Can we use FortiSwitch MCLAG setup in access layer to connect end user machines?
We are planning to setup a topology like below.
Dual FGT + Dual FSW (In MCLAG) + AP's
Is it ok to connect end user machines in MCLAG switches?
What about the Fortinet recommendation?
Is MCLAG applicable only for aggregation layer to provide node level redundancy to access switches ? or can we use it in Access layer ?
Below is my understanding when we use ISL & MCLAG:
In ISL setup : User data traffic flow from SW2 - SW1 - Active FGT
In MCLAG setup : User data traffic flow from SW2- Active FGT or SW2-ICL-SW1-Active FGT , since MCLAG pear switches are logically single switch, it will use both links depends on algorithm running in MCLA
yes, I am planning to go with the MCLAG setup with Split-brain state enabled, In that case if ICL links down then one of the switch goes dormant state.
If split-brain state disabled in same setup then my observation is, switches & connected AP's are not stable.
If we use MCLAG setup then one of the advantage is we can add multiple switches in tier 2 connectivity in future and all having redundant link & node support from uplink agg switches.
one more thing is it is using all the available links in MCLAG setup (ICL, 2 active links between switches & FGTs) to transmit and receive traffic.
If we go with the ISL setup without MCLAG then traffic is always goes via SW1 to FGT active link and second link is always standby. If switches are increasing (SW2, 3, 4, 5) then traffic from SW5 goes to 4, 3,2, then SW1 to FGT. we don;t want this kind of setup
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.