I currently have a fortigate with 2 stacked Fortiswitches (248D).
Each switch is connected using only one port to the other.
I have a LAGed NAS on one switch. The LAG uses 4 ports for higher throughput from various networked devices.
Before I try it, I was wondering if it was possible to LAG/LACP multiple ports of stacked fortiswitches so that devices on the 2nd switch can gain higher throughput to the NAS on the first switch?
Basically I don't want to have 48 devices on the 2nd switch have to go through a single 1Gb/s port to access the NAS.
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'm not yet a user of the FortiSwitches, but have been scanning their documentation recently about this. For what it's worth, from what I've read:
I believe you can have the FortiLink to the managing 5.4.5 FortiGate be LAG. See http://docs.fortinet.com/uploaded/files/3076/manageFSWfromFGT540.pdf, page 15 for details. I don't know if FOS 5.4.5 or the current FortiSwitch versions support fully using all the LAG ports together, though, as mentioned in https://forum.fortinet.com/tm.aspx?m=149333.
From https://forum.fortinet.com/tm.aspx?m=149333 it sounds like LAG for the inter-switch link (ISL) should work. Per the admin docs, it says that the inter-switch link is "created automatically" once the switches are connected to the FGT by a FortiLink connection. The FortiSwitch 3.4.0 CLI reference, under "config sys trunk", mentions this obliquely in its definition of "auto-isl" as "Automatically forms an ISL-encapsulated trunk, up to the specified maximum size".
BTW, it looks like FortiGates with 5.6.x and newer FortiSwitch versions will have a nice additional option for this called multichassis lag (MCLAG) which may be a simpler solution with more redundancy. Referenced in http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-managing-fortiswitch/AdditionalConten.... See the mclag-icl field under "config sys trunk". Not that I'm going to be switching to 5.6.x anytime soon!
I had read about the LAG to the fortigate in the doc. But nowhere do they mention LAG support between switches. Neither as being possible or impossible.
ISL, from what I understood from the doc, is only used with the last switch of the stack that connects back to the fortigate.
I guess the only way to know is to try it and bench it to see if it works. I'm surprised that this is not documented anywhere.
I agree, it should be better documented.
Please let us know how your tests of this turn out.
and MC-LAG is not what I want here.
From what I understand from the way it's described, MC-LAG is used if you have 2 or more switches and you have a server with multiple network cards.
Instead of using LAG/LACP from the server to ONE of the switches to have higher total throughput, you set one of the active server network interfaces on each switch to limit the number of hops (and bottle necks) to get to the server
So if I have 2 switches FS-A FS-B and a server S that has 4 network interfaces
if I LAG S[1234] -> FS-A then all devices plugged in all 44 ports on FS-A can share the 4Gb/s trunk (one port is capped at 1Gps but this is fine)
if FS-B -> FS-A with a single port, then all 47 devices on FS-B share a SINGLE 1Gbps connection to FS-A so there is a bottleneck for the NAS
if I MCLAG S[12] -> FS-A and S[34] -> FS-B then the ports on each switch will share a 2Gps max to the nas
Now, What i want is (and I've done this with other vendors),
S[1234] -> FS-A
FS-B [1234...] -> FS-A
All devices on FS-A can share 4Gps and All devices on FS-B can also share the 4Gps to the NAS.
This last option allows for the max utilisation of the ressources.
Sorry I posted this answer on the wrong thread, I meant it as an answer to @rgracioli_FTNT,
@tanr pretty much summed up my answer too
yes, it's possible to use LAG between FSW and FGT, the FGT interface type is configured as "aggregate". For the links between FSW - ISL (Inter Switch Links), it's also possible to have LAG, they are automatically configured once the cable is plugged.
Rafael Gracioli | Consulting Systems Engineer, ADC and Switching m: +31 6 50 28 72 99 | skype: rgracioli | e: rgracioli@fortinet.com
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Selective wrote:Would really like to know this too
Does ISL work between standalone FortiSwitches ?
LAG between two FSW can be achieved with MCLAG functionality. See MCLAG under Network Topologies at http://docs.fortinet.com/d/fortiswitch-devices-managed-by-fortios-5.6 - when FSW is controlled by FGT.
Rafael Gracioli | Consulting Systems Engineer, ADC and Switching m: +31 6 50 28 72 99 | skype: rgracioli | e: rgracioli@fortinet.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.