Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
sachitdas_FTNT
Staff
Staff

Created on ‎06-17-2022 06:46 AM Edited on ‎06-05-2024 07:06 AM By Moderator

Article Id 214925

Technical Tip: FortiLink over P2P wireless bridge/mesh

Description This article describes how to bring a managed FortiSwitch over a P2P wireless bridge/mesh link.
Scope FortiGate, FortiSwitch and FortiAP version 7.x.
Solution

Refer to the following config example:

 

Setup:

FortiGate- FortiSwitch(Switch1)port7 - FortiAP433F <---Mesh link--->FortiAP433F- FortiSwitch(Switch2)port7

 

Port7 has native VLAN1.

 

sachitdas_FTNT_1-1655471205955.png

 

sachitdas_FTNT_2-1655471711479.png

 

Configuration:

 

  • Both FortiSwitchs must be in FortiLink mode:
  • Use the following FortiSwitch configuration:

 

config system global

    set switch-mgmt-mode fortilink   

end

 

Note: The above command is not applicable for FortiSwitch versions 7.2 and above. See the following document: Special notices 7.2.0.

 

config switch global

    set fortilink-p2p-native-vlan 1

end

 

Here, VLAN1 is configured because APs are connected to native VLAN 1.

 

config switch physical-port

    edit "port7"

        set fortilink-p2p enable

end

 

Since the p2p native VLAN is configured as 1, the FortiLink VLAN 4094 will be tagged between the FortiSwitches. As a result, it is necessary to ensure that Leaf AP tags the VLAN 4094. Configure the following parameters on the Leaf AP:

 

cfg -a MESH_ETH_BRIDGE=1
cfg -a MESH_ETH_BRIDGE_VLANS=2,3,4094

cfg -c

 

Multiple VLANs can be added using a comma.

 

The output of the Inter-Switch Link (ISL) trunk FortiLink interface on both FortiSwitches is below. Note that the VLAN 4094 is tagged.

 

Switch1:

 

sh switch trunk

    edit "S124EFxxxx699-0"

        set auto-isl 1

        set static-isl enable    --> Make sure to enable static-isl.
        set members "port7"

    next

 

show switch interface

    edit "S124EFxxxx699-0"

        set allowed-vlans 1,39,50,99,4088-4094
        set dhcp-snooping trusted
        set edge-port disabled
        set snmp-index 33

 

Switch2:

 

sh switch trunk

    edit "S124EFxxxx159-0"

        set auto-isl 1

        set static-isl enable    --> Make sure to enable static-isl.
        set members "port7"

    next

 

show switch interface S124EFxxxx159-0
    config switch interface

     edit "S124EFxxxx159-0"

      set allowed-vlans 1,39,50,99,4088-4094
      set dhcp-snooping trusted
      set edge-port disabled
      set snmp-index 31

   next

end

 

FortiGate:

 

execute switch-controller get-conn-status
  Managed-devices in current vdom root:

  FortiLink interface : FortiLnk-ha
  SWITCH-ID VERSION STATUS FLAG ADDRESS JOIN-TIME NAME
  S124EFxxxx159 v7.0.4 (071) Authorized/Up - 169.254.2.3 Fri Jun 17    04:54:27 2022 xxxx159_switch1
  S124EFxxxx699 v7.0.3 (058) Authorized/Up - 169.254.2.4 Fri Jun 17    05:31:11 2022 xxx699_switch2

 

Related documents: 

Page 43: FortiLink over a point-to-point layer-2 network:

FortiSwitch Devices Managed by FortiOS 7.0

 

Refer to the following document link for the FortiAP mesh configuration:

Setting up a mesh connection between FortiAP units
9781
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.