We have existing Fortiswitch that is connected to a Cisco ASR. The Cisco has the layer 3 interfaces and IP's assigned for WAN and vlan subnets. We want to now install a second FortiSwitch, use the layer3 capabilities and use vrrp to make the link redundant (will convert existing Fortiswitch after configuration for new Fortiswitch is working). We have installed a 2nd circuit and will configure it to this second Fortiswitch that will now handle layer 3.
In essence, we want the Fortiswitches to be redundant on the LAN side to handle Vlan's (is that MCLAG?) but also be redundant but have a unique path out layer 3 to AWS. Each Fortiswitch has a separate layer 3 Circuit to AWS and I want to know if this can be Active/Active to use both circuits or only active/passive. The internet side is 10G for both circuits.
Please let me know if this makes sense. Can anyone share a similar config?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Would I use this?
https://docs.fortinet.com/document/fortigate/7.4.0/new-features/369021/support-inter-vlan-routing-by...
or This?
https://docs.fortinet.com/document/fortiswitch/7.4.3/fortiswitchos-administration-guide/939731/bgp-r...
Or a combination of both?
So confusing.
It is most likely not a VRRP issue. Your active router responds to ARP requests for the gateway, and all the outgoing traffic is going to that router. Now when traffic moves through the ISP core and the internet, it is perfectly possible for the return traffic to be routed to your passive VRRP router. Maybe because for some reason the routing protocol (BGP) finds the route to your passive router more attractive. A failure on the primary link, or like your ISP said, a backbone problem in the core can be the source of that https://vidmate.bid/ .
Thanks for the response. I have an issue at the moment that won't even let me get to the vrrp portion. I am unable to establish the layer 3 BGP connectivity on the FortiSwitch back to AWS. I had this same issue with the 1st FS and ended up installing a Cisco ASR in front to route layer 3 and get the BGP to work. How do i create an interface that can actually pass traffic at layer 3 on the FS? What am I missing?
config switch physical-port
edit "port28"
set description "Uplink to Megaport AWS-DC Circuit #2"
set lldp-profile "default-auto-isl"
set speed 10000full
edit "port28"
set native-vlan 364
set snmp-index 28
next
config router static
edit 1
set dst 0.0.0.0 0.0.0.0
set gateway 169.254.96.33
next
config router bgp
set as 64516
set router-id 169.254.96.38
config neighbor
edit "169.254.96.33"
set remote-as 64513
next
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.