From 22bb05aee3c3224165caeda600ed804056c46634 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Wed, 30 Mar 2022 12:46:15 +0300 Subject: [PATCH 1/2] Added LACP section to Fortigate debug --- ...e-debug-diagnose-complete-cheat-sheet.adoc | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index f6357b5..e69f0be 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -385,6 +385,54 @@ location of this IP, and whetehr this IP address is in FortiGuard black list. |=== +== LACP Aggregate Interfaces + +[cols=2, options="heade"] +|=== +|Command +|Description + +|*diagnose netlink aggregate list* +|List all aggregate interfaces in the current VDOM, shows names, state +(up/down), LACP mode and algorithm used + +|*diagnose netlink aggregate name <_aggregate interface name_>* +|Shows details of the given aggregate interface under the entry `actor state` +(preferred state is *ASAIEE*): LACP Mode (Active/Passive), +LACP Speed mode (Slow [default]/Fast), Synced or Out of Sync, minimal physical +interfaces to be up for the whole aggregate to be up, Aggregator ID (has to be +identical on both sides), own and peer's MAC addresses, link failure count. + +|*diagnose sniffer packet any "ether proto 0x8809" 6 0 a* +|Sniffer to see all LACP traffic on this Fortigate: `0x8809` LACP Ethernet +protocol designation, `6` - maximum verbosity, `0` - do not limit number of captured packets, `a` - show +time in UTC format, rather than delta from the 1st packet seen. LACP packets +should arrive from the peer's MAC address on the aggregate logical interface +name, and should leave from the physical interface(s) destined to the peer's MAC +address. This capture will also show LACP actor state in arriving/leaving +packets - for working LACP aggregate it should be `ASAIEE` in both directions. + +|*diagnose netlink port <_aggregate int name_> src-ip <_IP_> dst-ip <_IP_>* +|Show what physical port a packet given by the filter will exit. Available +filter keywords: + +`src-ip` - Source IP address. + +`dst-ip` - Destination IP address. + +`src-mac` - Source MAC address. + +`dst-mac` - Destination MAC. + +`proto` - Protocol number. + +`src-port/dst-port` - Source/Destination port. + +`vlan-id` - VLAN number. + + +|=== + == DHCP server .DHCP server From 0da0d72226625a061bb7d467da5051e84a66e9e0 Mon Sep 17 00:00:00 2001 From: Yuri Slobodyanyuk Date: Wed, 30 Mar 2022 12:48:09 +0300 Subject: [PATCH 2/2] Added LACP section to Fortigate debug --- .../Fortigate-debug-diagnose-complete-cheat-sheet.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc index e69f0be..ef56a05 100644 --- a/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc +++ b/cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc @@ -396,7 +396,7 @@ location of this IP, and whetehr this IP address is in FortiGuard black list. |List all aggregate interfaces in the current VDOM, shows names, state (up/down), LACP mode and algorithm used -|*diagnose netlink aggregate name <_aggregate interface name_>* +|*diagnose netlink aggregate name * |Shows details of the given aggregate interface under the entry `actor state` (preferred state is *ASAIEE*): LACP Mode (Active/Passive), LACP Speed mode (Slow [default]/Fast), Synced or Out of Sync, minimal physical @@ -412,7 +412,7 @@ name, and should leave from the physical interface(s) destined to the peer's MAC address. This capture will also show LACP actor state in arriving/leaving packets - for working LACP aggregate it should be `ASAIEE` in both directions. -|*diagnose netlink port <_aggregate int name_> src-ip <_IP_> dst-ip <_IP_>* +|*diagnose netlink port src-ip dst-ip * |Show what physical port a packet given by the filter will exit. Available filter keywords: