Hi everybody,
I've got a FortiWiFi 61F and I'd like to know if those two FortiLink ports (A-B) can be used as a regular interfaces (as those 5x GE RJ45 Internal Ports). Apparently these aren't intended for this purpose as this article shows, right? They are only(?) intended to remotely manage FortiSwitch units, but could I eventually use them as regular interfaces?
Thank you everyone.
Those ports are just regular switch ports. You just need to remove anything related to "fortilink" in the config. Go CLI and "show | grep -f fortilink". Then you'll know what to remove.
well, I can see this
# show | grep -f "fortilink"
config switch-controller storm-control-policy
edit "auto-config"
set description "storm control policy for fortilink-isl-icl port" <---
set storm-control-mode disabled
next
end
But I'm not sure what should I disable or how should I disable it. There are in fact a lot of options inside WiFi & Switch Controller menu (in the web UI), my guess is I could turn off these menus by turning off "Switch Controller" and "WiFi Controller" in System > Feature Visibility (also in the web UI) but I'm not sure this will disable nothing but these "Switch Controller" and "WiFi Controller" menus, instead of the FortiLink feature itself.
Also I don't know what are the "storm-control-policy" and the "storm-controll-mode" although apparently the latter one is disabled.
No. That's just a description. Not doing anything functionally. Didn't you see it in hard or soft-switch config as well as DHCP server config? And I think it's in NTP config as well.
I can't see anything like "hard or soft-switch config" or "DHCP server config" in the web UI. In fact, DCHP server is configured per interface (in Network > Interfaces, when you create or edit one).
What I can see is a menu to create FortiLink interfaces in WiFi & Switch Controller > FortiLink Interface, also software switches are created in Network > Interfaces, when you create a new one you can chose its type as "Software Switch".
Also ... what do you mean with "NTP", I understand this acronym as Network Time Protocol.
No. All I'm talking about is in CLI. If you want/need to use those fortilink ports as regular interface "a" and "b", you need to use CLI to remove dependencies. That's why I suggested to use "show | grep -f fortilink" at the top level in CLI, which would show you where "fortilink" is used. Unfortunately I don't have FWF60F so I can't tell exactly what you would see. But I remember when I convered the fortilink port on an FG40F, I had to remove it at those parts of config.
Those are under "config system dhcp server" and "config system ntp" sections of CLI.
Well, if I do `show | grep -f "config system dhcp server"` I just can see
config system dhcp server <---
end
if I replace the `-f` argument with `-A <number of lines>` I can see part of the configs for DCHP servers for every interface with a DHCP server enabled, even the clients.
I don't know what has to do the NTP with this FortiLink ports, but for `show | grep -f "config system ntp"` I have
config system ntp <---
set ntpsync enable
end
And I don't see anything related with FortiLink.
So you're not using any DHCP server then. And FWF61F doesn't seem to use "fortilink" for the Fortilink interface.
What interface names do you have under "config sys interface" now? Just go to"config sys interface" then type "edit ?", it would show all interfaces including the Fortilink.
well I have this
name Name.
a static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical enable
b static 0.0.0.0 0.0.0.0 10.1.0.1 255.255.255.0 up disable physical enable
dmz static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical enable
internal1 static 0.0.0.0 0.0.0.0 172.20.1.1 255.255.255.0 up disable physical enable
internal2 static 0.0.0.0 0.0.0.0 192.168.2.1 255.255.255.0 up disable physical enable
internal3 static 0.0.0.0 0.0.0.0 192.168.1.1 255.255.255.0 up disable physical enable
internal4 static 0.0.0.0 0.0.0.0 172.50.1.1 255.255.255.0 up disable physical enable
internal5 static 0.0.0.0 0.0.0.0 10.100.0.1 255.240.0.0 up disable physical enable
modem pppoe 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 down disable physical enable
ssl.root static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable tunnel enable
wan1 static 0.0.0.0 0.0.0.0 217.124.116.61 255.255.255.0 up disable physical enable
wan2 dhcp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical enable
I tried to use 'b' interface/port (that's because you can see a IP/Netmask in there) but it's apparently the fortilink port.
(Couldn't I exit of "config sys interface" without saving? I've seen that `end` is to exit from there but saving changes)
If you didin't go into any of those interfaces, "end" wouldn't change anything. If you're still warried, you can use "abort" always.
You already broke the fortilink and separated them to indivdual "a" and "b". No, they're not in fortilink otherwise you shouldn't see "b" in the interface config. If you can't ping it from a device within the subnet connected to the port, something else must be causing it, not because of fortilink.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.