Hi all,
Wonder if someone can help me understand the use case for the auto-isl-port-group command on FortiSwitch. Taking the below diagram as an example, if the the distribution layer layer is already configured for MCLAG ICL when the access layer switches are attached the distribution layer switches will automatically establish automatically a trunk as per below:
edit "_FlInK1_MLAG0_"
set mode lacp-active
set auto-isl 1
set mclag enable
set members "port29" "port30"
Since these trunks are automatically established when connecting switches to an exiting MCLAG ICL peer group what is the use case for the auto-isl-port-group command and what difference is there in letting the trunks establish automatically rather than manually setting the auto-isl-port-group?
Thanks in advance.
Dan_Eng52
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Sachit Das,
Understood, I currently have a multi-tier deployment with automatically created trunks between the MCLAG tiers. Is this only recommended when connected a single switch to a MCLAG tier to let the trunks automatically establish and in this case doesn't require the auto-isl-port-group?
If there trunks are automatically established between the MCLAG tiers is it possible to issue this command live? Would the links establish correctly or is it best to delete the automatically generated trunks and disconnect the MCLAG tiers, issue the command and repatch?
Regards,
Dan.
Created on 06-03-2024 10:56 AM Edited on 06-03-2024 12:20 PM
Hello All.
I have a case in our network with MCLAG-ICL. Every time when I plane Multi-tier architecture auto-isl-port-groups I always setup before connecting switches. But what happen if I have already setwork when some one connected many switches and create one MCLAG-ICL group on tier-1 and 3 MCLAG-ICL groups on tier-2 but without grouping ports (auto-isl-port-group). Can I use this command and group switches when links are already formed ?
Below setup ( blue are MCLAG-ICL )
Hi Gatlinllon,
This will need to be configured only on links connecting to downstream tiers if you have a multi-tier deployment, the auto-isl-group name must match among MCLAG-ICL peers. This setting instructs the switches to group ports from MCLAG peers together into one MCLAG when the inter-switch link (ISL) is formed.
In the initial phase of deployment I didn't have this setup and the FortiSwitch devices established their ISL's automatically. Although this is not recommended by design this did not cause any STP issue or inconsistencies. I have since however, resolved this by issuing the below custom command on the FortiGate switch-controller since I have a full-stack deployment.
config switch auto-isl-port-group
edit tier-2
set members port29 port30
end
config switch-controller custom-command
edit "auto-isl-port-group-tier-2"
set command "config switch auto-isl-port-group %0a edit tier-2 %0a set members port29 port30 %0a end %0a"
end
In your case if you are connecting multi-tiers, this is required on the downstream links. Without it, there is a possibility of causing STP issue and inconsistencies which could affect network and since it is a recommendation and easy to implement.
If you're not implementing multi-tier MCLAG you do not need to worry about this.
Thanks,
Dan.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.