We are planning to setup a topology like below.
Dual FGT + Dual FSW (In MCLAG) + AP's
Is it ok to connect end user machines in MCLAG switches?
What about the Fortinet recommendation?
Is MCLAG applicable only for aggregation layer to provide node level redundancy to access switches ? or can we use it in Access layer ?
Below is my understanding when we use ISL & MCLAG:
In ISL setup : User data traffic flow from SW2 - SW1 - Active FGT
In MCLAG setup : User data traffic flow from SW2- Active FGT or SW2-ICL-SW1-Active FGT , since MCLAG pear switches are logically single switch, it will use both links depends on algorithm running in MCLA
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
yes, I am planning to go with the MCLAG setup with Split-brain state enabled, In that case if ICL links down then one of the switch goes dormant state.
If split-brain state disabled in same setup then my observation is, switches & connected AP's are not stable.
If we use MCLAG setup then one of the advantage is we can add multiple switches in tier 2 connectivity in future and all having redundant link & node support from uplink agg switches.
one more thing is it is using all the available links in MCLAG setup (ICL, 2 active links between switches & FGTs) to transmit and receive traffic.
If we go with the ISL setup without MCLAG then traffic is always goes via SW1 to FGT active link and second link is always standby. If switches are increasing (SW2, 3, 4, 5) then traffic from SW5 goes to 4, 3,2, then SW1 to FGT. we don;t want this kind of setup
Hi, did you get anywhere with this?
I'm looking for the exact same setup.
2x FG HA
2x Fortiswitch with 2x10G ICL
Hi CR,
yes I am talking about this similar kind of setup with MCLAG enabled.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1516 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.