This change is necessary because, by default, an auto-isl trunk will be generated between the two FortiLink networks. This could cause VLAN 4094 (the default mgmt VLAN) to be shared between two networks. If any FortiSwitch is rebooted, it could end up managed by any FortiGate.

Note: 

This article applies only when Fortiswitch-A and Fortiswitch-B are getting connected for the first time. If there is already a FortiLink established between these two FortiSwitches, it does not apply. Reach out to Fortinet Technical Support by creating a support ticket.

As these changes are done locally on FortiSwitches, a Factory reset of Fortiswitch-A or Fortiswitch-B can remove these changes. Precaution should be taken before adding these switches back to the network and connecting them again.

• Use the above topology for reference where Fortigate-A and Fortigate-B are managing several FortiSwitches. The last managed switch by Fortigate-A and Fortigate-B will be Fortiswitch-A and Fortiswitch-B respectively.
• Ensure that only switches up to Fortiswitch-A show up under managed switches on Fortigate-A and similarly, only switches up to Fortiswitch-B should be shown under managed switches by Fortigate-B.
• Port28 on Fortiswitch-A is connected with port17 on FortiSwitch. This link connects two different sites.
• Refer to the below steps on how to identify and change the LLDP profile assigned to a particular FortiSwitch port from FortiGate GUI and FortiGate CLI.

FortiGate GUI:

• Navigate under WiFi & Switch Controller -> FortiSwitch Ports:
• By default, the LLDP Profile column is hidden.
• To enable it, hover the mouse over the topmost column titles and select the grey gear icon that appears. Select and enable LLDP Profile.
  
  

   

• Navigate to the specific FortiSwitch and its port on which it is desired to change the LLDP profile.
• Check the LLDP profile on the FortiSwitch ports (port28 of Fortiswitch-A and port17 of Fortiswitch-B) on the respective FortiGate GUI. (Use anyone without auto-isl enabled, could be default profile)
• Edit the LLDP profile column here and set it to the required LLDP profile for a particular port.
  
  

FGT # config switch-controller managed-switch
FGT (managed-switch) # edit <preexisting-switch-serial-number>
FGT (S224ABCD00000001) # config ports
FGT (ports) # edit <port#-that-connects-NEW-switch>
FGT (port1) # set lldp-profile default
FGT (port1) # end
FGT (S224ABCD00000001) # end

• Check auto-isl status on the LLDP profile from the FortiGate CLI of both FortiGates. By default, the 'default' LLDP profile will have auto-isl disabled, and 'default-auto-isl' profile has it enabled.
  
  
  

• Use the LLDP profile with auto-isl disabled (Here, it is the 'default' LLDP profile).
• In this case, change the LLDP profile on port28 of Fortiswitch-A and port17 of Fortiswitch-B to the 'default' LLDP profile. (it is possible to use either CLI or GUI for changing the LLDP profile as illustrated in the above steps).
• Once the LLDP profile is changed, check the managed FortiSwitches under FortiGate GUI and it will show only FortiSwitches which are managed by the respective FortiGate. It will only show FortiSwitches up to Fortiswitch-A under Fortigate-A GUI and only up to Fortiswitch-B for Fortigate-B GUI.
• On the Spanning Tree, any of the FortiSwitches connected directly to any FortiGates could become the root Switch. If this behavior is not desired, Spanning Tree can be disabled on the link between FortiLink Networks. Take care with redundant links.