Connectivity Fault Management
Some FortiGate hardware models support Connectivity Fault Management (CFM) technology. With CFM, administrators can easily diagnose and resolve issues in Ethernet networks. CFM provides tools for monitoring, testing, and verifying the connectivity and performance of network segments.
The following platforms support CFM:
|
FortiGate |
FG-40F, FG-40F-3G4G, FG-60E, FG-60F, FG-61E, FG-61F, FG-80E, FG-80E-POE, FG-81E, FG-81E-POE, FG-81F, FG-90E-POE, FG-100F, FG-101F, FG-200E, FG-1100E |
|
FortiWiFi |
FWF-40F, FWF-60E, FWF-60F, FWF-61E, FWF-61F |
Use the config ethernet-oam cfm command to configure the CFM protocol.
config ethernet-oam cfm
edit <domain-id>
set domain-name <string>
set domain-level <integer>
config service
edit <service-id>
set service-name <string>
set interface "<string>"
set mepid <integer>
set message-interval <integer>
set cos <integer>
set sender-id Hostname {none | Hostname}
next
end
next
end
|
<domain-id> |
Specify the domain ID for the Ethernet layer operation, administration, and management (OAM) protocol. A unique domain ID is used to communicate with other peers under the same domain ID and domain level. |
|
domain-level <integer> |
Specify the OAM maintenance level (0 to 7, with 0 being the smallest and 7 being the largest). A unique domain level is used to communicate with other devices under the same domain ID and domain level. |
|
domain-name <string> |
Specify the OAM domain name or maintenance domain identifier (MDID). Other peer devices recognize the domain name. All devices in the same domain with the same service level can communicate with each other. |
A domain can provide multiple services. Each service uses a special service ID. The following items describe a service:
|
<service-id> |
Specify the ID for the service. |
|
service-name <string> |
Specify the name of the service. |
|
interface <string> |
Specify the name of the VLAN interface where the service is enabled. The service is associated with a particular VLAN network port and can't be accessed by other network ports. |
|
mepid <integer> |
Specify the unique ID of the maintenance association endpoints (MEP) (1 - 8191). The service is associated with a unique MEP ID and can't respond to other service requests of a different MEP ID. |
|
message interval <integer> |
Specify the continuity-check message frequency interval in milliseconds. Determines how long to send a continuity-check message to determine whether the service is alive. |
|
cos <integer> |
Specify the class of service (COS) bit for continuity-check messages (0 to 7). CoS is an optional, special bit in the packet of continuity-check messages. |
|
sender-id {none | hostname} |
Specify the type, length, value (TLV) sender ID:
The sender ID is an optional column that includes a hostname in the packet of continuity-check messages. |
The following diagnose commands can be used with this feature:
|
diagnose ethernet-oam cfmpeer |
Locate peers configured with |
|
diagnose debug application cfmd {enable | disable} |
Enable or disable debugging messages of the CFM protocol.
|
The following execute commands can be used with this feature:
|
execute ethernet ping |
Check if an interface has a peer with mac address and level available under CFM support. |
|
execute ethernet traceroute |
Check the Ethernet traceroute with the peer FortiGate. The traceroute is instructed to achieve a peer through an interface with mac_address and level available under CFM support. |
Example
In this example, an interface (vlan101) connects FortiGate 81F to FortiGate 101F. CFM is configured for the interface (vlan101) on the FortiGate 81F. All steps are performed on the FortiGate 101F.
Because this feature is based on IEEE 802.1Q, an IP address is not needed to connect the interface.
To configure and use CFM :
-
Configure CFM for the interface named
vlan101:config ethernet-oam cfm edit 1 set domain-name cfm-test set domain-level 1 config service edit 1 set service-name vlan-101 set interface "vlan101" set mepid 101 set message-interval 10000 set cos 7 set sender-id Hostname next end next end -
On the FortiGate 101F, show the peers connecting to the device:
# diagnose ethernet-oam cfmpeer wait for the responses from CCD daemons ... ======== MEPs (pid 11251) ======== ======== domain_name: cfm-test service_name: vlan-101 mepid: 101 ======== 1 MAC = e0:23:ff:9b:07:0a, state = UP, mdlevel = 1, domain_name = cfm-test, service_name = vlan-101, mepid = 81, TLV_port_status = PsUP, TLV_interface_status = isUp ======== END ========
-
On FortiGate 101F, check whether the interface has a peer under CFM support:
# execute ethernet ping vlan101 1 5 e0:23:ff:9b:07:0a Sending CFM LBM to e0:23:ff:9b:07:0a 64 bytes from e0:23:ff:9b:07:0a, sequence 422603820, 1 ms 64 bytes from e0:23:ff:9b:07:0a, sequence 422603821, 1 ms 64 bytes from e0:23:ff:9b:07:0a, sequence 422603822, 1 ms 64 bytes from e0:23:ff:9b:07:0a, sequence 422603823, 1 ms 64 bytes from e0:23:ff:9b:07:0a, sequence 422603824, 1 ms
-
Execute the Ethernet traceroute:
# execute ethernet traceroute vlan101 1 e0:23:ff:9b:07:0a Sending CFM LTM probe to e0:23:ff:9b:07:0a ethtrace_main: flags = 0, usefdbonly = 0 ttl 1: LTM with id 984984516 cfm_matchltr - 384 cfm_matchltr - 404 reply from e0:23:ff:9b:07:0a, id=984984516, ttl=0, RlyHit