When FortiGate manages FortiSwitch(es), the FortiSwitches automatically create a trunk interface. Refer to the following example:

This article will focus on the FortiSwitch that is directly connected to the FortiGate.

• Port1 is directly connected to FortiGate.

FortiSwitch-FortiGate-FortiLink trunk default configuration::

FortiSwitch# config switch trunk

    edit "906CACDECE68-0"
        set mode lacp-active <----- Depends on whether the FortiLinkinterface on FortiGate is configured with LACP mode active.
        set auto-isl 1
        set isl-fortilink 1 <----- Depends on the neighbor-detect config on the FortiGate interface (LLDP or FortiLink).
        set mclag enable   <----- Depends on whether the FortiSwitch is configured for MCLAG-ICL.
        set members "port1"
    next

Note that this trunk name, lacp-mode and 'isl-fortilink' configuration depend on the FortiLink interface configuration on the FortiGate:

FortiGate# config system interface
    set fortilink-neighbor-detect lldp

    set lacp-mode active

end

FortiSwitch-FortiGate fortilink trunk interface default configuration: native VLAN 4094, allowed VLANS all, stp disabled, edge port disabled, dhcp snooping trusted

FortiSwitch# config switch interface
    edit "906CACDECE68-0"
        set native-vlan 4094
        set allowed-vlans 1-4094
        set dhcp-snooping trusted
        set stp-state disabled
        set edge-port disabled
    end

• port37 is the inter-switch link to another FortiSwitch.

FortiSwitch inter-switch link fortilink trunk default configuration:

FortiSwitch# config switch trunk

    edit "8EFTF18000726-0"
        set mode lacp-active
        set auto-isl 1
        set mclag enable
        set static-isl enable
        set members "port37"

    end

FortiSwitch inter-switch link fortilink trunk interface default configuration:  native vlan 4094, allowed vlans all, stp enabled, edge port disabled, dhcp snooping trusted.

FortiSwitch# config switch interface
    edit "8EFTF18000726-0"
        set native-vlan 4094
        set allowed-vlans 1-4094
        set dhcp-snooping trusted
        set edge-port disabled

        set stp-state enabled
    end

• ports23 and 24 are part of MCLAG-ICL fortilink trunk.

FortiSwitch MCLAG-ICL fortilink trunk default configuration:

FortiSwitch# config switch trunk

    edit "_FlInK1_ICL0_"
        set mode lacp-active
        set auto-isl 1
        set mclag-icl enable
        set members "port23" "port24"

    end

FortiSwitch MCLAG-ICL fortilink trunk interface default configuration:  native vlan 4094, allowed vlans all, stp enabled, edge port disabled, dhcp snooping trusted, igmp-snooping-flood-reports enable and mcast-snooping-flood-traffic enable.

FortiSwitch# config switch interface

    edit "_FlInK1_ICL0_"
        set native-vlan 4094
        set allowed-vlans 1-4094
        set dhcp-snooping trusted
        set edge-port disabled

        set stp-state enabled
        set igmp-snooping-flood-reports enable
        set mcast-snooping-flood-traffic enable
    end