Can we use FortiSwitch MCLAG setup in access layer to connect end user machines?

Kavi_Wi-FI · ‎08-19-2022

We are planning to setup a topology like below.

Dual FGT + Dual FSW (In MCLAG) + AP's

Is it ok to connect end user machines in MCLAG switches?

What about the Fortinet recommendation?

Is MCLAG applicable only for aggregation layer to provide node level redundancy to access switches ? or can we use it in Access layer ?

Below is my understanding when we use ISL & MCLAG:

In ISL setup : User data traffic flow from SW2 - SW1 - Active FGT

In MCLAG setup : User data traffic flow from SW2- Active FGT or SW2-ICL-SW1-Active FGT , since MCLAG pear switches are logically single switch, it will use both links depends on algorithm running in MCLA

Anthony_E · ‎08-21-2022

Hello Kavi_Wi-Fi,

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Regards,

Anthony-Fortinet Community Team.

Anthony_E · ‎08-21-2022

Hello Kavi_Wi-Fi,

I have found this document:

https://docs.fortinet.com/document/fortiswitch/7.0.1/administration-guide/860027/mclag

Could you please tell me if it helps?

Regards,

Anthony

Anthony-Fortinet Community Team.

Kavi_Wi-FI · ‎08-21-2022

Hi Anthony,

I have already gone through this Fortinet documentations but it not contains much information like how MCLAG works, User data traffic flow, Link fails in MCLAG, Fortinet recommendations like whether we can use this MCLAG setup in access layer or aggregation layer, Benefits of this MCLAG in different network topology, ICL link fails with split brain state enabled/disabled, etc..

Anthony_E · ‎08-21-2022

Hello,

Understood.

We will then continue to look for answer :)!

Regards,

Anthony-Fortinet Community Team.

Kavi_Wi-FI · ‎08-21-2022

Thanks!!! Yeah, we will wait for answer and I am also testing this topology in lab and keep you posted here.

One more point is not getting proper documentations, Engineering support from Fortinet to discuss more on this topics.

Anthony_E · ‎08-22-2022

Thank you :)!

Anthony-Fortinet Community Team.

sachitdas_FTNT · ‎08-25-2022

Hi,

Usually, its not a best practice to connect end devices on core switches.

Incase of mclag switches, if the ICL goes down, that leads to split brain situation and one of the mclag switches will go into a dormant state, so users connected to this switch wont be able to pass traffic.

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support

Kavi_Wi-FI · ‎08-25-2022

Hi Sachit,

Thanks for the response!!!

Actually its not core switches, its access switches. MCLAG setup in access layer to connect end user machines.

Incase of mclag switches, if the ICL goes down, that leads to split brain situation and one of the mclag switches will go into a dormant state, so users connected to this switch wont be able to pass traffic -------------This is with MCLAG split brain state enabled right ? How about split brain state disabled ? Once disabled what will happen?

both switches will be in active ? or any other issues will raise?

sachitdas_FTNT · ‎08-28-2022

Hi,

In that case (end-user machines to access mclag-icl FSWs), it should work fine. I suggest having multiple ICL links and also going for a full mesh topology (criss-cross connection to core/uplink FSWs)

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support