Hi All,
I am suffering by the trunk port crash when two trunk ports plugged between Forigate and Fortiswitch
Environment: I am using 1x Fortigate 80F, 1x Fortiswitch 124F-POE and 6x FortiAP 431F.
The cable connections are below:
a. 6x FortiAPs are connected with 124F (Port 1 - 6) with PoE enabled
b. 80F is connecting with 124F as below:
i) Fortilink Ports: 80F dedicate Ports (a and b) connect to 124F (23 and 24 Ports)
ii) Trunk Ports: 80F (Port 5 and 6 ) connect to 124F (21 and 22 Ports)
The trunk port configured as:
i) MC-LAG: disabled
ii) Mode: Static
iii) Enabled Features: Edge Port and Spanning Tree Protocol
When I configured the trunk port and plug two cables to the port, all the port in the switch crashed, because I cannot ping the gateway in 80F as well as the FortiAP will lost the configuration and failed connect with wireless devices (no SSID showed). Only the network resumed if unplug one of the trunk ports.
I have tried but no luck:
a) Removed the Edge Port in trunk ports
b) Change to another ports as new trunk ports
c) Replace the Cat 6 cables.
Please can you help on this?
Thanks
Ken
Solved! Go to Solution.
You have to create a normal VLAN on the Switch controller and assign an IP and a DHCP scope. Don't forget to enable Security Fabric Connection, this will allow the AP to build the tunnel automatically with FGT.
and make this VLAN as Native VLAN on the ports where the APs are connected:
If you have already configured two ports as part of the FortiLink, why do you need to add another trunk?
FortiLink will be used to transfer user data and multiple VLANs if needed, the topology is shown here.
All the VLANs that are created in FGT> Switch Controller will be added automatically in the FortiLink interface.
Hi elilcari,
Thank you for your reply.
Actually I missed to mentioned that I tried to use two fortilink ports, but the devices connected with switch cannot ping the gateway in 80F. I have followed the instruction here, and followed the topology you provided.
There is a little bit different the screen you share with my side, please see attached for detail.
I think maybe I have config the devices inappropriate.
Picture 1: fortilink interface under FGT> Switch Controller
Image 2: Fortilink under FGT>Network>Interfaces
Please can you take a look and advice?
Thanks
The configuration of FL is ok, mine just use a single port for it (port5) that's why it show differently. I see that you have only the built in VLANs created, you can go on and create the necessary VLANs and their IP configurations in WiFi & Switch controller> FortiSwitch VLANs
One more thing, I have created the SSID with the DHCP for the FortiAP, that connected with the Fortiswitch (Port 1 - 6), is it necessary to add the subnet/vlan to the fortilink interface? attached the settings below for your reference. Thanks again
If you are using "Tunnel" like shown above than there is no need to create WiFi user's VLAN on the ports where the APs connect. Only the AP's management VLAN is needed to be configured on these ports 1-6, all the WiFi user's traffic is tunneled from AP directly to the FGT, FSW is transparent in this case. For SSIDs in bridge mode you need to span the VLANs on the AP port.
Hi ebilcari,
Thank you for your help.
I am not familiar on AP's management VLAN is needed to be configured for port 1-6, may I know how to do this? Thanks again
You have to create a normal VLAN on the Switch controller and assign an IP and a DHCP scope. Don't forget to enable Security Fabric Connection, this will allow the AP to build the tunnel automatically with FGT.
and make this VLAN as Native VLAN on the ports where the APs are connected:
Created on 10-11-2023 07:54 AM Edited on 10-11-2023 08:12 AM
Thanks. I will try.
and:
1. May I know the DHCP in VLAN conflicts with the DHCP setup in SSID?
2. I have some wired printer in the 192.168.1.1/24 network, is it still printable after change the settings?
Thanks again
For SSID in tunnel mode you have to use different subnets for the Wifi user's traffic (SSID) and AP management. It's not recommended but you can use an existing VLAN/Subnet to put the APs like the existing printer's VLAN.
For bridged SSIDs you can use the same VLAN of AP management to bridge the WiFi user's traffic but that is also not recommended.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.