Skip to main content
lletourn
lletourn
New Member
October 4, 2017
Question

LAG/LACP between stacked Fortiswitches

  • October 4, 2017
  • 2 replies
  • 25923 views

I currently have a fortigate with 2 stacked Fortiswitches (248D).

Each switch is connected using only one port to the other.

 

I have a LAGed NAS on one switch. The LAG uses 4 ports for higher throughput from various networked devices.

 

Before I try it, I was wondering if it was possible to LAG/LACP multiple ports of stacked fortiswitches so that devices on the 2nd switch can gain higher throughput to the NAS on the first switch?

 

Basically I don't want to have 48 devices on the 2nd switch have to go through a single 1Gb/s port to access the NAS.

 

Thank you

2 replies

tanr
tanr
New Member
October 4, 2017

I'm not yet a user of the FortiSwitches, but have been scanning their documentation recently about this.  For what it's worth, from what I've read:

 

I believe you can have the FortiLink to the managing 5.4.5 FortiGate be LAG.  See http://docs.fortinet.com/uploaded/files/3076/manageFSWfromFGT540.pdf, page 15 for details.  I don't know if FOS 5.4.5 or the current FortiSwitch versions support fully using all the LAG ports together, though, as mentioned in https://forum.fortinet.com/tm.aspx?m=149333

 

From https://forum.fortinet.com/tm.aspx?m=149333  it sounds like LAG for the inter-switch link (ISL) should work.  Per the admin docs, it says that the inter-switch link is "created automatically" once the switches are connected to the FGT by a FortiLink connection.  The FortiSwitch 3.4.0 CLI reference, under "config sys trunk", mentions this obliquely in its definition of "auto-isl" as "Automatically forms an ISL-encapsulated trunk, up to the specified maximum size".

 

BTW, it looks like FortiGates with 5.6.x and newer FortiSwitch versions will have a nice additional option for this called multichassis lag (MCLAG) which may be a simpler solution with more redundancy.  Referenced in http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-managing-fortiswitch/AdditionalContent.htm.  See the mclag-icl field under "config sys trunk".  Not that I'm going to be switching to 5.6.x anytime soon!

lletourn
lletournAuthor
New Member
October 4, 2017

I had read about the LAG to the fortigate in the doc. But nowhere do they mention LAG support between switches. Neither as being possible or impossible.

 

ISL, from what I understood from the doc, is only used with the last switch of the stack that connects back to the fortigate.

 

I guess the only way to know is to try it and bench it to see if it works. I'm surprised that this is not documented anywhere.

 

 

tanr
tanr
New Member
October 4, 2017

I agree, it should be better documented.

 

Please let us know how your tests of this turn out.

rgracioli_FTNT
Staff
rgracioli_FTNT
Staff
October 5, 2017

LAG between two FSW can be achieved with MCLAG functionality. See MCLAG under Network Topologies at  http://docs.fortinet.com/d/fortiswitch-devices-managed-by-fortios-5.6 - when FSW is controlled by FGT. 

tanr
tanr
New Member
October 5, 2017

@rgracioli_FTNT,

 

How about if the switches are being managed by FortiGates on 5.4.5?  It looked like MCLAG wasn't available for that case.  Can we use LAG between stacked FortiSwitches to increase bandwidth?  How about LAG to increase bandwidth back to the FGT?

 

 

Terms & ConditionsAccessibility statement