Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JPMfg
New Contributor

FortiSwitch stack managed by FortiGate HA Cluster Problem

Hi,

 

We have a stack of two FortiSwitch 448D (v3.5.4) managed by a pair of FortiGate 100D (v5.4.4) firewalls.

We are using the "HA-mode FortiGate managing a stack of several FortiSwitches" Setup from http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-managing-fortiswitch-330-54/Stacking....

 

Setup is:

Fortilink "FL1": LACP LAG on FortiGate port 13 and 14, on Fortiswitch ports 47 and 48. Wiring:

FG1-13 <-> FSW1-47 (*)

FG1-14 <-> FSW2-47

FG2-13 <-> FSW1-48

FG2-14 <-> FSW2-48

ISL is 10G twinax connecting ports 51 and 52 on the two switches (SW1-51 with SW2-51 and SW1-52 with SW2-52).

 

So far everything is working, but there are two minor issues:

1) the FortiLink only has one of the four ports up (*), because only FG1 and FSW1 are active, all other ports are down because neither FG nor FSW support MLAG (yet).

If i add another four links (expanding the LAG to include ports 11+12 on FG and 45+46 on FSW), do i get two active ports?

 

2) The Web UI display under "Wifi & Switch Controller -> Managed FortiSwitch" is broken. Between refreshes it alternates between showing  one switch only with one of the uplinks and both switches without any links. I tried differnt browsers (Safari, Chrome, Firefox and even Edge), while the display is slightly different between them, it is broken with all of them.

See attachment for examples. (i can only upload one picture, the other one is with the ISL but the second switch is moved halfway out of the picture to the right)

 

1 REPLY 1
rgracioli_FTNT

Regarding question 1, only one link is active in current implementation. If the FGT LAG is split to two different switches, one of the links is disabled. It's not possible to add more links in this scenario. With the support of MLAG expected in FSWOS version 3.6, all links will be active and the maximum number of LAG group members is limited by what the model supports.

 

Regarding question 2, please open a support ticket so that this can be investigated and fixed in case it's a firmware issue.

 

Thank you,

 

Rafael Gracioli

Rafael Gracioli | Consulting Systems Engineer, ADC and Switching m: +31 6 50 28 72 99 | skype: rgracioli | e: rgracioli@fortinet.com