FortiSwitch multi-tenant support
A virtual switch provides a container for physical ports to be loaned to other VDOMs, allowing local management of the resource.
The following example shows how to export managed FortiSwitch ports to multitenant VDOMs. In this example, the owner VDOM is vdom1
, and the tenant VDOM is root
.
To export managed FortiSwitch ports to multitenant VDOMs:
- Configure the switch VLAN interface, and assign it to the tenant VDOM:
(vdom1) # config system interface edit "fsw_vlan" set vdom "root" set device-identification enable set fortiheartbeat enable set role lan set snmp-index 32 set interface "fsw" set vlanid 100 next end
- In the tenant VDOM, designate the
default-virtual-switch-vlan
, which is used to set the native VLAN of ports leased from the owner VDOM:(root) # config switch-controller global set default-virtual-switch-vlan "fsw_vlan" end
- On
vdom1
, export the managed switch ports to theroot
:(vdom1) # config switch-controller managed-switch edit S248EPTF1800XXXX set fsw-wan1-peer "fsw" set fsw-wan1-admin enable set version 1 set dynamic-capability 100531703 config ports edit "port1" set export-to "root" next ... end next end
The lease port is now available under the tenant VDOM:
(root) # config switch-controller managed-switch show config switch-controller managed-switch edit "S248EPTF1800XXXX" set type virtual set owner-vdom "vdom1" config ports edit "port1" set vlan "fsw_vlan" next end next end
- Export the managed FortiSwitch port to a virtual port pool for the tenant VDOM to choose from:
(vdom1) # config switch-controller virtual-port-pool edit "tenant-monthly" next end
(vdom1) # config switch-controller managed-switch edit "S248EPTF1800XXXX" set fsw-wan1-peer "fsw" set fsw-wan1-admin enable set version 1 set dynamic-capability 100531703 config ports edit "port2" set vlan "vsw.fsw" set allowed-vlans "qtn.fsw" set untagged-vlans "qtn.fsw" set export-to-pool "tenant-monthly" set export-to "vdom1" next ... end next end
- Request the available port in the virtual port pool to use the switch port:
(root) # execute switch-controller virtual-port-pool request S248EPTF1800XXXX port2
(root) # config switch-controller managed-switch edit "S248EPTF1800XXXX" set type virtual set owner-vdom "vdom1" config ports edit "port2" set vlan "fsw_vlan" next end next end
- Return the port after use:
(root) # execute switch-controller virtual-port-pool return S248EPTF1800XXXX port2
- Configure tags for the switch ports so the tags can be exported to virtual port pools
(vdom1) # config switch-controller switch-interface-tag edit "vip" next edit "gold" next edit "silver" next end
(vdom1) # config switch-controller managed-switch edit "S248EPTF1800XXXX" set fsw-wan1-peer "fsw" set fsw-wan1-admin enable set version 1 set dynamic-capability 100531703 config ports edit "port2" set export-to-pool "tenant-monthly" set export-tags "silver" set export-to "root" next edit "port3" set vlan "vsw.fsw" set allowed-vlans "qtn.fsw" set untagged-vlans "qtn.fsw" set export-to-pool "tenant-monthly" set export-tags "vip" set export-to "vdom1" next edit "port4" set vlan "vsw.fsw" set allowed-vlans "qtn.fsw" set untagged-vlans "qtn.fsw" set export-to-pool "tenant-monthly" set export-tags "vip" "silver" set export-to "vdom1" next end next end
- Search for ports using tag filters:
(vdom1) # execute switch-controller virtual-port-pool show-by-tag silver Switch Port Properties Tags ---------------------------------------------------------------------------------------- tenant-monthly(vdom.vdom1) S248EPTF1800XXXX port2 (root) 10M/100M/1G/ silver S248EPTF1800XXXX port4 10M/100M/1G/ vip,silver
(vdom1) # exe switch-controller virtual-port-pool show-by-tag vip Switch Port Properties Tags ---------------------------------------------------------------------------------------- tenant-monthly(vdom.vdom1) S248EPTF1800XXXX port3 10M/100M/1G/ vip S248EPTF1800XXXX port4 10M/100M/1G/ vip,silver