Technical Tip: Configuring uplinks for MCLAG-ICL pair in L3 FortiSwitch deployment
| Description | This article describes the trunk configuration required on FortiSwitch uplinks when deployed as an MCLAG-ICL pair and connecting to dual routers or firewalls in an L3 topology. |
| Scope | FortiSwitch v7.4, v7.6. |
| Solution | Topology Overview: 
Configuration when FortiGate HA (Active-Passive) is used: In this setup, each FortiSwitch connects separately to each FortiGate. config switch trunk edit "FGT01" set auto-isl 1 set mclag enable set static-isl enable set members "port29" next edit "FGT02" set auto-isl 1 set mclag enable set static-isl enable set members "port30" next edit "_FlInK1_ICL0_" set mode lacp-active set auto-isl 1 set mclag-icl enable set members "port31" next end Here:
_FlInK1_ICL0_ -> automatically formed ICL trunk using the 'Transitioning from a FortiLink split interface to a FortiLink MCLAG' LLDP profile: Configuration when upstream devices operate as a single logical system: If the upstream devices function as a single logical system (for example, load-balanced firewalls, routers, or Cisco VPC pair), a single trunk can be configured on FortiSwitch. config switch trunk edit "Uplink" set auto-isl 1 set mclag enable set static-isl enable set members "port29" "port30" next edit "_FlInK1_ICL0_" set mode lacp-active set auto-isl 1 set mclag-icl enable set members "port31" next end Note: Uplink represents the aggregated trunk to the upstream router/firewall/load balancer. Use this configuration only when the upstream devices forward traffic as a single logical system. |