Configure the FortiGate device
- Authorize and name the site1_mclag2 FortiSwitch unit.
- To enable the MCLAG peer group from the FortiGate device, use the
switch-recommendations
command, specifying the FortiLink interface and the serial numbers of the MCLAG peers. (Alternatively, on the FortiGate device, set the LLDP profile todefault-auto-mclag-icl
in the ports used for the MCLAG ICL on both peers.)FGT_Switch_Controller # execute switch-controller switch-recommendations set-tier1-mclag-icl fol3_wan S108DVHFUKEFGG54 S108DVSPUKEFGG54
- Connect to the CLI of the site1_mclag2 FortiSwitch unit and enable FortiLink over layer 3 on the switch interface connected to the WAN router. Enable LACP on the newly formed trunk. NOTE: The automatically created trunk has the same name as in the site1_mclag1 FortiSwitch unit, so it will form the MCLAG trunk (the trunk name must be the same in both FortiSwitch units to form the MCLAG trunk).
config switch interface
edit port8
set fortilink-l3-mode enable
end
config switch trunk
edit "_FlInK1_ICL0_"
set mode lacp-active
set auto-isl 1
set mclag-icl enable
set members "port7"
next
edit "__FoRtILnk0L3__"
set mclag enable
set members "port8"
next
end
config switch trunk
edit "__FoRtILnk0L3__"
set mode lacp-active
end
The switch interface is configured automatically.
site1_mclag2 # show switch interface __FoRtILnk0L3__
config switch interface
edit "__FoRtILnk0L3__"
set native-vlan 4094
set allowed-vlans 1,4089-4093
set dhcp-snooping trusted
set igmp-snooping-flood-reports enable
set igmp-snooping-flood-traffic enable
set snmp-index 13
next
end
- Connect to the CLI of the site1_mclag1 FortiSwitch unit and enable MCLAG on the trunk connected to the WAN router.
site1_mclag1 # config switch trunk
site1_mclag1 (trunk) # edit "__FoRtILnk0L3__"
site1_mclag1 (__FoRtILnk0L3__) # set mclag enable
site1_mclag1 (__FoRtILnk0L3__) # end
- Check that both FortiSwitch units are managed.