Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fabs
Contributor

Created on ‎07-31-2025 02:29 AM Edited on ‎07-31-2025 04:28 AM

Replacing Cisco CBS350X Stack with 2x FortiSwitch 448E

Hi everyone,

I'm currently working with the following setup:

  • We have a FortiGate 100F

  • Port X1 on the FortiGate connects via 10G to a stack of 2x Cisco CBS350X (on the Ground Floor).

  • From there, there's an uplink via 10G to another stack of 2x Cisco CBS350X (on the Upper Floor).
    The reason for using the stack is to expand port availability, not for redundancy.

Now, I want to replace the Cisco stack on the Ground Floor with 2x FortiSwitch 448E but leave the stack in the Upper floor.

 

What would be the most sensible and correct way here?
Can the 448E also be operated in a stack?
Does it make sense to connect X1 and X2 to a 448E each? And to connect both 448E to the respective CBS350X on the upper floor?

Thanks in advance for your help!

Labels:
403
0 Kudos
9 REPLIES 9
AEK
SuperUser
SuperUser

Created on ‎07-31-2025 09:50 AM

Hi Fabs

FS-448E supports MCLAG. You can integrate X1 and X2 in an active-active FortiLink on FGT, and connect them to your FortiSwitches.

Something like this would be fine.

 

fsw.png

AEK
AEK
358
fabs
Contributor
In response to AEK

Created on ‎08-01-2025 12:31 AM Edited on ‎08-01-2025 01:47 AM

Hi @AEK 

Thank you very much for your reply and the diagram you drew.
I have another question regarding the (MCLAG) between the two 448E Switches.

My idea for the cabling would be as follows:

Fortigate 100F X1 -> 448E #1 Port 49 (10G SFP)
Fortigate 100F X2 -> 448E #2 Port 49 (10G SFP)

 

MCLAG:
448E #1 Port 51/Port 52 (10G SFP) -> 448E #2 Port 51/Port52 (10G SFP)

 

Uplink LCAP to Upper Floor CBS350 stacked
448E #1 Port 50 (10G SFP) -> CBS350 #1 XG1(10G SFP)
448E #2 Port 50 (10G SFP) -> CBS350 #2 XG1 (10G SFP)

However, this presents the issue that all 10G ports on both 448E are in use.
I require at least one additional 10G port on one of the 448E for another switch in a different part of the building.
So the question is, does the MCLAG have to need of 2x 10G, or would 1x 10G be sufficient?

 

In addition, I am planning to replace the two CBS350 stacked on the upper floor with also 2x 448E at the end of the year. What would be the sensible cabling solution here?

Thanks,

fabs

318
0 Kudos
AEK
SuperUser
SuperUser
In response to fabs

Created on ‎08-07-2025 11:26 AM

Hi Fabs

Yes you can use one single link to inter-connect the two FSW. Two is good for redundancy but 1 will work fine.

If you replace the Cisco switches by FSW then you can keep the same design as shown above if tired architecture is needed.

You can also check the Fortinet switching architecture guide.

https://docs.fortinet.com/document/fortiswitch/7.4.0/switching-reference-architecture-guide/383494/i...

Hope it helps.

AEK
AEK
258
fabs
Contributor
In response to AEK

Created on ‎09-24-2025 07:47 AM Edited on ‎09-24-2025 07:48 AM

@AEK 

If I now use the same configuration as described above, does this mean that I also set up an MC LAG between both 448Es and set up a connection to the above-mentioned 448E in each case?
In other words
448E #1 -> 448E #1
448E #2 -> 448E #2

Is this connection automatically set up as a trunk LAG, as with the Fortigate fortilink, or do I have to set up a trunk (LACP) on both 448Es, as I do now with the Cisco switches?

108
0 Kudos
AEK
SuperUser
SuperUser
In response to fabs

Created on ‎09-25-2025 12:06 PM

Hi Fabs

Unlike between Cisco & FSW, between the 2 pairs of FSW it wil be FortiLink (special trunk). This will allow you configure all the FSWs from FGT.

AEK
AEK
60
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎09-24-2025 09:07 AM Edited on ‎09-24-2025 09:07 AM

Just be aware the fact MCLAG/MC-LAG and "stacking" (called Virtual Chassis(VC) with Juniper SW) are different technologies as Google AI answers:

MCLAG is not traditional switch stacking because stacking treats multiple physical switches as a single logical unit with a unified control plane, while MCLAG involves two separate switches that act as a single logical entity for link aggregation, each maintaining its own distinct control plane, enabling features like hitless failover for connected devices but with more complex management compared to true stacking. 


Upper model Cisco SW and Juniper SW supports both while FSW suports only MCLAG.

Toshi
103
AEK
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎09-24-2025 09:31 AM

Exactly. But the idea is that LACP (802.3ad) should work between the two pairs.

AEK
AEK
99
fabs
Contributor
In response to AEK

Created on ‎09-25-2025 02:03 AM Edited on ‎09-25-2025 02:11 AM

@AEK 

Thank you for your reply.
About LACP thats clear for me so far.
If I now connect the new pair of 448Es to the current pair of 448Es, will this automatically configure itself as LACP (802.3ad), as from the first pair of 448Es to the FortiLink interface on the Fortigate, or do I have to configure it as a trunk port (LACP) on both 448Es, as I am currently doing with the Cisco switches?

Screenshot 2025-09-25 110542.png
Screenshot 2025-09-25 110603.png

 

 

 

fabs

70
0 Kudos
AEK
SuperUser
SuperUser
In response to fabs

Created on ‎09-25-2025 12:10 PM

No need to configure anything as long as you use FortiLink ports (port with blue chain logo). Or you can still use regular ports but you manually set them as FortiLink (if it is not automatically set).

The links between the FSW pairs will be FortiLink, so all tiers will be managed by FGT.

AEK
AEK
58
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.