Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dthms
New Contributor

Created on ‎02-26-2022 01:57 PM Edited on ‎02-26-2022 01:59 PM

FortiSwitch trunks best practices across multiple switches?

I have a site where we tried to stagger trunks between multiple switches, for redundancy should one fail.  We were hoping STP would deal with keeping things straight, however when we rebooted switch #2 in the below diagram, #3 went off permanently, as if it was only ever trying to look for a connection from its port50 and not failing over to port49.

 

On other sites we have switches that have dual trunks that FortiLink takes care of LACP automatically, like this:


Switch1-1 # show switch trunk
config switch trunk
  edit "4FPTF20001720-0"
    set mode lacp-active
    set auto-isl 1
       set members "port49" "port50"
    next
end

 

But in the below picture example, here is the same output for Switch #1:


Switch2-1 # show switch trunk
config switch trunk
  edit "8FFTF21004328-0"
  set mode lacp-active
  set auto-isl 1
    set members "port48"
  next
end

And here is the second switch's output in the below example:


Switch2-2 # show switch trunk
config switch trunk
  edit "8FFTF21004165-0"
  set mode lacp-active
  set auto-isl 1
    set members "port48"
  next
edit "8FPTF20001565-0"
  set mode lacp-active
  set auto-isl 1
    set members "port49"
  next
edit "G101FTK19006567"
  set auto-isl 1
  set fortilink 1
    set members "port47"
  next
end

 

I'm just curious if this is not best practice, as something is definitely wrong-- a reboot of switch #2 takes #3 offline until the latter is power cycled.

 

This setup is below:

Labels:
4158
0 Kudos
4 REPLIES 4
Vando_Pereira
Staff
Staff

Created on ‎02-28-2022 03:46 AM Edited on ‎02-28-2022 03:46 AM

Hello,

 

I will try to help you out, but I have some questions to understand better your topology:

  • All the switches operate in L2 ? (The L2-L3 boundary is at the FortiGate ?)
  • Have you configured the STP Primary and Secondary root ? 

Best Regards,

Vando

As you think, so shall you become.
4097
0 Kudos
sachitdas_FTNT
Staff
Staff

Created on ‎03-02-2022 01:18 AM

Hi,

Based on your topology, FSW1 and FSW2 are acting as core switches. FSW3 and FSW4 are connected to both core switches.

I would suggest mclag topology.

Standalone FortiGate unit with dual-homed FortiSwitch access Page 48 https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/a5cb2173-7e2e-11ec-a0d0-fa163e...

 

 

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support
4087
0 Kudos
dthms
New Contributor

Created on ‎03-03-2022 10:27 AM

Is MCLAG supported on S148FF (switches #1-2) and S148FP (#3-4)?  For some reason I thought that it wasn't.

Currently running 6.4.6 on the switches as well.

4078
0 Kudos
sachitdas_FTNT
Staff
Staff
In response to dthms

Created on ‎03-04-2022 12:29 AM

Hi,

No its not supported on 148F, but in your diagram FSW model is 248E, hence suggested mclag setup.

May i know if you are using 802.3ad aggregate on FGT? If yes, please make sure split interface is enabled.

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support
4072
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.