Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AGMP
New Contributor

Created on ‎02-08-2023 06:27 AM Edited on ‎02-08-2023 07:43 AM

standalone Fortiswitches configure LAG/LACP

Hey everyone,

I have two fortiswitch 224D running 7.2.2 firmware that i want to configure standalone.
Switch 1 uses ports 23/24 for WAN and is connected to switch 2 with fiber.
My workstation is connected to switch 1 using mgmt port.

I created the vlans i need and also created a trunk using the fiber ports however, i seem not to be able to communicate with switch 2.

Since i am obviously doing something wrong but don't know what, could someone point me in the right direction ?

Labels:
162
0 Kudos
8 REPLIES 8
ebilcari
Staff
Staff

Created on ‎02-08-2023 07:50 AM

As I understood you have connected the two switches with two fiber links and you are trying to setup a Link Aggregation on those 2 links. Did you pass the needed VLAN on the trunk interface?

https://docs.fortinet.com/document/fortiswitch/7.2.2/administration-guide/352388/link-aggregation-gr...

You can try to setup two IPs on both Switches on the same subnet and VLAN, make sure it's allowed on the trunk and try to ping from one switch to another.

--
emirjon
152
0 Kudos
AGMP
New Contributor
In response to ebilcari

Created on ‎02-13-2023 07:03 AM

Thank you for your reply. You are correct, that is what i am trying.
I want to connect switch one to my router and connect switch 2 to switch 1 using fiber.
I have 3 VLANS and assigned an ip address to VLAN1 (on both switches. last octed .240 and .241) and can ping .241 from .240

 

120
0 Kudos
gfleming
Staff
Staff
In response to AGMP

Created on ‎02-13-2023 09:02 AM

What connectivity between switches is not working? You should have L2 connectivity across the trunk. That is endpoints on SW2 in VLANX should be able to communicate to endpoints on SW1 in VLANX.

 

Are you struggling to communicate with SW2's L3 management IP address?

Cheers,
Graham
117
AGMP
New Contributor

Created on ‎03-17-2023 01:04 AM

Due to illness i was unable to reply.
The situation is now like this:

Switch 2:
- Connected to the network on port 24 (uplink)
- Endpoint device on port 1 (dhcp)
- Fiber on port 28 to switch 3

Switch 3:
- Fiber to Switch 2 on port 28
- Endpoint on port 1 (dhcp)

On both switches port 28 is added to a trunk
Both switches have the same VLAN setup on the same ports (1,10,18 where 10 is native)
VLAN 1 has a static ip address:

Traffic is forwarded from switch 2 to switch 3 and also returning. So Endpoint devices have internet and network access.


I can connect to both switches now through the network when i set my network adapter to the same subnet as VLAN1, else not.

I do have configured a static route on both switches to the gateway

At this point i am not sure what the problem could be. As far i i understand it, i should be perfectly able to connect to the switch from any VLAN. Not only the MGMT port or when using the same subnet ?


53
0 Kudos
ebilcari
Staff
Staff
In response to AGMP

Created on ‎03-17-2023 02:30 AM Edited on ‎03-17-2023 02:36 AM

I was doing some tests and found out that on the route the Device should be set as Internal

internal.PNG

You can also check if the route is being applied by running this command

# get router info routing-table all
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel,
> - selected route, * - FIB route, ^ - HW install failed

S>* 0.0.0.0/0 [10/0] via 10.5.32.1, internal
C>* 10.5.32.0/23 is directly connected, internal
C>* 127.0.0.0/8 is directly connected, lo

https://docs.fortinet.com/document/fortiswitch/7.2.3/administration-guide/095393/remote-access-to-th...

--
emirjon
44
0 Kudos
ebilcari
Staff
Staff

Created on ‎03-17-2023 01:20 AM

A simple ping from the GW to the switch management VLAN verifies that the mgmt VLAN spanning is done between the switches and the GW, than is a matter of routing and security policies. If you have used the VLAN1 just make sure that the Gateway is routing this traffic and the static route configured in the switches are correct.

 

If you want to create a dedicated management interface tied to a VLAN you have to create an internal interface and setup the IP. (default is on VLAN 1). 

 

mgmt.PNG

--
emirjon
49
0 Kudos
AGMP
New Contributor
In response to ebilcari

Created on ‎03-17-2023 03:17 AM Edited on ‎03-17-2023 03:18 AM

This is what my configuration of Switch 3 looks like. Gateway is 172.16.0.240 which is switch 2

 

1.png2.png3.png4.png

40
0 Kudos
ebilcari
Staff
Staff
In response to AGMP

Created on ‎03-17-2023 06:23 AM Edited on ‎03-17-2023 06:29 AM

You have to span VLAN 1 (mgmt) to the L3 device you have in the network and set the IP of that L3 devices (router/firewall/L3switch) as gateway on both of this switches.


In your current configuration you are adding switch 2 as the next hop and I don't think that switch 2 is routing these packets anywhere.

--
emirjon
30
Labels
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.