Fortinet black logo

MCLAG configuration for access ports

Copy Link
Copy Doc ID daae6d6f-d2a0-11ea-96b9-00505692583a:617590
Download PDF

MCLAG configuration for access ports

A multichassis LAG (MCLAG) provides node-level redundancy by grouping two FortiSwitch models together so that they appear as a single switch on the network. If either switch fails, the MCLAG continues to function without any interruption, increasing network resiliency and eliminating the delays associated with the Spanning Tree Protocol (STP). For the network topologies, see Dual-homed servers connected to a pair of FortiSwitch units using an MCLAG and Standalone FortiGate unit with dual-homed FortiSwitch access.

MCLAG requirements
  • Both peer switches should be of the same hardware model and same software version. Mismatched configurations might work but are unsupported.
  • There is a maximum of two FortiSwitch models per MCLAG.
  • The routing feature is not available within an MCLAG.
  • When min_bundle or max_bundle is combined with MCLAG, the bundle limit properties are applied only to the local aggregate interface.
  • On the global switch level, mclag-stp-aware must be enabled, and STP must be enabled on all ICL trunks.

NOTE: If you are going to use IGMP snooping with an MCLAG topology:

  • On the global switch level, mclag-igmp-aware must be enabled,
  • The igmps-flood-traffic and igmps-flood-report settings must be disabled on the ISL and FortiLink trunks; but the igmps-flood-traffic and igmps-flood-report settings must be enabled on ICL trunks.
  • IGMP proxy must be enabled.
Using the GUI
  1. Go to WiFi & Switch Controller > FortiSwitch Ports.
  2. Select Create New > Trunk.
  3. Enter a name for the MCLAG trunk.
  4. For the MC-LAG status, select Enabled to create an active MCLAG trunk.
  5. For the mode, select Static, Passive LACP, or Active LACP.
    • Set to Static for static aggregation. In this mode, no control messages are sent, and received control messages are ignored.
    • Set to Passive LACP to passively use LACP to negotiate 802.3ad aggregation.
    • Set to Active LACP to actively use LACP to negotiate 802.3ad aggregation.
  6. For trunk members, select Select Members, select the ports to include in the MCLAG trunk, and then select OK to save the trunk members.
  7. Select OK to save the MCLAG configuration.
    The ports are listed as part of the MCLAG trunk on the FortiSwitch Ports page.

After the FortiSwitch units are configured as MCLAG peer switches, any port that supports advanced features on the FortiSwitch can become a LAG port. When mclag is enabled and the LAG port names match, an MCLAG peer set is automatically formed. The member ports for each FortiSwitch in the MCLAG do not need to be identical to the member ports on the peer FortiSwitch.

Note

If you disable the MCLAG ICL (with the set mclag-icl disable command), you need to enable the fortilink-split-interface.

Using the CLI

Configure a trunk in each switch that is part of the MCLAG pair:

  • The trunk name for each switch must be the same.
  • The port members for each trunk can be different.
  • After you enable MCLAG, you can enable LACP if needed.

config switch-controller managed-switch

edit "<switch-id>"

config ports

edit "<trunk name>"

set type trunk

set mode {static | lacp-passive | lacp-active}

set members "<port>,<port>"

set mclag enable

next

end

next

Variable

Description

Default

<switch-id>

FortiSwitch serial number.

No default

<trunk name>

Enter a name for the MCLAG trunk.

NOTE: Each FortiSwitch unit that is part of the MCLAG must have the same MCLAG trunk name configured.

No default

type trunk

Set the interface type to a trunk port.

physical

mode {static | lacp-passive | lacp-active}

Set the LACP mode.
—Set to static for static aggregation. In this mode, no control messages are sent, and received control messages are ignored.
—Set to lacp-passive to passively use LACP to negotiate 802.3ad aggregation.
—Set to lacp-active to actively use LACP to negotiate 802.3ad aggregation.

lacp-active

members "<port>,<port>"

Set the aggregated LAG bundle interfaces.

No default

mclag enable

Enable or disable the MCLAG.

disable

Log into each managed FortiSwitch to check the MCLAG configuration with the following command:

diagnose switch mclag

When an MCLAG is formed, the time on all FortiSwitch units is synchronized with an NTP server. To confirm that each FortiSwitch in the MCLAG is using an NTP server, use the following command:

show system ntp

MCLAG configuration for access ports

A multichassis LAG (MCLAG) provides node-level redundancy by grouping two FortiSwitch models together so that they appear as a single switch on the network. If either switch fails, the MCLAG continues to function without any interruption, increasing network resiliency and eliminating the delays associated with the Spanning Tree Protocol (STP). For the network topologies, see Dual-homed servers connected to a pair of FortiSwitch units using an MCLAG and Standalone FortiGate unit with dual-homed FortiSwitch access.

MCLAG requirements
  • Both peer switches should be of the same hardware model and same software version. Mismatched configurations might work but are unsupported.
  • There is a maximum of two FortiSwitch models per MCLAG.
  • The routing feature is not available within an MCLAG.
  • When min_bundle or max_bundle is combined with MCLAG, the bundle limit properties are applied only to the local aggregate interface.
  • On the global switch level, mclag-stp-aware must be enabled, and STP must be enabled on all ICL trunks.

NOTE: If you are going to use IGMP snooping with an MCLAG topology:

  • On the global switch level, mclag-igmp-aware must be enabled,
  • The igmps-flood-traffic and igmps-flood-report settings must be disabled on the ISL and FortiLink trunks; but the igmps-flood-traffic and igmps-flood-report settings must be enabled on ICL trunks.
  • IGMP proxy must be enabled.
Using the GUI
  1. Go to WiFi & Switch Controller > FortiSwitch Ports.
  2. Select Create New > Trunk.
  3. Enter a name for the MCLAG trunk.
  4. For the MC-LAG status, select Enabled to create an active MCLAG trunk.
  5. For the mode, select Static, Passive LACP, or Active LACP.
    • Set to Static for static aggregation. In this mode, no control messages are sent, and received control messages are ignored.
    • Set to Passive LACP to passively use LACP to negotiate 802.3ad aggregation.
    • Set to Active LACP to actively use LACP to negotiate 802.3ad aggregation.
  6. For trunk members, select Select Members, select the ports to include in the MCLAG trunk, and then select OK to save the trunk members.
  7. Select OK to save the MCLAG configuration.
    The ports are listed as part of the MCLAG trunk on the FortiSwitch Ports page.

After the FortiSwitch units are configured as MCLAG peer switches, any port that supports advanced features on the FortiSwitch can become a LAG port. When mclag is enabled and the LAG port names match, an MCLAG peer set is automatically formed. The member ports for each FortiSwitch in the MCLAG do not need to be identical to the member ports on the peer FortiSwitch.

Note

If you disable the MCLAG ICL (with the set mclag-icl disable command), you need to enable the fortilink-split-interface.

Using the CLI

Configure a trunk in each switch that is part of the MCLAG pair:

  • The trunk name for each switch must be the same.
  • The port members for each trunk can be different.
  • After you enable MCLAG, you can enable LACP if needed.

config switch-controller managed-switch

edit "<switch-id>"

config ports

edit "<trunk name>"

set type trunk

set mode {static | lacp-passive | lacp-active}

set members "<port>,<port>"

set mclag enable

next

end

next

Variable

Description

Default

<switch-id>

FortiSwitch serial number.

No default

<trunk name>

Enter a name for the MCLAG trunk.

NOTE: Each FortiSwitch unit that is part of the MCLAG must have the same MCLAG trunk name configured.

No default

type trunk

Set the interface type to a trunk port.

physical

mode {static | lacp-passive | lacp-active}

Set the LACP mode.
—Set to static for static aggregation. In this mode, no control messages are sent, and received control messages are ignored.
—Set to lacp-passive to passively use LACP to negotiate 802.3ad aggregation.
—Set to lacp-active to actively use LACP to negotiate 802.3ad aggregation.

lacp-active

members "<port>,<port>"

Set the aggregated LAG bundle interfaces.

No default

mclag enable

Enable or disable the MCLAG.

disable

Log into each managed FortiSwitch to check the MCLAG configuration with the following command:

diagnose switch mclag

When an MCLAG is formed, the time on all FortiSwitch units is synchronized with an NTP server. To confirm that each FortiSwitch in the MCLAG is using an NTP server, use the following command:

show system ntp