Fortinet black logo

Adding the third site

6.4.6
Copy Link
Copy Doc ID 6ef27415-7086-11eb-9995-00505692583a:887883
Download PDF

Adding the third site

Perform the following steps on the primary FortiGate device:

  1. Connect to the Site1_FSW1 and Site2_FSW1 CLI and use the config switch auto-isl-port-group command to group the ports going to site 3. See the “MCLAG topologies” section in the FortiSwitch Managed by FortiOS 6.4 guide.
  2. Connect the MCLAG peer switches Site3_FSW1 and Site3_FSW2 to site 1 only and authorize the two switches on the FortiGate device.
  3. Connect to the Site3_FSW2 CLI and use the config switch auto-isl-port-group command to group the ports going to site 2. See the “MCLAG topologies” section in the FortiSwitch Managed by FortiOS 6.4 guide.
  4. Connect to the Site3_FSW1 CLI and use the config switch auto-isl-port-group command to group the ports going to site 1. The group name must be different than the one in the previous step. See the “MCLAG topologies” section in the FortiSwitch Managed by FortiOS 6.4 guide.
  5. In the primary FortiGate CLI, set the LLDP profile to default-auto-mclag-icl on the ports used for the MCLAG ICL in the Site3_FSW1 and Site3_FSW2 switches. Wait until the MCLAG peer group is formed between the two switches. See the following figure.

  6. Connect Site3_FSW2 to Site2_FSW1 to form the connection between sites 2 and 3. Wait until the topology converges. See the following figure. The link between sites 1 and 3 is blocked by the Spanning Tree Protocol to avoid forming a loop.

  7. Connect to Site3_FSW3 and authorize it on the FortiGate device.

Adding the third site

Perform the following steps on the primary FortiGate device:

  1. Connect to the Site1_FSW1 and Site2_FSW1 CLI and use the config switch auto-isl-port-group command to group the ports going to site 3. See the “MCLAG topologies” section in the FortiSwitch Managed by FortiOS 6.4 guide.
  2. Connect the MCLAG peer switches Site3_FSW1 and Site3_FSW2 to site 1 only and authorize the two switches on the FortiGate device.
  3. Connect to the Site3_FSW2 CLI and use the config switch auto-isl-port-group command to group the ports going to site 2. See the “MCLAG topologies” section in the FortiSwitch Managed by FortiOS 6.4 guide.
  4. Connect to the Site3_FSW1 CLI and use the config switch auto-isl-port-group command to group the ports going to site 1. The group name must be different than the one in the previous step. See the “MCLAG topologies” section in the FortiSwitch Managed by FortiOS 6.4 guide.
  5. In the primary FortiGate CLI, set the LLDP profile to default-auto-mclag-icl on the ports used for the MCLAG ICL in the Site3_FSW1 and Site3_FSW2 switches. Wait until the MCLAG peer group is formed between the two switches. See the following figure.

  6. Connect Site3_FSW2 to Site2_FSW1 to form the connection between sites 2 and 3. Wait until the topology converges. See the following figure. The link between sites 1 and 3 is blocked by the Spanning Tree Protocol to avoid forming a loop.

  7. Connect to Site3_FSW3 and authorize it on the FortiGate device.