Dual-homed servers connected to FortiLink tier-1 FortiSwitch units using an MCLAG
To configure a multichassis LAG, you need to configure FortiSwitch 1 and FortiSwitch 2 as MCLAG peer switches before creating a two-port LAG. Use the set mclag-icl enable command to create an inter-chassis link (ICL) on each FortiSwitch unit. Then you set up two MCLAGs towards the servers, each MCLAG using one port from each FortiSwitch unit. You must disable the FortiLink split interface for the FortiGate unit.
This topology is supported when the FortiGate unit is in HA mode.
Standalone FortiGate unit with dual-homed FortiSwitch access
Standalone FortiGate unit with dual-homed FortiSwitch access
This network topology provides high port density with two tiers of FortiSwitch units.
Use the set mclag-icl enable command to create an ICL on each FortiSwitch unit.
HA-mode FortiGate units with dual-homed FortiSwitch access
HA-mode FortiGate units with dual-homed FortiSwitch access
In HA mode, only one FortiGate is active at a time. If the active FortiGate unit fails, the backup FortiGate unit becomes active.
Use the set mclag-icl enable command to create an ICL on each FortiSwitch unit.
Multi-tiered MCLAG with HA-mode FortiGate
Multi-tiered MCLAG with HA-mode FortiGate units
To configure a multi-tiered MCLAG with HA-mode FortiGate units:
- Configure FortiSwitch-1 for the tier-1 MCLAG:
config switch trunk edit “D243Z14000288-0” set mode lacp-active set auto-isl 1 set mclag-icl enable set members “port21” “port22”
next edit “__FoRtI1LiNk0__” set mclag enable set members “port24” “port23”
next edit “8DN4K16000360-0” set mode lacp-active set auto-isl 1 set mclag enable set members “port20”
next edit “mclag-core1” set mode lacp-active set auto-isl 1 set mclag enable set members “port1” “port2”
next edit “mclag-core2” set mode lacp-active set auto-isl 1 set mclag enable
Multi-tiered MCLAG with HA-mode FortiGate
set members “port3” “port4”
next end
- Configure FortiSwitch-2 for the tier-1 MCLAG:
config switch trunk edit “D243Z14000288-0” set mode lacp-active set auto-isl 1 set mclag-icl enable set members “port21” “port22”
next
edit “__FoRtI1LiNk0__” set mclag enable set members “port24” “port23”
next
edit “8DN4K16000360-0” set mode lacp-active set auto-isl 1 set mclag enable set members “port20”
next edit “mclag-core1” set mode lacp-active set auto-isl 1 set mclag enable set members “port1” “port2”
next edit “mclag-core2” set mode lacp-active set auto-isl 1 set mclag enable set members “port3” “port4”
next end
- Configure the tier-2 MCLAGs. For example, configure FortiSwitch-6 as follows:
config switch trunk edit “8DN3X15000026-0” set mode lacp-active set auto-isl 1 set mclag-icl enable set members “port43” “port44”
next
edit “8EP3X17000051-0” set mode lacp-active set auto-isl 1 set mclag enable set members “port45”
next
edit “_FlInK1_MLAG0_” set mode lacp-active set auto-isl 1 set mclag enable set members “port48” “port47”
next
edit “8EP3X17000069-0” set mode lacp-active set auto-isl 1 set mclag enable set members “port46”
next
end
Multi-tiered MCLAG with HA-mode FortiGate
- Configure the access FortiSwitch units.
On FortiSwitch-11:
config switch trunk edit “_FlInK1_MLAG0_” set mode lacp-active set auto-isl 1 set mclag enable set members “port48” “port47”
next
end
On FortiSwitch-12:
config switch trunk edit “_FlInK1_MLAG0_” set mode lacp-active set auto-isl 1 set mclag enable set members “port47” “port48”
next end
Grouping
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!