel_Floor”

vlan 105 name “DATA_Ground_Floor”

vlan 107 name “DATA_First_Floor”

vlan 109 name “DATA_Second_Floor”

vlan 111 name “DATA_Third_Floor”

vlan 113 name “Camera_NVR_Server”
vlan 121 name “WIFI”
vlan 99 members port 2/1/18 untagged
vlan 99 members linkagg 1 untagged
vlan 100 members linkagg 2-12 tagged
vlan 101 members linkagg 2-3 tagged
vlan 121 members linkagg 2-3 tagged
vlan 103 members linkagg 4 tagged
vlan 103 members linkagg 12 tagged
vlan 121 members linkagg 4 tagged
vlan 121 members linkagg 12 tagged
vlan 105 members linkagg 5-6 tagged
vlan 121 members linkagg 5-6 tagged
vlan 107 members linkagg 7-8 tagged
vlan 121 members linkagg 7-8 tagged
vlan 109 members linkagg 9-10 tagged
vlan 121 members linkagg 9-10 tagged
vlan 111 members linkagg 11 tagged
vlan 121 members linkagg 11 tagged
vlan 113 members linkagg 2-12 tagged

! PVLAN:
! Spanning Tree:
spantree mode flat
spantree vlan 1 admin-state enable
spantree vlan 99 admin-state enable
spantree vlan 100 admin-state enable
spantree vlan 101 admin-state enable

spantree vlan 103 admin-state enable

spantree vlan 105 admin-state enable

spantree vlan 107 admin-state enable

spantree vlan 109 admin-state enable

spantree vlan 111 admin-state enable

spantree vlan 113 admin-state enable

! DA-UNP:
! Bridging:
! Port Mirroring:
! Port Mapping:
! IP:
ip interface “to_fw” address 10.10.10.2 mask 255.255.255.252 vlan 99 ifindex 1
ip interface “Camera_NVR_Server” address 172.16.0.1 mask 255.255.240.0 vlan 113
ip interface “MGMT” address 172.16.16.1 mask 255.255.255.0 vlan 100 ifindex 3
ip interface “DATA_Basement” address 172.16.17.1 mask 255.255.255.0 vlan 101

ip interface “DATA_Steel_Floor” address 172.16.19.1 mask 255.255.255.0 vlan 103

ip interface “DATA_Ground_Floor” address 172.16.21.1 mask 255.255.255.0 vlan 105

ip interface “DATA_First_Floor” address 172.16.23.1 mask 255.255.255.0 vlan 107

ip interface “DATA_Second_Floor” address 172.16.25.1 mask 255.255.255.0 vlan 109

ip interface “DATA_Third_Floor” address 172.16.27.1 mask 255.255.255.0 vlan 111

ip interface “DATA_Third_Floor” address 172.15.0.1 mask 255.255.240.0 vlan 121

! IPv6:
! IPSec:
! IPMS:
! AAA:
aaa authentication default “local”
aaa authentication console “local”
aaa authentication ftp “local”
aaa authentication http “local”
aaa authentication ssh “local”

aaa tacacs command-authorization disable

! NTP:
ntp server clock0.ovcirrus.com
ntp server clock1.ovcirrus.com
ntp server clock2.ovcirrus.com
ntp server clock3.ovcirrus.com
ntp client admin-state enable

! QOS:
! Policy Manager:
! VLAN Stacking:
! ERP:
! MVRP:
mvrp enable

! LLDP:
! UDLD:
! Server Load Balance:
! High Availability Vlan:
! Session Manager:
! Web:
! Trap Manager:
! Health Monitor:
health threshold memory 80

! System Service:
system timezone IST

! SNMP:
! BFD:
! IP Route Manager:
ip static-route 0.0.0.0/0 gateway 10.10.10.1 metric 1

! VRRP:
! UDP Relay:
! RIP:
! OSPF:
! IP Multicast:
! DVMRP:
! IPMR:
! RIPng:
! OSPF3:
! BGP:
! ISIS:
! Module:
! LAN Power:
! RDP:
! DHL:
! Ethernet-OAM:
! SAA:
! SPB-ISIS:

! SVCMGR:
! LDP:
! EVB:
! APP-FINGERPRINT:
! FCOE:
! QMR:
! OPENFLOW:
! Dynamic auto-fabric:
auto-fabric admin-state enable

! SIP Snooping:
! DHCP Server:
dhcp-server enable

! DHCPv6 Relay:
! DHCPv6 Snooping:
! DHCPv6 Server:
! DHCP Message Service:
! DHCP Active Lease Service:
! Virtual Chassis Split Protection:
! DHCP Snooping:
! APP-MONITORING:
app-mon separate-config-file

! Loopback Detection:
! VM-SNOOPING:
! PPPOE-IA:
! Security:
! Zero Configuration:
! MAC Security:
! OVC:
! EFM-OAM:
! ALARM-MANAGER:
! DEVICE-PROFILE:
! PTP:
! IP DHCP RELAY:
! TEST-OAM:
! LOOPBACK TEST:
! UDP6 RELAY:
! MGMT AGENT:
! MRP:
! PKGMGR:

→
Thanks

Thanks Rakesh.

I recommend changing from Static Link Aggregation to Dynamic with LACP. Static aggregate groups cannot be created between an OmniSwitch and some switches from other vendors.

Hope this helps.

Dear Adongula ,
Thank you for your support .Let me clear one thing All Switches are of ALE model numbers are viz:OS-6360 -48,OS-6360 -PH24,OS-6360-24.
Thanks and regards
Rakesh Sharma

like @adongula said you have static linkaggs. from your config looks like you have a static linkagg (agg 1) to your fortigate. tbh, not sure if this works ive never tried it. best practice would be to try lacp (is supported with fortigate).

not sure how you have your fortigate setup tho? HA or 2 ports in a hardware switch?

Static link doesnt work between ALE and other vendor. From the manual (page 9-5):

Note. Static aggregate groups cannot be created between an OmniSwitch and some switches from other vendors.

So if you have a static link to the fortinet, you need to change THAT before anything else!

Dear Team Thank you for your support…
While creating dynamic port i am facing one issue.For your reference configuration is as:
linkagg lacp agg 13 actor admin-key 5
linkagg lacp agg 13 size 2 admin-state enable
linkagg lacp port 1/1/18 actor admin-key 5
linkagg lacp port 2/1/18 actor admin-key 5
vlan 99 members linkagg 13 untagged
linkagg lacp agg 13 name FIREWALL

After configuration i am checking linkagg port but am unable to bind port in aggregation:

image662×580 9.8 KB

Your LACP configuration on the OmniSwitch is correct. I cannot tell if the member ports are correctly connected to the target unit and how LACP is configured on that side. Nor can I advise on that.

config looks ok… looks like your switch linkagg isnt speaking to the firewall correctly. can you verify the config on the firewall?

is the other port ok? run “show linkagg agg 13” and “show linkag agg 13 port”.

Video that might help future people that come across this post.