| Description | This article describes how to manage FortiGate connected to a non-Fortinet Layer3 Switch. A non-Fortinet L3 Core switch is the default gateway for VLANs. L3 Switch has a default route to FortiGate Firewall. Connect a FortiSwitch to FortiGate's Fortilink over a non-Fortinet Switch. |
| Scope | FortiLink over a non-Fortinet Switch. |
| Solution |
Switch commands:
config system interface edit "internal" set ip 172.16.1.2 255.255.255.0 set allowaccess ping https ssh set type physical set snmp-index 30 next end
config switch interface edit "internal" set native-vlan 4094 set stp-state disabled set snmp-index 29 next end
config router static edit 1 set dst 0.0.0.0 0.0.0.0 set gateway 172.16.1.1 next end
config switch trunk <- To core L3 switch. edit "FLINK" set auto-isl 1 set static-isl enable set static-isl-auto-vlan disable set members "portxx" next edit “other ftnt-switch“ <- To Fortinet switch. set auto-isl 1 set static-isl enable set static-isl-auto-vlan disable set members "portxx" next end
config switch interface <- To core L3 switch. edit "FLINK" set allowed-vlans 1-4094 set dhcp-snooping trusted set edge-port disabled set snmp-index 31 next edit " other ftnt-switch " set allowed-vlans 1-4094 set dhcp-snooping trusted set edge-port disabled set snmp-index 32 next end
Static commands to find FortiLink:
config switch-controller global set ac-discovery-type static config ac-list edit 1 set ipv4-address 10.255.1.1 <- default IP address for FortiLink. next end end
Repeat these commands on other switches. |
