Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Can we use FortiSwitch MCLAG setup in access layer to connect end user machines?

We are planning to setup a topology like below.


Dual FGT + Dual FSW (In MCLAG) + AP's


Is it ok to connect end user machines in MCLAG switches?

What about the Fortinet recommendation?

Is MCLAG applicable only for aggregation layer to provide node level redundancy to access switches ? or can we use it in Access layer ?


Below is my understanding when we use ISL & MCLAG:


In ISL setup  : User data traffic flow from SW2 - SW1 - Active FGT

In MCLAG setup : User data traffic flow from SW2- Active FGT or SW2-ICL-SW1-Active FGT , since MCLAG pear switches are logically single switch, it will use both links depends on algorithm running in MCLA


yes, I am planning to go with the MCLAG setup with Split-brain state enabled, In that case if ICL links down then one of the switch goes dormant state.


If split-brain state disabled in same setup then my observation is, switches & connected AP's are not stable.


If we use MCLAG setup then one of the advantage is we can add multiple switches in tier 2 connectivity in future and all having redundant link & node support from uplink agg switches.


one more thing is it is using all the available links in MCLAG setup (ICL, 2 active links between switches & FGTs) to transmit and receive traffic.


If we go with the ISL setup without MCLAG then traffic is always goes via SW1 to FGT active link and second link is always standby. If switches are increasing (SW2, 3, 4, 5) then traffic from SW5 goes to 4, 3,2, then SW1 to FGT.  we don;t want this kind of setup

New Contributor III

Hi, did you get anywhere with this?

I'm looking for the exact same setup.

2x FG HA

2x Fortiswitch with 2x10G ICL


Hi CR,


yes I am talking about this similar kind of setup with MCLAG enabled.

Top Kudoed Authors