FortiOS 5.6 Online Help Link FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link

Home > Online Help

> Chapter 20 - Managing a FortiSwitch with a FortiGate > Config using FortiGate CLI 

FortiLink Configuration Using FortiGate CLI

This section describes how to configure FortiLink using the FortiGate CLI. We recommend using the FortiGate GUI, because the CLI steps are more complex (and therefore more prone to error).

If you use one of the auto-discovery FortiSwitch ports, you can establish the FortiLink connection (single port or LAG) with zero configuration steps on the FortiSwitch, and with a few simple configuration steps on the FortiGate.

Summary of the Steps

  1. Remove the port(s) from the LAN interface.
  2. Configure the FortLink port or create a logical FortLink interface.
  3. Configure NTP.
  4. Authorize the managed FortiSwitch.
  5. Configure DHPC

Configure FortiLink as a Single Link

Configure the FortiLink port on the FortiGate, and authorize the FortiSwitch as a managed switch.

In the following steps, port1 is configured as the FortiLink port.

  1. If required, remove port 1 from the lan interface:

config system virtual-switch

edit lan

config port

delete port1

end

end

end

 

  1. Configure for port 1 as the FortiLink interface

config system interface

edit port1

set auto-auth-extension-device enable

set fortilink enable

end

end

 

  1. Configure an NTP server on port 1.

config system ntp

set server-mode enable

set interface port1

end

 

  1. Authorize the FortiSwitch unit as a managed switch.

config switch-controller managed-switch

edit FS224D3W14000370

set fsw-wan1-admin enable

end

end

NOTE: FortiSwitch will reboot when you issue the above command.

 

Configure FortiLink as a Logical Interface

You can configure the FortiLink as a logical interface: link-aggregation group (LAG), hardware switch or software switch).

NOTE: LAG is supported on all FortiSwitch models and on FortiGate models FGT-100D and above. Hardware switch is supported on some FortiGate models.

Connect any of the FortiLink-capable ports on the FortiGate to the FortiSwitch.  Make sure that you configure auto-discovery on the FortiSwitch ports (unless the port is a default auto-discovery port).

In the following steps, port4 and port5 are configured as a FortiLink LAG.

  1. If required, remove the FortiLink ports from the lan interface:

config system virtual-switch

edit lan

config port

delete port4

delete port5

end

end

end

 

  1. Create a trunk with the two ports that you connected to the switch:

config system interface

edit flink1 (enter a name, 11 characters maximum)

set allowaccess ping capwap https

set vlanforward enable

set type aggregate

set member port4 port5

set lacp-mode static

set fortilink enable

(optional) set fortilink-split-interface enable

next

end

 

NOTE: you must enable fortilink-split-interface if the members of the aggregate interface connect to more than one FortiSwitch.

 

  1. Configure an NTP server on the LAG interface:

config system ntp

set server-mode enable

set interface flink1

end

 

  1. Authorize the FortiSwitch unit as a managed switch.

config switch-controller managed-switch

edit FS224D3W14000370

set fsw-wan1-admin enable

end

end

NOTE: FortiSwitch will reboot when you issue the above command.

 

  1. Configure a DHCP server on port 1.

config system dhcp server

edit 0

set ntp-service local

set default-gateway 169.254.254.1

set netmask 255.255.255.252

set interface flink1

config ip-range

edit 1

set start-ip 169.254.254.2

set end-ip 169.254.254.2

end

set vci-match enable

set vci-string FortiAP FortiSwitch FortiExtender

end

end