Technical Tip: Managed FortiSwitch redundancy for Access-VLAN feature
| Description | This article describes the behavior of the 'fortilink-split-interface' feature, when to validate the correct setting of 'fortilink-neighbor-detect' FortiLink or LLDP, and in scenarios make it necessary to set it to 'fortilink'.
FortiGate:
FortiSwitch:
|
| Scope | FortiOS 7.6.1+. |
| Solution | In cases where both of the conditions are met, change the following setting on the FortiGate managing the switches:
config system interface edit fortilink set fortilink-neighbor-detect fortilink end
This is because, starting from FortiOS 7.6.1, the default 'fortilink-neighbor-detect' is updated to LLDP instead. If the detect mode will be left on LLDP (the new default) with ring topologies/no MCLAG and with the default 'fortilink-split-interface' enabled (as it should with ring topologies) will have an impact on any VLANs configured to block intra-VLAN traffic if a failover event occurs.
The failover can either be for the existing FortiGate FortiLink members, resulting in a new member actively forwarding traffic, or a complete switch failure/shutdown/disconnection.
Consider the following topology example illustrating the issue:
A fully detailed explanation on how 'fortilink-split-interface' mechanism works when the detect mode is LLDP or FortiLink can be found in Technical Tip: Expected behavior of the FortiGate FortiLink aggregate interface 'split interface' option with multiple FortiSwitches connected to the FortiGate. |
