FortiSwitch Managed by FortiOS 6 – Dual-homed servers connected to FortiLink tier-1 FortiSwitch units using an MCLAG

Dual-homed servers connected to FortiLink tier-1 FortiSwitch units using an MCLAG

To configure a multichassis LAG, you need to configure FortiSwitch 1 and FortiSwitch 2 as MCLAG peer switches before creating a two-port LAG. Use the set mclag-icl enable command to create an inter-chassis link (ICL) on each FortiSwitch unit. Then you set up two MCLAGs towards the servers, each MCLAG using one port from each FortiSwitch unit. You must disable the FortiLink split interface for the FortiGate unit.

This topology is supported when the FortiGate unit is in HA mode.

Standalone FortiGate unit with dual-homed FortiSwitch access

Standalone FortiGate unit with dual-homed FortiSwitch access

This network topology provides high port density with two tiers of FortiSwitch units.

Use the set mclag-icl enable command to create an ICL on each FortiSwitch unit.

 

HA-mode FortiGate units with dual-homed FortiSwitch access

HA-mode FortiGate units with dual-homed FortiSwitch access

In HA mode, only one FortiGate is active at a time. If the active FortiGate unit fails, the backup FortiGate unit becomes active.

Use the set mclag-icl enable command to create an ICL on each FortiSwitch unit.

Multi-tiered MCLAG with HA-mode FortiGate

Multi-tiered MCLAG with HA-mode FortiGate units

To configure a multi-tiered MCLAG with HA-mode FortiGate units:

  1. Configure FortiSwitch-1 for the tier-1 MCLAG:

config switch trunk edit “D243Z14000288-0” set mode lacp-active set auto-isl 1 set mclag-icl enable set members “port21” “port22”

next edit “__FoRtI1LiNk0__” set mclag enable set members “port24” “port23”

next edit “8DN4K16000360-0” set mode lacp-active set auto-isl 1 set mclag enable set members “port20”

next edit “mclag-core1” set mode lacp-active set auto-isl 1 set mclag enable set members “port1” “port2”

next edit “mclag-core2” set mode lacp-active set auto-isl 1 set mclag enable

Multi-tiered MCLAG with HA-mode FortiGate

set members “port3” “port4”

next end

  1. Configure FortiSwitch-2 for the tier-1 MCLAG:

config switch trunk edit “D243Z14000288-0” set mode lacp-active set auto-isl 1 set mclag-icl enable set members “port21” “port22”

next

edit “__FoRtI1LiNk0__” set mclag enable set members “port24” “port23”

next

edit “8DN4K16000360-0” set mode lacp-active set auto-isl 1 set mclag enable set members “port20”

next edit “mclag-core1” set mode lacp-active set auto-isl 1 set mclag enable set members “port1” “port2”

next edit “mclag-core2” set mode lacp-active set auto-isl 1 set mclag enable set members “port3” “port4”

next end

  1. Configure the tier-2 MCLAGs. For example, configure FortiSwitch-6 as follows:

config switch trunk edit “8DN3X15000026-0” set mode lacp-active set auto-isl 1 set mclag-icl enable set members “port43” “port44”

next

edit “8EP3X17000051-0” set mode lacp-active set auto-isl 1 set mclag enable set members “port45”

next

edit “_FlInK1_MLAG0_” set mode lacp-active set auto-isl 1 set mclag enable set members “port48” “port47”

next

edit “8EP3X17000069-0” set mode lacp-active set auto-isl 1 set mclag enable set members “port46”

next

end

Multi-tiered MCLAG with HA-mode FortiGate

  1. Configure the access FortiSwitch units.

On FortiSwitch-11:

config switch trunk edit “_FlInK1_MLAG0_” set mode lacp-active set auto-isl 1 set mclag enable set members “port48” “port47”

next

end

On FortiSwitch-12:

config switch trunk edit “_FlInK1_MLAG0_” set mode lacp-active set auto-isl 1 set mclag enable set members “port47” “port48”

next end

 

Grouping


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.