- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-14-2021 09:36 AM
today I was setting up a new customer location (Fortigate, 5420 Exos and some APs).
First off all I figured out the Fortigate (LAN1 will be the uplink to 5420 Port 1).
LAN1 of Fortigate do have 4 tagged VLANs.
Now the switch is connected and have default configuration.
I was wondering why all the 4 VLANs which are configrued on fortigate lan1 are automaticly configured on the 5420 ?
Is there a new feature?
Already checked some standard features like lldp, but can't figure out where it comes from.
Default FW version is 31.3.1.3 patch1-7
thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-17-2021 08:33 AM
The switch in question was rebooted with "unconfigure switch".
https://extremenetworks2com-my.sharepoint.com/:u:/g/personal/lstevens_extremenetworks_com/EWnzkG1Blx...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-16-2021 03:29 AM
Yes, that is correct, EXOS does that. Up to 4095 though, and untagged as well of course.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-16-2021 01:57 AM
Already found that deactivating the auto-provisioning stops it.​
Normal behavier of course is to configured the switch first and afterward connecting to the network.
So thats may be the reason why I saw that for the first time.
So I'm wondering how it works.
Is the switch sending a dhcp discover on every vlan (1-4096) and after getting an answer he will create that vlan?
Thanks a lot.
Regards
Nico
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-15-2021 10:40 AM
This was most likely ZTP or ZTP+.
ZTP (auto-provisioning) starts automatically on a factory default bootup and detects attached VLANs based on the tags of incoming traffic. The switch dynamically creates and assigns these VLANs and enables DHCP on them in an attempt to connect to the network without configuration.
ZTP+ is an extension of this whereby you can use DNS entries and/or DHCP options to point the switch to a full configuration.
Regardless, those VLANs were probably detected based on incoming traffic, and if your FW is hosting DHCP, the switch probably got a few IP addresses. If you want to stop this behavior, 'disable auto-provision' on startup. ZTP does not take effect on a switch that's already been configured/saved; only on factory default bootup.
I'm not sure when this feature was introduced but it's been a while.
Hope that helps!
Gabriel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-15-2021 05:07 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-15-2021 04:59 AM
This is interesting. Fortinet as a kind of "Fabric" and I'm wondering if they based this on the auto-attach RFC (802.1Qcj) used for the Fabric-Attach.
Could you on the EXOS the FA status?
show fabric attach assignments
show fabric attach elements
show port 1 vlanThanks
sh lldp port 1 neighbors detailed
Mig