3/11/2024: I've made some progress and have updated my original post below as needed. Thank you very much, @Anthony_E, for continuing to look for support!

I know this topic has been covered, but I need help. I have a fortiswitch in a separate building from the main firewall and switch. I am trying to connect to that switch via fortilink, but each time I enable the fortilink-p2p on the REMOTE switch ports, my AP's go into a reboot cycle. Here's my configuration:

FG100F(port12) <-> (port23 via fortilink)Fortiswitch(port 7) <-> FAP432F <-> FAP432F <-> (port2)Fortiswitch(port3) <-> client

The VLAN for the APs is 10.

The VLAN for the client is 20.

Following these guides...

Technical Tip: FortiLink over P2P wireless bridge/... - Fortinet Community

FortiSwitch FortiSwitch Devices Managed by FortiOS 7.0 (fortinetweb.s3.amazonaws.com)

Fortilink Managed Switches over Wireless P2P Bridge – J's Stuff (jsstuff.com)

...I have done the below:

Remote switch:

# set fortilink-p2p-native-vlan 10 (I used VLAN 10 because that is the VLAN for the AP's)

# set fortilink-p2p enable on port2 of the switch

Remote (LEAF) AP:

# cfg -a MESH_ETH_BRIDGE=1
# cfg -a MESH_ETH_BRIDGE_VLANS=1,10,20,4094

# cfg -c

Main switch:

# set fortilink-p2p enable on port7 of the switch. The APs go into their reboot loops after I set this.

Questions:

1. Am I supposed to run set fortilink-p2p-native-vlan 10 on BOTH switches? If yes, how will that affect the existing fortilink connection that switch has with firewall? Already found this answer, it is yes.

2. Do I have to run the AP commands (cfg -a ... ) on the ROOT AP as well as the leaf? The guide does not mention the ROOT AP. The cfg -a MESH_ETH... commands mentioned above are not available until you convert your AP into a LEAF AP using cfg -a MESH_TYPE=1. If I do that, then I lose the ROOT AP. You can't have a MESH system without a ROOT. More on this below.

3. What am I missing?

***Today, 3/11/2024, I believe I've narrowed down the problem to the remote switch. I've worked with Fortinet Support who validated my configuration on all the devices. The problem I'm having is that as soon as I enable set fortilink-p2p enable on both switches, the APs start cycling. The ROOT AP will reset, as will the LEAFs. It will take several minutes for the ROOT to recover, a few more minutes for one or both LEAF APs to recover (there are 2 LEAFs total in this infra, but only one has a switch behind it). As soon as the LEAFs go green, the ROOT resets again, and then the LEAFs, rinse and repeat. I started eliminating variables and this is what I've found.

1. I can fully configure the firewall, main switch, and all APs and the wifi will not be affected. Here is the config.
Firewall

set switch-controller-source-ip fixed  (setting suggested by Fortinet support)

set fortilink-p2p-native-vlan 200
set fortilink-vlan-optimization enable

Main Switch 

set mgmt-vlan 4094  (default setting?)

set fortilink-p2p enable  (on port7)

LEAF APs

cfg -a MESH_ETH_BRIDGE=1
cfg -a MESH_ETH_BRIDGE_VLANS=1,10,20,4094

2. After a factory reset of the REMOTE switch, the mgmt-vlan is set to 1 vice 4094. It needs to be set to 4094. The problem is, as soon as I set it to 4094, I lose direct access to the switch. I do not have physical access to the switch. I have a helper on site who connected a spare laptop to the switch on port 1. I remote into that spare laptop to configure the switch. As soon as I set mgmt-vlan 4094, I lose access. I cannot ssh back in using ssh admin@192.168.1.99. Does the IP change? The only option I have is to have my helper do a factory reset, which changes the mgmt-vlan back to 1. Fortinet Support says that has to be 4094. Can I simply change the mgmt-vlan to 1 for all devices?

I think my only option at this point, without traveling to the site and connecting via the console port for more debugging, is to configure and manage this switch as a standalone unit. What are your thoughts??

Thank you for your time and assistance.