Fortinet black logo

FortiLink Guide

Home FortiSwitch 7.2.0 FortiLink Guide
7.2.0
7.4.2
7.4.1
7.4.0
7.2.6
7.2.4
7.2.1
7.2.0

Zero-touch management

Zero-touch management

Starting in FortiSwitchOS 7.2.0 with FortiOS 7.2.0, zero-touch management is now more efficient for new FortiSwitch units. When a new FortiSwitch unit is started, by default, it will connect to the available manager, which can be a FortiGate device, FortiLAN Cloud, or FortiSwitch Manager.

Only one manager can be used at a time. Although FortiSwitchOS does not prevent more than one manager being chosen, a FortiSwitch unit cannot be authorized for more than one manager in most cases.

The FortiSwitch configuration does not need to be backed up before the FortiSwitch unit is managed, and the FortiSwitch unit does not need to be restarted when it becomes managed.

Tooltip

For a FortiSwitch unit that has already been configured, Fortinet recommends resetting the FortiSwitch unit to the factory defaults with the execute factoryreset command before upgrading to FortiSwitchOS 7.2.0 with FortiOS 7.2.0; otherwise, the FortiSwitch unit might not come online or might have a configuration synchronization error.

Under zero-touch management, the following settings are applied as factory defaults:

  • All switch interfaces have VLAN 1 as the native VLAN.

  • The internal system interface is set to VLAN 1, as well as all front-panel ports.

  • The mgmt and internal interfaces have DHCP enabled.

  • Auto topology is enabled.

    To disable auto topology, use the following commands:

    config switch auto-network

    set status disable

    end

  • All ports are enabled for FortiLink auto-discovery.

  • FortiLAN Cloud is enabled.

  • FortiLink CAPWAP discovery is enabled.

  • When a layer-2 network is detected, the Multiple Spanning Tree Protocol (MSTP) is applied to instances 0 and 15., and the internal switch interface is changed to a native VLAN of 4094.

  • When a layer-3 network is detected, a static interchassis link (ICL) is created.

When the connection mode is DHCP, the gateway IP address is taken from the DHCP server by default (set defaultgw enable under the config system interface command) for both the internal and mgmt interfaces, which could prevent FortiLink from working (if multiple default routes are provided, FortiSwitchOS uses equal-cost multi-path routing [ECMP] to determine the route). If you are using DHCP for both mgmt and internal interfaces, Fortinet recommends resolving this conflict by disabling the default gateway on the interface that will not be used for managing FortiSwitch (set defaultgw disable under the config system interface command).

Previous
Next

Zero-touch management

Starting in FortiSwitchOS 7.2.0 with FortiOS 7.2.0, zero-touch management is now more efficient for new FortiSwitch units. When a new FortiSwitch unit is started, by default, it will connect to the available manager, which can be a FortiGate device, FortiLAN Cloud, or FortiSwitch Manager.

Only one manager can be used at a time. Although FortiSwitchOS does not prevent more than one manager being chosen, a FortiSwitch unit cannot be authorized for more than one manager in most cases.

The FortiSwitch configuration does not need to be backed up before the FortiSwitch unit is managed, and the FortiSwitch unit does not need to be restarted when it becomes managed.

Tooltip

For a FortiSwitch unit that has already been configured, Fortinet recommends resetting the FortiSwitch unit to the factory defaults with the execute factoryreset command before upgrading to FortiSwitchOS 7.2.0 with FortiOS 7.2.0; otherwise, the FortiSwitch unit might not come online or might have a configuration synchronization error.

Under zero-touch management, the following settings are applied as factory defaults:

  • All switch interfaces have VLAN 1 as the native VLAN.

  • The internal system interface is set to VLAN 1, as well as all front-panel ports.

  • The mgmt and internal interfaces have DHCP enabled.

  • Auto topology is enabled.

    To disable auto topology, use the following commands:

    config switch auto-network

    set status disable

    end

  • All ports are enabled for FortiLink auto-discovery.

  • FortiLAN Cloud is enabled.

  • FortiLink CAPWAP discovery is enabled.

  • When a layer-2 network is detected, the Multiple Spanning Tree Protocol (MSTP) is applied to instances 0 and 15., and the internal switch interface is changed to a native VLAN of 4094.

  • When a layer-3 network is detected, a static interchassis link (ICL) is created.

When the connection mode is DHCP, the gateway IP address is taken from the DHCP server by default (set defaultgw enable under the config system interface command) for both the internal and mgmt interfaces, which could prevent FortiLink from working (if multiple default routes are provided, FortiSwitchOS uses equal-cost multi-path routing [ECMP] to determine the route). If you are using DHCP for both mgmt and internal interfaces, Fortinet recommends resolving this conflict by disabling the default gateway on the interface that will not be used for managing FortiSwitch (set defaultgw disable under the config system interface command).

Previous
Next