Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dthms
New Contributor

FortiSwitch trunks best practices across multiple switches?

I have a site where we tried to stagger trunks between multiple switches, for redundancy should one fail.  We were hoping STP would deal with keeping things straight, however when we rebooted switch #2 in the below diagram, #3 went off permanently, as if it was only ever trying to look for a connection from its port50 and not failing over to port49.

 

On other sites we have switches that have dual trunks that FortiLink takes care of LACP automatically, like this:


Switch1-1 # show switch trunk
config switch trunk
  edit "4FPTF20001720-0"
    set mode lacp-active
    set auto-isl 1
       set members "port49" "port50"
    next
end

 

But in the below picture example, here is the same output for Switch #1:


Switch2-1 # show switch trunk
config switch trunk
  edit "8FFTF21004328-0"
  set mode lacp-active
  set auto-isl 1
    set members "port48"
  next
end

And here is the second switch's output in the below example:


Switch2-2 # show switch trunk
config switch trunk
  edit "8FFTF21004165-0"
  set mode lacp-active
  set auto-isl 1
    set members "port48"
  next
edit "8FPTF20001565-0"
  set mode lacp-active
  set auto-isl 1
    set members "port49"
  next
edit "G101FTK19006567"
  set auto-isl 1
  set fortilink 1
    set members "port47"
  next
end

 

I'm just curious if this is not best practice, as something is definitely wrong-- a reboot of switch #2 takes #3 offline until the latter is power cycled.

 

This setup is below:

4 REPLIES 4
Vando_Pereira

Hello,

 

I will try to help you out, but I have some questions to understand better your topology:

  • All the switches operate in L2 ? (The L2-L3 boundary is at the FortiGate ?)
  • Have you configured the STP Primary and Secondary root ? 

Best Regards,

Vando

As you think, so shall you become.
sachitdas_FTNT

Hi,

Based on your topology, FSW1 and FSW2 are acting as core switches. FSW3 and FSW4 are connected to both core switches.

I would suggest mclag topology.

Standalone FortiGate unit with dual-homed FortiSwitch access Page 48 https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/a5cb2173-7e2e-11ec-a0d0-fa163e...

 

 

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support
dthms
New Contributor

Is MCLAG supported on S148FF (switches #1-2) and S148FP (#3-4)?  For some reason I thought that it wasn't.

Currently running 6.4.6 on the switches as well.

sachitdas_FTNT

Hi,

No its not supported on 148F, but in your diagram FSW model is 248E, hence suggested mclag setup.

May i know if you are using 802.3ad aggregate on FGT? If yes, please make sure split interface is enabled.

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support
Labels
Top Kudoed Authors