Description
This article explains the different types of FortiLink trunks and clarifies the meaning of the parameters auto-isl, fortilink, and isl-fortilink that appear in FortiLink trunk configurations.
Scope
FortiGate, FortiLink.
Solution
When FortiSwitch devices are managed by a FortiGate, FortiLink trunks are created automatically. No manual trunk configuration is required between FortiSwitch–FortiSwitch or FortiSwitch–FortiGate links.
To access a FortiSwitch from the FortiGate, run:
execute ssh admin@<switch_ip>
To verify the FortiSwitch IP address, run:
execute switch-controller get-conn-status
Topology Example:
MCLAG-ICL pair:
- tier1 pair: S248XXX00075 (port23) <---> (port23) S248XXX00001
- tier2 pair: S248****0855 (port23) <---> (port23) S248****0856)
Refer to the topology diagram. Connect to the FortiSwitch and review the trunk configuration:
S248*****00075 #show switch trunk
edit "_FlInK1_ICL0_"
set auto-isl 1
set fortilink 0
set isl-fortilink 0
set mclag-icl enable
set members "port23"
next
edit "8*****02609-0"
set mode lacp-active
set auto-isl 1
set fortilink 0
set isl-fortilink 0
set mclag enable
set members "port25"
next
edit "toCORES_tier-2"
set auto-isl 1
set fortilink 0
set isl-fortilink 0
set mclag enable
set members "port22"
next
edit "G200E********"
set auto-isl 1
set fortilink 1
set isl-fortilink 0
set mclag enable
set members "port48"
next
Explanation of Trunk Types:
'_FlInK1_ICL0_'.
This is an Inter-Chassis Link (ICL) trunk formed automatically between FortiSwitch peers based on the LLDP profile default-auto-mclag-icl.
In the above topology it is formed on port23 of tier1 and tier2 mclag-icl pair.
Note: In older version before lldp profile was introduced one had to manually enable mclag-icl after the auto trunk was formed between pair.
'8*****02609-0'.
This type of trunk is automatically formed on ISL port of connecting FortiSwitch that is not part of an MCLAG ICL pair. The name is derived from the FortiSwitch’s serial number. Here the trunk is formed on S248*****00075 port25 that is connecting to downlink FortiSwitch S248*****02609(non mclag-icl FortiSwitch). Similar trunk is seen on S248*****00001 port25.
Note: If another non mclag-icl FortiSwitch was connected to S248*****02609, the trunk will be formed on both FortiSwitch ISL ports with a name as described above.
'toCORES_tier-2'.
Formed on a uplink MCLAG pair that is connecting to downlink MCLAG pair, with the trunk name sourced from the auto-isl-port-group configuration.
Example configuration on FortiSwitch tier1 :
config switch auto-isl-port-group
edit "toCORES_tier-2"
set members port22
next
'G200E********'.
A trunk formed between a FortiSwitch and the FortiGate, when the fortilink-neighbor-detect setting is configured as FortiLink.
Note: If the setting is configured as lldp, the trunk name may appear as '906CACDECE68-0' instead.
'_FlInK1_MLAG0_'.
Trunk formed on downlink FortiSwitch ports that are connected to an uplink MCLAG pair. For instance, a trunk formed on ports 25 and 26 on S248XXX02609. A similar trunk name is created on S248*****0855 and S248*****0856 port22.
S248*****02609 # show switch trunk
config switch trunk
edit "_FlInK1_MLAG0_"
set auto-isl 1
set fortilink 0
set isl-fortilink 0
set mclag enable
set members "port25" "port26"
next
end
Understanding FortiLink Trunk Parameters:
To see the complete trunk configuration, run the following command on FortiSwitch.
show full-configuration switch trunk
These parameters are set automatically when FortiSwitch devices are managed by a FortiGate.
auto-isl:
0: Indicates a standard trunk (not FortiLink).
1: Indicates a FortiLink trunk.
fortilink:
0: Assigned to following 2 types of fortilink trunks:
- All ISL trunks such as _FlInK1_ICL0_, _FlInK1_MLAG0_, '8*****02609-0', 'toCORES_tier-2'.
- FortiLink trunks where fortilink-neighbor-detect is set to LLDP on the FortiGate interface.
1: Assigned to FortiLink trunks where fortilink-neighbor-detect is set to 'fortilink' on the FortiGate under the FortiLink interface.
isl-fortilink:
0: Assigned to following 2 types of fortilink trunks:
- All ISL trunks such as _FlInK1_ICL0_, _FlInK1_MLAG0_, '8*****02609-0', 'toCORES_tier-2'.
- FortiLink trunks with fortilink-neighbor-detect set to FortiLink.
1: Assigned to FortiLink trunks where fortilink-neighbor-detect is set to LLDP on the FortiGate under the FortiLink interface.
FortiGate FortiLink interface configuration example:
FG100D3GXXXXXXXX # config system interface
FG100D3GXXXXXXXX (interface) edit flink-lag <----- 'flink-lag' is the name of the FortiLink interface (dedicated to FortiSwitch) created on FortiGate.
FG100D3GXXXXXXXX (flink-lag) set fortilink-neighbor-detect ?
lldp <----- Detect FortiLink neighbors using LLDP protocol.
fortilink <----- Detect FortiLink neighbors using the FortiLink protocol. If the LLDP is set, then in the FortiSwitch, the FortiLinktrunk value will be 'set'.
Depending on the fortilink-neighbor-detect value, the FortiSwitch trunk will reflect the appropriate FortiLink and isl-fortilink settings.
