Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kcerb
New Contributor III

Transition from Hardware Switch to Aggregate

Hi,

On my FortiGate 100D I have Hardware Switch with just one physical interface attached to it and many virtual interfaces (VLANs) on that switch.

I would like to change it to Aggregate port because I want to connect it to the switch stack where I can configure link aggregation group too.

I discover there is no possibility to change interface type in gui. I realize I should delete all rules which using those virtual interfaces, delete virtual interfaces under hardware switch and then recreate everything under Aggregation interface.

 

But what if I replaced "set type hard-switch" to "set type aggregate" of interface in the configuration file as well as delete "config system virtual-switch" entry and then I would restore this configuration?

 

Is this possible? Or maybe it is possible to force change interface type via CLI?

FGT60B, FGT100A, FGT100D

2 Solutions
Baptiste
Contributor II

you can easily configure an aggregate on a fresh backup, search and replace with your new interface name, and restore it,  I did i some weeks ago, it works fine.

But I remove hardware switch at initial setup, it's an additional step in your case : you can't remove HW switch "live" because there is some items link to it

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

View solution in original post

Baptiste

There no more reference to internal switch my config

 

Before aggregate

config system interface edit "port1" set vdom "root" set ip 192.168.c.e 255.255.255.0 set allowaccess ping https ssh snmp fgfm capwap set vlanforward enable set type physical set alias "ccc" set device-identification enable set device-identification-active-scan enable set fortiheartbeat enable set snmp-index 11 next edit "port2" set vdom "root" set ip 192.168.x.c 255.255.255.0 set allowaccess ping set vlanforward enable set type physical set alias "ccccc" set snmp-index 12 next .........

 

I halso have 

config system physical-switch edit "sw0" set age-val 0 next end

 

After aggregate :

 

   

 edit "port1"         set vdom "root"         set type physical         set snmp-index 11     next     edit "port2"         set vdom "root"         set type physical         set snmp-index 12     next

.....

edit "AGGR-LAN" set vdom "root" set type aggregate set member "port1" "port2" set ip 192.168.x.c 255.255.255.0 set allowaccess ping https ssh snmp fgfm capwap set vlanforward enable next

end config system physical-switch edit "sw0" set age-val 0 next end

 

And search for old port name /replace with aggregate name

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

View solution in original post

4 REPLIES 4
Baptiste
Contributor II

you can easily configure an aggregate on a fresh backup, search and replace with your new interface name, and restore it,  I did i some weeks ago, it works fine.

But I remove hardware switch at initial setup, it's an additional step in your case : you can't remove HW switch "live" because there is some items link to it

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

kcerb
New Contributor III

Thank you Baptiste.

I think when I delete this part from my config and replace Aggregate interface name to "internal" it will be fine.

config system virtual-switch
    edit "internal"
        set physical-switch "sw0"
        config port
            edit "port1"
            next
        end
    next
end

FGT60B, FGT100A, FGT100D

Baptiste

There no more reference to internal switch my config

 

Before aggregate

config system interface edit "port1" set vdom "root" set ip 192.168.c.e 255.255.255.0 set allowaccess ping https ssh snmp fgfm capwap set vlanforward enable set type physical set alias "ccc" set device-identification enable set device-identification-active-scan enable set fortiheartbeat enable set snmp-index 11 next edit "port2" set vdom "root" set ip 192.168.x.c 255.255.255.0 set allowaccess ping set vlanforward enable set type physical set alias "ccccc" set snmp-index 12 next .........

 

I halso have 

config system physical-switch edit "sw0" set age-val 0 next end

 

After aggregate :

 

   

 edit "port1"         set vdom "root"         set type physical         set snmp-index 11     next     edit "port2"         set vdom "root"         set type physical         set snmp-index 12     next

.....

edit "AGGR-LAN" set vdom "root" set type aggregate set member "port1" "port2" set ip 192.168.x.c 255.255.255.0 set allowaccess ping https ssh snmp fgfm capwap set vlanforward enable next

end config system physical-switch edit "sw0" set age-val 0 next end

 

And search for old port name /replace with aggregate name

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

kcerb
New Contributor III

Thank you Baptiste. It looks similar to me.

FGT60B, FGT100A, FGT100D