question

stylus avatar image
0 Likes"
stylus asked

FortiSwitch cannot be authorized

My FortiGate is on 7.2 and I'm trying to connect a FortiSwitch. The Switch was recently factory reset and was upgraded to 7.2 on standalone mode.

The Switch is showing up on the GUI...so it's connected. I authorized it through Managed FortiSwitches and everything seems fine: I get a green pop up saying that the device as been authorized and to wait for 6-8 minutes.

And of course, after 6-8 minutes, it's still unauthorized. Tried this a couple of times. I'm not getting any sort of error messages, just the green pop up. Any pointers? This has never happened before.

FortilinkFortiSwitch
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

5 Answers

·
cloudy avatar image
0 Likes"
cloudy answered

Can you check your VLAN list? I wonder if this may be the problem: vsw.fortilink required to authorize FortiSwitches.

10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

cloudy avatar image
0 Likes"
cloudy answered

Could you bring up the CLI and enter:

execute switch-controller get-conn-status

as well as

execute switch-controller diagnose-connection <serial number of the FortiSwitch>
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

stylus avatar image
0 Likes"
stylus answered

Thanks @cloudy

It says the switch is discovered but not authorized. I'm not sure why the GUI did not throw an error.

10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

stylus avatar image
0 Likes"
stylus answered

Thanks @cloudy. Summarizing my steps here in case it helps others:

  1. Authorizing the Switch from the GUI seemed to work (success message) but Switch remained unauthorized
  2. Ran execute switch-controller diagnose-connection s/n to double check status
  3. Setting up vsw.fortiink VLAN solved the authorization issue
  4. Switch refused to come online
  5. Ran the command at #2 again, which said "No CAPWAP IP address retrieved"
  6. Checked NTP settings: seemed good (also logged into the Switch GUI to confirm the system time)
  7. Physically factory reset the Switch while it was plugged into the FortiGate: this solved the CAPWAP problem


My Switch had been used previously in standalone mode. My guess is that some "legacy" settings was stopping it from getting a DHCP lease.

10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

jefftrevors avatar image
0 Likes"
jefftrevors answered

Did you check the time/date on the switch?

10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Welcome to FortiAnswers

FortiAnswers is the space dedicated to FortiSASE and FortiOS questions and suggestions.

  • Please review the Community guidelines
  • If you are a moderator, please refer to the Moderation guidelines
  • If something in the above guidelines is unclear, please post your question to the Community Feedback space or the Moderators' space