Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
riteshpv
Staff
Staff

Created on ‎10-01-2024 06:38 AM

Article Id 346116

Technical Tip: Setting up FortiSwitch-1XX series in FortiLink in redundant connection

Description This article describes the ways of setting the FortiSwitch series to the FortiGate FortiLink aggregate interface.
Scope FortiSwitch-1XX series v7.2.0 or v7.4.0 or v7.6.0.
Solution
  • FortiSwitch FortiSwitch-1XX series (example: FortiSwitch-124F, FortiSwitch-148F) do not support MCLAG. Refer to the Feature matrix under High Availability -> MCLAG (multi-chassis link aggregation group).
  • Since MCLAG is not supported then concerns are raised on connecting these FortiSwitch models to FortiGate with multiple connection for redundancy.
  • Refer to the below topology:

Drawing 6.png

 

  • Here there are 2 examples.

Important Note: In this setup, the FortiGate FortiLink interface is 'set type aggregate'.

 

config system interface
    edit "fortilink"
        set vdom "root"
        set fortilink enable
        set ip 10.255.1.1 255.255.255.0
        set allowaccess ping fabric
        set type aggregate   <-- 
        set member "x1" "x2" "x3" "x4"
        set lldp-reception enable
        set lldp-transmission enable
    next
end

 

Example Topology1:

 

  • Here, FSW1 (port1 and port2) is connected to FortiGate (X1 and X2). 
  • Both ports are up and actively forwarding traffic.
  • More links can be added in this connection and they will be automatically added in one FortiLink trunk. 
  • In this example, FortiSwitch FSW1 is the root of the network.
  • Below is the example for the trunk forming in FortiSwitch (FSW1) towards one FortiGate.

 

config switch trunk
    edit "G120GTK2400XXXX"
        set mode lacp-active
        set auto-isl 1
        set fortilink 1
        set mclag enable
        set members "port1" "port2"
    next

end

 

Example Topology2:

 

  • Here FortiSwitch port1 port2 (FSW1 and FSW2) are connecting to FortiGate (X1, X2, X3 and X4).
  • To achieve the above connection, it is necessary to make the following changes:
    • Have at least one direct link-up between FortiSwitch FSW1 and FSW2. In this example port3 are interconnected.
    • Enable the Fortilink-split-interface on the FortiLink interface of the FortiGate.

 

fortilink-split-interface.jpg

 

 

 

  • When applying the above changes, one port will be up. Verify from FortiGate FortiLink interface -> Interface members
  • So from this topology2, either x1,x2,x3, or x4 can be up.
  • The port that is not up will be acting as redundant link.
  • Considering the X1 is up, the FortiSwitch FSW1 will be the root and all other FortiSwitch with direct link to FSW1 will be the forwarding and other redundant link (connecting to FSW2) will be alternate state.
  • For the case X1/X2 goes down then X3 will come up making Fortiswitch FSW2 as root and all other FortiSwitches with direct links to FSW2 will be the forwarding and other redundant links (connecting to FSW1) will be alternate state.
2636
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.