Is there any way to link two FortiSwitches together so that they can be managed as a single logical unit?.
All I can find are options to direct manage to each switch IP, FortiGate Fortilink (but still each switch) or FortiManager.
What i'm looking for is a similar way Cisco do the stackwise virtual so that two switches are a logical unit despite being in different locations. You configure both switches via one IP address and you see all ports listed together.
I know you can use MCLAG to create a Layer 2 link between the switches so that other edge stacks can connect to both. But I cannot see how to configure and use both switches as one logical unit. Also it gets more complicated as I need to have the FortiSwitches routing so they will have layer 3 IPs and also do some BGP dynamic routing. For routing, is VRRP the only option here if the switches cannot be setup as a single logical stack?
The only way I can see it working is:
2 Core FortiSwitches independantly managed by each switch IP (Core 1 and Core 2).
Both switches routing using VRRP between themselves to host the L3 IPs (Core 1 and Core 2).
Both switches linked using MCLAG (Core 1 and Core 2).
Edge stacks dual link to core (1 link to Core 1 and 1 link to Core 2).
Default gateway for VLANs is core stack L3 IPs (using VRRP).
In this setup I still have to configure each FortiSwitch independently rather as one unit.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
For now FortiSW doesn't support that type of virtualization (2 SWs to appear as one logical unit). The closest you can get is is MCLAG and a FortiGate that manages them in Fortilink like shown in this topology.
So, the way you manage the FS from the Gate or FortiManager make stacking kinda old school, other than not having LAG'ed uplinks. Stacking in my mind just causes issues. I have dealt with Cisco, Extreme, Enterasys, Juniper, Arista, Avaya switch stacks. ALL of them have issues when the "master" fails, and the secondary takes over. At Fortinet, they are using STP to block redundant links, so if the top switch uplink goes down for some reason, the bottom switch uplink will come out of blocking. You're not getting a 20 Gbps LAG, but you do have failover. Generally speaking, the failover time for STP on FortiSwitch is fast enough for 90% of all networks. Not saying this is the BEST way, this is just the way Fortinet is handling it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.