Switch log messages
The log messages in this section are issues related to switching functionality.
802.1x-authenticated port using MAB is unauthorized
ID |
10000 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"user: mac: on port <port_name> MAB mode=<status> unauthorized \" |
Meaning |
An 802.1x-authenticated port using MAC authentication bypass (MAB) is unauthorized. |
802.1x-authenticated port using MAB is authorized
ID |
10001 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"user:<user_name> mac: <MAC_address> on port<port_name> <MAB> mode=<mode> authorized set <authorization>=<status> \" |
Meaning |
An 802.1x-authenticated port is authorized. |
No authentication on port
ID |
10002 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
No authentication on port <port_name> |
Meaning |
The dynamic VLAN identifier and MAC address already exist in the static MAC address entry table. |
802.1x-authenticated port reset to unauthorized mode
ID |
10003 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"802.1x port <port_name> reset to unauthorized mode and native_vlan =<VLAN_ID> \" |
Meaning |
The 802.1x-authenticated port was reset to unauthorized mode and to the specified native VLAN identifier. |
802.1x-authenticated port not authorized
ID |
10004 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"user:<user_name> mac: <MAC_address> on port <port_name> <MAB> mode=<mode> unauthorized set <authorization_status>=<failure> \" |
Meaning |
The 802.1x-authenticated port is not authorized. |
RADIUS CoA disconnected the 802.1x-authenticated session
ID |
10005 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"802.1x port session <MAC_address>: disconnected\" |
Meaning |
RADIUS change of authorization (CoA) was used to disconnect the 802.1x-authenticated session. |
RADIUS CoA bounced the 802.1x-authenticated port
ID |
10006 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
|
Meaning |
RADIUS CoA was used to bounce the 802.1x-authenticated port. |
RADIUS CoA disabled the 802.1x-authenticated port
ID |
10007 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"802.1x port <port_name> link down\" |
Meaning |
RADIUS CoA was used to disable the 802.1x-authenticated port. |
RADIUS CoA reauthorized the 802.1x-authenticated session
ID |
10008 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"802.1x port session <MAC_address>: re-auth\" |
Meaning |
RADIUS CoA was used to reauthorize the 802.1x-authenticated session. |
RADIUS CoA changed the 802.1x-authenticated session timeout
ID |
10009 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"802.1x port session <MAC_address>: session timeout change:<timeout_value>:\" |
Meaning |
RADIUS CoA was used to change the timeout setting of the 802.1x-authenticated session. |
Maximum number of MAC sessions for system exceeded
ID |
10010 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
MAC= , not authorized, exceed system maximum of <number_of_sessions> MAC sessions. |
Meaning |
The maximum number of MAC sessions for the system was exceeded. |
MAC session counter is not synchronized
ID |
10011 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
ftnt_fswitch_resync_system_mac_session used mac session counter :<counter_ID>: not match with STA. Need to flush all interfaces.\n |
Meaning |
The MAC session counter is not synchronized. All interfaces must be flushed. |
Unsupported egress-VLAN configuration
ID |
10012 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"Unsupported Egress-VLAN configurations with tagged VLANs and INGRESS-FILTERS=DISABLED for mac on <interface_name>. VLANs set to ingress and egress.\" |
Meaning |
The egress-VLAN configuration is not supported when the VLANs are tagged and the ingress filters are disabled. |
Batch installation failed
ID |
10015 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
|
Meaning |
Using batch installation for a dynamic ACL failed. |
Batch add or delete succeeded
ID |
10016 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
|
Meaning |
Batch adding or deleting succeeded. |
Maximum number of unauthorized MAC sessions exceeded
ID |
10017 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
MAC= , not authorized, exceed <number_of _MAC_sessions> maximum of <number_of _MAC_sessions> MAC sessions. |
Meaning |
The maximum number of unauthorized MAC sessions was exceeded. |
Too many source ports in dynamic ACL
ID |
10018 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
Filter-Id l4 src port exceed 1 limit:<number_of_ports>:.\n |
Meaning |
The number of source ports in the dynamic ACL exceeded the limit. |
Too many destination ports in dynamic ACL
ID |
10019 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
Filter-Id l4 dst port exceed 1 limit:<number_of_ports>:.\n |
Meaning |
The number of destination ports in the dynamic ACL exceeded the limit. |
Too many port ranges in dynamic ACL
ID |
10020 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
Filter-Id l4 only support single port range either src or dst.\n |
Meaning |
The dynamic ACL supports a single port range; it can be a source port range or a dynamic port range. Delete any additional port ranges. |
VLAN changed for RADIUS CoA
ID |
10021 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"802.1x port session <session_number>: CoA Vlan_Id change\" |
Meaning |
The VLAN ID was changed for RADIUS change of authorization (CoA). |
Dynamic ARP inspection messages
ID |
10100 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
|
Meaning |
|
DHCP-snooping messages
ID |
10200 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
|
Meaning |
|
Rogue IPv4 DHCP server detected
ID |
10201 |
Type |
Event log |
Subtype |
Switch |
Severity |
Alert |
Message |
msg=\"A rogue DHCP server has been detected on the interface.\" |
Meaning |
A rogue IPv4 DHCP server was detected. |
Rogue IPv6 DHCP server detected
ID |
10202 |
Type |
Event log |
Subtype |
Switch |
Severity |
Alert |
Message |
msg=\"A rogue DHCPv6 server has been detected on the interface\" |
Meaning |
A rogue IPv6 DHCP server was detected. |
Flap guard resetting port
ID |
10300 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
|
Meaning |
|
Flap guard shutting down port
ID |
10301 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
|
Meaning |
|
Loop guard shutting down interface
ID |
10400 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"Loop Guard: <loop detected or loop detected with MAC move over threshold> on <switch_interface>. Shutting down <switch_interface>.\" |
Meaning |
Loop guard is resetting the specified port. |
Loop guard resetting interface
ID |
10401 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"Loop Guard: Resetting <switch_interface>.\" |
Meaning |
Loop guard is resetting the specified port. |
Network monitoring started
ID |
10500 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"network monitoring started by user.\" |
Meaning |
A user started network monitoring. |
Network monitoring stopped
ID |
10501 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"network monitoring stopped by user.\" |
Meaning |
A user stopped network monitoring. |
Sticky MAC entries saved
ID |
10600 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"Sticky MAC entries saved = <number_of_entries>.\" |
Meaning |
The specified number of sticky MAC entries have been saved. |
Sticky MAC entries cannot be saved
ID |
10601 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
|
Meaning |
The specified number of sticky MAC addresses cannot be saved either because the static MAC address table is full or because the MAC address learning limit has been reached. |
Too many sticky MAC entries saved
ID |
10602 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"Warning: Large number of Sticky MAC (<number_of_entries>) entries saved. Some entries may fail to load on reboot.\" |
Meaning |
Too many sticky MAC entries have been saved, and some might be lost when the switch is rebooted. |
Unsaved sticky MAC entries deleted
ID |
10603 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"Unsaved Sticky MAC entries flushed = <number_of_entries>.\" |
Meaning |
Unsaved sticky MAC entries have been deleted. |
MAC address learning limit exceeded
ID |
10604 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"The number of saved Sticky MAC (<number_of_ entries>) entries exceeds the learning limit (<learning_limit>) for VLAN ID <VLAN_ID>\" |
Meaning |
The number of saved sticky MAC entries for the specified VLAN has exceeded the MAC address learning limit. |
Static MAC entries exceed the learning limit
ID |
10700 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"The number of saved Static MAC (<number_of_entries>) entries exceeds the learning limit (<learning_limit>) for switch interface <switch_interface>.\" |
Meaning |
The number of saved static MAC addresses exceeds the MAC address learning limit for the specified switch interface. |
Deleting or adding an access VLAN failed
ID |
10750 |
Type |
Event log |
Subtype |
Switch |
Severity |
Information |
Message |
|
Meaning |
|
Automatic mirror configuration failed
ID |
10751 |
Type |
Event log |
Subtype |
Switch |
Severity |
Critical |
Message |
msg=\"The Mirror auto-configuration session \'<mirror_session>\' failed to resolve.\" |
Meaning |
The automatic mirror configuration has failed. |
Automatic mirror configuration completed
ID |
10752 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"The Mirror auto-configuration session \'<mirror_session>\' with collector IP <IP_address> has successfully been autoconfigured.\" |
Meaning |
The automatic mirror configuration has failed. |
Mirroring might be interrupted
ID |
10753 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"The Mirror auto-configuration session \'<mirror_session>\' is recalculating. Mirroring may be interrupted.\" |
Meaning |
Mirroring might be interrupting while the automatic mirror configuration is recalculating. |
Automatic mirror configuration stopping
ID |
10754 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"The Mirror auto-configuration session \'<mirror_session>\' is stopping.\" |
Meaning |
The automatic mirror configuration is stopping. |
FortiGate nonblocking authentication daemon crashed
ID |
10900 |
Type |
Event log |
Subtype |
Switch |
Severity |
Varies |
Message |
|
Meaning |
The FortiGate nonblocking authentication daemon crashed. |
New MAC address learned
ID |
11100 |
Type |
Event log |
Subtype |
Switch |
Severity |
Information |
Message |
msg=\"new <MAC_address> learned\" |
Meaning |
A new MAC address has been learned. |
MAC address moved
ID |
11101 |
Type |
Event log |
Subtype |
Switch |
Severity |
Information |
Message |
|
Meaning |
The MAC address was moved to a new switch interface and deleted from the old switch interface. |
MAC address deleted
ID |
11102 |
Type |
Event log |
Subtype |
Switch |
Severity |
Information |
Message |
msg=\"<MAC_address> deleted\" |
Meaning |
The MAC address is deleted when the mac-aging-interval is reached. |
Bounced switch port now up
ID |
11111 |
Type |
Event log |
Subtype |
Switch |
Severity |
Information |
Message |
msg=\"Bounce port: putting switch port <port_name> as up\" |
Meaning |
The bounced switch port is now up. |
Bounced switch port now down
ID |
11112 |
Type |
Event log |
Subtype |
Switch |
Severity |
Information |
Message |
msg=\"Bounce port: putting switch port <port_name> as down\" |
Meaning |
The bounced switch port is now down. |
IGMP-snooping group not added
ID |
11120 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"IGMP Snooping: unable to program group <IGMP-snooping_group> to hw\" |
Meaning |
The IGMP-snooping group was not added to the hardware table because of a hash collision. |
MLD-snooping group not added
ID |
11121 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"MLD Snooping: unable to program group <MLD-snooping_group> to hw\" |
Meaning |
The MLD-snooping group was not added to the hardware table because of a hash collision. |
ACL failed to update
ID |
11130 |
Type |
Event log |
Subtype |
Switch |
Severity |
Error |
Message |
msg=\"ACL update : <ACL_ID> failure \" |
Meaning |
The ACL failed to update. |
VLAN list for ring port no longer includes MRP VLAN
ID |
11250 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"The VLAN list for ring-port <port_name> has been changed and no longer includes MRP VLAN <VLAN_ID>.\" |
Meaning |
The VLAN list for the ring port no longer includes the VLAN specified for the MRP network. |
Ring ports 1 and 2 do not have the same VLAN list
ID |
11251 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"MRP ring-port1 and ring-port2 don't have the same vlan list.\" |
Meaning |
Ring port 1 and ring port 2 must have the same VLAN list. |
MRP ring is open
ID |
11252 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"Ring Open detected.\" |
Meaning |
The MRP ring is open. Each ring port must be connected to another ring port. |
MRP ring is closed
ID |
11253 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"Ring Close detected.\" |
Meaning |
The MRP ring is closed. |
MRP switch changed from automanager to manager
ID |
11254 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"MRP role changed from automanager to manager.\" |
Meaning |
The MRP switch that was assigned the role of automanager has changed to the role of manager. |
MRP switch changed from automanager to client
ID |
11255 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"MRP role changed from automanager to client.\" |
Meaning |
The MRP switch that was assigned the role of automanager has changed to the role of client. |
MRP was restarted
ID |
11256 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"restart MRP due to trunk with ring port changed.\" |
Meaning |
The MRP was restarted because a trunk with an MRP ring port changed. |
MRP status changed
ID |
11257 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"MRP is <status>.\" |
Meaning |
The MRP status changed. |
MRP VLAN not included in ring ports
ID |
11258 |
Type |
Event log |
Subtype |
Switch |
Severity |
Warning |
Message |
msg=\"Trunk and Ring port association is changed; MRP vlan is not in ring ports.\" |
Meaning |
The trunk and MRP ring-port association changed, and the MRP VLAN is no longer included in the ring-port configuration. |
MRP ring port changed state
ID |
11259 |
Type |
Event log |
Subtype |
Switch |
Severity |
Notice |
Message |
msg=\"MRP ring port <port_name> change state to <state>.\" |
Meaning |
The specified MRP ring port changed state. |
VLAN already used by LAN segment
ID | 11300 |
Type | Event log |
Subtype | Switch |
Severity | Warning |
Message |
|
Meaning | When you enable LAN segments, FortiSwitchOS automatically assigns a VLAN for internal use. This VLAN cannot be used for any other purpose. |