Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
plsikk
New Contributor III

Created on ‎11-06-2023 09:52 AM

Multi-tier ICL-MCLAG configuration

Hello all Members.

I would like to say hello for all .

I'm starting my adventure with Forti Switches  and need some tips or example how to make configuration.

My case is: like below.

2023-11-06_18-23-13 (Large).jpg

 

I need to create/configure additional pair of fiber switches connected by ICL-MCLAG and directly connected to stack of switches which are connected to FortiGate's. I already created one pair which is working fine but when I want to activate ICL-MCLAG between switch on top and red rectangle, both are going offline and only factory reset for both help. I found article about three-tier MCLAG config https://community.fortinet.com/t5/FortiGate/Technical-Tip-Three-tier-MCLAG-configuration-on-managed/... but the question is, how to configure on the same level the second pair.

Already prepared 

config switch auto-isl-port-group

for this new pair but exist one is without this config. Is it possible to create new group and setup member ports for already connected and configured pair without removing those switches from FortiGate. And if it is possible , how to do this with less downtime.

I'm appreciate for any help.

 

Best regards
Best regards
Labels:
1981
0 Kudos
1 Solution
sachitdas_FTNT
Staff
Staff

Created on ‎11-14-2023 11:01 PM

Hi,

On the tier1 MCLAG ICL FSWs pair, create auto-isl-port-group. We recommend a criss-cross connection between tier1 and tier2. For example on tier1 ports used are port1 port2, then config on both tier1 FSWs should be

config switch auto-isl-port-group

edit name

set members port1 port2

end

 

For existing connection to 2nd pair of tier2 ICLs, if you havent configured auto-isl-port-group, then you can configure the same during a small maintenance window. and you should see the auto-isl-port-group name in the trunk.

command:- show switch trunk

If you dont see the trunk, then you need to delete the existing trunk and then new trunk will show up.

config switch trunk

delete <trunk name>

end

 

There will be a network impact during this change.

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support

View solution in original post

1859
5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Created on ‎11-08-2023 09:20 PM

Hello plsikk,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
1925
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎11-12-2023 11:03 PM

Hello plsikk,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
1884
0 Kudos
plsikk
New Contributor III
In response to Anthony_E

Created on ‎11-12-2023 11:13 PM

ok, Thank you

Best regards
Best regards
1881
sachitdas_FTNT
Staff
Staff

Created on ‎11-14-2023 11:01 PM

Hi,

On the tier1 MCLAG ICL FSWs pair, create auto-isl-port-group. We recommend a criss-cross connection between tier1 and tier2. For example on tier1 ports used are port1 port2, then config on both tier1 FSWs should be

config switch auto-isl-port-group

edit name

set members port1 port2

end

 

For existing connection to 2nd pair of tier2 ICLs, if you havent configured auto-isl-port-group, then you can configure the same during a small maintenance window. and you should see the auto-isl-port-group name in the trunk.

command:- show switch trunk

If you dont see the trunk, then you need to delete the existing trunk and then new trunk will show up.

config switch trunk

delete <trunk name>

end

 

There will be a network impact during this change.

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support
1860
plsikk
New Contributor III
In response to sachitdas_FTNT

Created on ‎11-15-2023 09:54 AM

Is working prefect. Already configured for both groups . Many Many thanks for this solution

Best regards
Best regards
1840
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.