Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jmart1191
New Contributor III

Cisco Trunk port to Fortiswitch

I am trying to configure our core Cisco 9300 to pass vlan traffic to Standalone Fortiswitch FS-224E. I have a ticket opened with both Cisco and Fortinet and have had both engineers on the phone but we were not able to get it to work. Does anyone have this kind of setup that is working properly? Also, do I have to setup a different port to manage the fortiswitch? I have set a static ip to the internal interface but once I trunk the port on the cisco side i lose management and cannot ping the ip or get to the gui, I have cisco port 36 trunked and goes to directly to  fortiswitch port 1 (I've tried trunking and tried without trunking set allow vlans and nothing works), I set a static route. Not sure what I'm missing but support has been no help on the Forti side. Have verified the trunk works on the cisco with another cisco trunked and vlans and traffic do work,

 

This is my Cisco Interface

interface GigabitEthernet1/0/36
description uplink to Fortiswitch
switchport trunk allowed vlan 100,200
switchport mode trunk
switchport nonegotiate

 

I have test this trunk to another Cisco and the vlans do pass.

 

Fortiswitch I've configured port 1 2 ways,

 

edit port1

set allowed-vlans 1,100,200

 

and I've also configured a trunk and added port 1 neither work.

 

 

36 REPLIES 36
Toshi_Esumi

What version of FortiswitchOS are you running? It's supposed to keep the config after a power-cycle. You probably want to open a ticket at TAC to see if any hardware issue, if it keeps happening.

 

Toshi

jmart1191

config-version=S224EN-7.02-FW-build444-230317 yea each time i reboot, i have a second 224 swtich and it also does the same thing when you reboot after configuring.

Toshi_Esumi

That is 7.2.4. I recommend you upgrade them to 7.2.7. Then open a ticket at TAC.

Toshi

pollardt3
New Contributor

I am just curious, what makes you buy fortiswitch instead of cisco? they are not cheap......(Or you are just using them to study NSE?)

jmart1191
New Contributor III

I'm glad you ask lol, we are upgrading our firewalls to fortigate and from the demo's we've seen there's a lot of pros to having fortiswitches on our network in conjunction with fortimanager which we are also purchasing. I'm a cisco guy and I love cisco so I decided to purchase 2 of these fortiswitches to test and see how they play with our cisco equipment which we have at all of our sites. The price is also a pro for us, I purchased 2 cisco 9200's a couple of months ago and it came out to 6k+ with licensing and everything and with the fortigates I got 2 of them fully licensed for 1,500. If I can get them to work with our current setup that's awesome but if not I like cisco much better and it wouldn't matter to me.

Toshi_Esumi

I posted in another thread recentry but FMG won't manage standalone FSW's config. Only when it's "fortilink managed" FSWs can be managed by FMG.

Toshi

jmart1191

Yea, we don't have the firewalls in place yet we are still running on our old system hence why I am using them in standalone mode. I'm assuming it will be easier when we have the forti system in place.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors