Configure the FortiGate device

Authorize and name the site1_mclag2 FortiSwitch unit.
To enable the MCLAG peer group from the FortiGate device, use the switch-recommendations command, specifying the FortiLink interface and the serial numbers of the MCLAG peers. (Alternatively, on the FortiGate device, set the LLDP profile to default-auto-mclag-icl in the ports used for the MCLAG ICL on both peers.)

FGT_Switch_Controller # execute switch-controller switch-recommendations set-tier1-mclag-icl fol3_wan S108DVHFUKEFGG54 S108DVSPUKEFGG54
Connect to the CLI of the site1_mclag2 FortiSwitch unit and enable FortiLink over layer 3 on the switch interface connected to the WAN router. Enable LACP on the newly formed trunk. NOTE: The automatically created trunk has the same name as in the site1_mclag1 FortiSwitch unit, so it will form the MCLAG trunk (the trunk name must be the same in both FortiSwitch units to form the MCLAG trunk).
config switch interface

edit port8

set fortilink-l3-mode enable

end

config switch trunk

edit "_FlInK1_ICL0_"

set mode lacp-active

set auto-isl 1

set mclag-icl enable

set members "port7"

next

edit "__FoRtILnk0L3__"

set mclag enable

set members "port8"

next

end

config switch trunk

edit "__FoRtILnk0L3__"

set mode lacp-active

end

The switch interface is configured automatically.

site1_mclag2 # show switch interface __FoRtILnk0L3__

config switch interface

edit "__FoRtILnk0L3__"

set native-vlan 4094

set allowed-vlans 1,4089-4093

set dhcp-snooping trusted

set igmp-snooping-flood-reports enable

set igmp-snooping-flood-traffic enable

set snmp-index 13

next

end
Connect to the CLI of the site1_mclag1 FortiSwitch unit and enable MCLAG on the trunk connected to the WAN router.

site1_mclag1 # config switch trunk

site1_mclag1 (trunk) # edit "__FoRtILnk0L3__"

site1_mclag1 (__FoRtILnk0L3__) # set mclag enable

site1_mclag1 (__FoRtILnk0L3__) # end
Check that both FortiSwitch units are managed.

Authorize and name the site1_mclag2 FortiSwitch unit.

To enable the MCLAG peer group from the FortiGate device, use the switch-recommendations command, specifying the FortiLink interface and the serial numbers of the MCLAG peers. (Alternatively, on the FortiGate device, set the LLDP profile to default-auto-mclag-icl in the ports used for the MCLAG ICL on both peers.)

FGT_Switch_Controller # execute switch-controller switch-recommendations set-tier1-mclag-icl fol3_wan S108DVHFUKEFGG54 S108DVSPUKEFGG54

Connect to the CLI of the site1_mclag2 FortiSwitch unit and enable FortiLink over layer 3 on the switch interface connected to the WAN router. Enable LACP on the newly formed trunk. NOTE: The automatically created trunk has the same name as in the site1_mclag1 FortiSwitch unit, so it will form the MCLAG trunk (the trunk name must be the same in both FortiSwitch units to form the MCLAG trunk).

config switch interface

edit port8

set fortilink-l3-mode enable

end

config switch trunk

edit "_FlInK1_ICL0_"

set mode lacp-active

set auto-isl 1

set mclag-icl enable

set members "port7"

edit "__FoRtILnk0L3__"

set mclag enable

set members "port8"

end

config switch trunk

edit "__FoRtILnk0L3__"

set mode lacp-active

end

The switch interface is configured automatically.

site1_mclag2 # show switch interface __FoRtILnk0L3__

config switch interface

edit "__FoRtILnk0L3__"

set native-vlan 4094

set allowed-vlans 1,4089-4093

set dhcp-snooping trusted

set igmp-snooping-flood-reports enable

set igmp-snooping-flood-traffic enable

set snmp-index 13

end

Connect to the CLI of the site1_mclag1 FortiSwitch unit and enable MCLAG on the trunk connected to the WAN router.

site1_mclag1 # config switch trunk

site1_mclag1 (trunk) # edit "__FoRtILnk0L3__"

site1_mclag1 (__FoRtILnk0L3__) # set mclag enable

site1_mclag1 (__FoRtILnk0L3__) # end

Check that both FortiSwitch units are managed.

FortiSwitch (FortiLink) Cookbook

Configure the FortiGate device

Configure the FortiGate device

Configure the FortiGate device