I have a Fortigate 200F, with Cisco stacked switches in 2 MDFs with an IDF off both MDFs with switches hanging off the IDF stacks. I have purchased Fortiswitches, FS-148F-FPOE. My experience is with Cisco switch stacking. I am trying to understand the best way to connect up the Fortiswitches to the Fortigate. I have read multiple articals online and on Fortinet's website. Everything seems to be a 20,000 feet view. I understand how to configure Fortilink and MLAG. What I am stuggling with is how Fortinet (Fortigate) connects all the switches in 2 MDFs and IDFs with network closets off the IDFs. Should I just connect a Fortiswitch to the Fortigate via Fortilink, and then connect all the Fortiswithces in the MDF to the first Fortiswitch, then connect the last switch in the MDF stack to the Fortigate. And then connect the main IDF to the MDF stack, and also connect the 2nd MDF to the main MDF stackm and Fortigate sees all the Fortiswitches and connects them all up to each other? Or do I configure MLAG in each MDF and IDF and connect the main MDF to the Fortgate via Fortilink? Will the Fortigate via Fortilink see all the switches even the MLAG swithces?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Best practice would be to use MC-LAG. Or do you want a single stack of switches? It depends 100% on your use-case and topology. How many switches do you have? What is your desired topology? Follow the guides exactly or you will lead to loops and unsupported topologies.
@DG Paystub wrote:I have a Fortigate 200F, with Cisco stacked switches in 2 MDFs with an IDF off both MDFs with switches hanging off the IDF stacks. I have purchased Fortiswitches, FS-148F-FPOE. My experience is with Cisco switch stacking. I am trying to understand the best way to connect up the Fortiswitches to the Fortigate. I have read multiple articals online and on Fortinet's website. Everything seems to be a 20,000 feet view. I understand how to configure Fortilink and MLAG. What I am stuggling with is how Fortinet (Fortigate) connects all the switches in 2 MDFs and IDFs with network closets off the IDFs. Should I just connect a Fortiswitch to the Fortigate via Fortilink, and then connect all the Fortiswithces in the MDF to the first Fortiswitch, then connect the last switch in the MDF stack to the Fortigate. And then connect the main IDF to the MDF stack, and also connect the 2nd MDF to the main MDF stackm and Fortigate sees all the Fortiswitches and connects them all up to each other? Or do I configure MLAG in each MDF and IDF and connect the main MDF to the Fortgate via Fortilink? Will the Fortigate via Fortilink see all the switches even the MLAG swithces?
To connect your FortiSwitches (FS-148F-FPOE) to the FortiGate 200F in a network with Cisco switches, first establish FortiLink between the FortiGate and the primary MDF (MDF1) by connecting one or more FortiSwitches directly to the FortiGate. Daisy-chain additional FortiSwitches in MDF1 and connect MDF2 and the IDFs to the MDF1 FortiSwitches. Configure MLAG within each MDF and IDF for redundancy and link the MLAG pairs to the FortiGate via FortiLink. This setup ensures that FortiGate manages all switches, including those in MLAG, providing full network visibility and redundancy.
Thank You, for your responses. To clarify, after configuring the MCLAG in both MDFs and IDFs, should each MDF be connected to the Fortigate via Fortilink, or would you connect the primary MDF to the Fortigate via Fortilink, and connect the secondary MDF to the primary MDF (via MCLAG or Fortilink)? Does the Fortigate see each MCLAG stack and join the MCLAG stacks to each other via Fortilink? Does Fortigate understand the VLANs associated with each MDF/IDF, or does it trunk all VLANs across each trunk when the VLANs are configured on the Fortigate? or does the Fortigate prune the VLANs somehow? I am just trying to wrap my head around how the Fortigate connects all the Fortiswitches to each other and to Fortigate for routing and spaning-tree. My understanding is MCLAG will not have loops, but if the MCLAG stacks are connected via Fortilink, I would think there could be loops. Thanks again for your time.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.