Configure the WAN router
Configure an untagged interface or VLAN on the LAG connected to the FortiSwitch units. Assign the IP address and DHCP service, including NTP and option 138 (the switch controller IP address).
For the purpose of this procedure, the WAN router is a FortiSwitch unit in standalone mode. The DHCP server is using vendor class identifier (VCI) matching to restrict the IP assignment to FortiSwitch units only.
config router static
edit 2
set device "to_fgt"
set dst 172.17.1.0 255.255.255.0
set gateway 10.40.88.254
next
end
config system interface
edit "to_fgt"
set ip 10.40.88.253 255.255.255.0
set allowaccess ping https ssh
set snmp-index 16
set vlanid 4088
set interface "internal"
next
end
config switch interface
edit "to_fgt"
set native-vlan 4088
set snmp-index 14
next
end
config switch trunk
edit "to_fgt"
set mode lacp-active
set members "port7" "port8"
next
end
config system interface
edit "fol3"
set ip 10.33.33.254 255.255.255.0
set allowaccess ping https ssh
set snmp-index 17
set vlanid 4094
set interface "internal"
next
end
config switch interface
edit "fol3"
set native-vlan 4094
set allowed-vlans 1001
set edge-port disabled
set snmp-index 15
next
end
config switch trunk
edit "fol3"
set mode lacp-active
set members "port5" "port6"
next
end
config system dhcp server
edit 1
set default-gateway 10.33.33.254
set dns-service local
set interface "fol3"
config ip-range
edit 1
set end-ip 10.33.33.99
set start-ip 10.33.33.1
next
end
set lease-time 300
set netmask 255.255.255.0
set ntp-service local
set vci-match enable
set vci-string "FortiSwitch"
set wifi-ac1 172.17.1.254
next
end