Refer to the following config example:

Setup:

FortiGate- FortiSwitch(Switch1)port7 - FortiAP433F <---Mesh link--->FortiAP433F- FortiSwitch(Switch2)port7

Port7 has native VLAN1.

Configuration:

• Both FortiSwitchs must be in FortiLink mode:
• Use the following FortiSwitch configuration:

config system global

    set switch-mgmt-mode fortilink   

end

Note: The above command is not applicable for FortiSwitch versions 7.2 and above. See the following document: Special notices 7.2.0.

config switch global

    set fortilink-p2p-native-vlan 1

end

Here, VLAN1 is configured because APs are connected to native VLAN 1.

config switch physical-port

    edit "port7"

        set fortilink-p2p enable

end

Since the p2p native VLAN is configured as 1, the FortiLink VLAN 4094 will be tagged between the FortiSwitches. As a result, it is necessary to ensure that Leaf AP tags the VLAN 4094. Configure the following parameters on the Leaf AP:

cfg -a MESH_ETH_BRIDGE=1
cfg -a MESH_ETH_BRIDGE_VLANS=2,3,4094

cfg -c

Multiple VLANs can be added using a comma.

The output of the Inter-Switch Link (ISL) trunk FortiLink interface on both FortiSwitches is below. Note that the VLAN 4094 is tagged.

Switch1:

sh switch trunk

    edit "S124EFxxxx699-0"

        set auto-isl 1

        set static-isl enable    --> Make sure to enable static-isl.
        set members "port7"

    next

show switch interface

    edit "S124EFxxxx699-0"

        set allowed-vlans 1,39,50,99,4088-4094
        set dhcp-snooping trusted
        set edge-port disabled
        set snmp-index 33

Switch2:

sh switch trunk

    edit "S124EFxxxx159-0"

        set auto-isl 1

        set static-isl enable    --> Make sure to enable static-isl.
        set members "port7"

    next

show switch interface S124EFxxxx159-0
    config switch interface

     edit "S124EFxxxx159-0"

      set allowed-vlans 1,39,50,99,4088-4094
      set dhcp-snooping trusted
      set edge-port disabled
      set snmp-index 31

   next

end

FortiGate:

execute switch-controller get-conn-status
  Managed-devices in current vdom root:

  FortiLink interface : FortiLnk-ha
  SWITCH-ID VERSION STATUS FLAG ADDRESS JOIN-TIME NAME
  S124EFxxxx159 v7.0.4 (071) Authorized/Up - 169.254.2.3 Fri Jun 17    04:54:27 2022 xxxx159_switch1
  S124EFxxxx699 v7.0.3 (058) Authorized/Up - 169.254.2.4 Fri Jun 17    05:31:11 2022 xxx699_switch2

For FortiAP and FortiSwitch versions 7.2.x and above, make the following configuration changes:

1. Configure Static IPs on Mesh Leaf AP:

cfg -a ADDR_MODE=STATIC

cfg -a AP_IPADDR=x.x.x.x   (This is the IP address of the leaf AP.)

cfg -a AP_NETMASK=y.y.y.y  (This is the subnet mask.)

cfg -a  IPGW=x.x.x.y      (This is the default gateway.)

cfg -c

2. Configure Static IP, static route and NTP server IP on the Remote FortiSwitch which is connected to Leaf AP:

config system interface

edit internal

set mode static

set ip x.x.x.x y.y.y.y     (Where x.x.x.x is the IP address and y.y.y.y is the subnet mask.)

end

config router static

edit 1

set status enable

set gateway x.x.x.x   (Where x.x.x.x is the FortiLink interface IP address on the FortiGate.)

set device internal

end

config system ntp

config ntpserver

edit 1

set server x.x.x.x   (Where x.x.x.x is the FortiLink interface IP address on the FortiGate.)

end

end

3. The auto-network VLAN on FortiSwitch should be 4094.

config switch auto-network

set mgmt-vlan 4094

set status enable

end

Related documents: 

Page 43: FortiLink over a point-to-point layer-2 network: FortiSwitch Devices Managed by FortiOS 7.0

Refer to the following document link for the FortiAP mesh configuration: Setting up a mesh connection between FortiAP units