Fortinet black logo

Devices Managed by FortiOS

HA-mode FortiGate units using hardware-switch interfaces and STP

Copy Link
Copy Doc ID a5cb2173-7e2e-11ec-a0d0-fa163e15d75b:801187
Download PDF

HA-mode FortiGate units using hardware-switch interfaces and STP

In most FortiLink topologies, MCLAG or LAG configurations are used for FortiSwitch redundancy. However, some FortiGate models do not support the FortiLink aggregate interface, or some FortiSwitch models do not support MCLAG.

The following network topology uses a hardware-switch interface on each FortiGate unit. Each FortiSwitch unit is connected to a single port of the hardware-switch interface of the FortiGate unit. The inter-switch link (ISL) between the FortiSwitch units provides redundancy.

For this network topology to function, use the following commands on each FortiLink hardware-switch interface:

config system interface

edit <FortiLink_hardware_switch_interface>

set stp enable

end

NOTE:

  • The FortiLink interface uses the Link Layer Discovery Protocol (LLDP) for neighbor detection. LLDP transmission must be enabled with the set lldp-transmission enable command before enabling Spanning Tree Protocol (STP).
  • STP and STP forwarding are both supported by the FortiLink hardware-switch interface.
  • The software-switch interface is not supported.
  • If the FortiGate model does not support aggregate interfaces, you need to configure the FortiGate unit to be the Common and Internal Spanning Tree (CIST) by assigning the lowest STP priority to the FortiGate unit and placing each switch in a different region. You can assign the STP priority to the FortiGate unit with the set switch-priority command under config system stp. You can move a switch to another region with the set revision command under config stp-settings.

HA-mode FortiGate units using hardware-switch interfaces and STP

In most FortiLink topologies, MCLAG or LAG configurations are used for FortiSwitch redundancy. However, some FortiGate models do not support the FortiLink aggregate interface, or some FortiSwitch models do not support MCLAG.

The following network topology uses a hardware-switch interface on each FortiGate unit. Each FortiSwitch unit is connected to a single port of the hardware-switch interface of the FortiGate unit. The inter-switch link (ISL) between the FortiSwitch units provides redundancy.

For this network topology to function, use the following commands on each FortiLink hardware-switch interface:

config system interface

edit <FortiLink_hardware_switch_interface>

set stp enable

end

NOTE:

  • The FortiLink interface uses the Link Layer Discovery Protocol (LLDP) for neighbor detection. LLDP transmission must be enabled with the set lldp-transmission enable command before enabling Spanning Tree Protocol (STP).
  • STP and STP forwarding are both supported by the FortiLink hardware-switch interface.
  • The software-switch interface is not supported.
  • If the FortiGate model does not support aggregate interfaces, you need to configure the FortiGate unit to be the Common and Internal Spanning Tree (CIST) by assigning the lowest STP priority to the FortiGate unit and placing each switch in a different region. You can assign the STP priority to the FortiGate unit with the set switch-priority command under config system stp. You can move a switch to another region with the set revision command under config stp-settings.