FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 19 - Managing a FortiSwitch with a FortiGate > Set-up

Getting Started

This chapter describes how to configure the FortiGate to provide remote management for FortiSwitch units.

The FortiGate requires a one-time configuration task to enable the Switch Controller on the FortiGate.

Adding a new managed FortiSwitch is very simple. You connect a cable from a port on the FortiGate to the designated FortiLink port on the FortiSwitch. Using the FortiGate GUI, you then set two simple configuration settings. No configuration changes are required on the FortiSwitch (one change is required in FortiSwitchOS releases prior to 3.3.0).

Optionally, you can also configure remote management access directly to the FortiSwitch.

Enable the Switch Controller on FortiGate

Prior to configuring the first managed FortiSwitch, you must enable the Switch Controller on the FortiGate unit. If the main left menu already contains the WiFi & Switch Controller entry, you can skip this step.

Using the FortiGate web-based manager
  1. Go to System > Config > Features.
  2. Set the WiFi & Switch Controller feature to on.
  3. Select Apply.

The menu now includes the WiFi & Switch Controller entry.

Using the FortiGate CLI

Use the following command to enable the Switch Controller and set the reserved subnetwork for the controller:

config system global

set switch-controller enable

set switch-controller-reserved-network 169.254.254.0 255.255.255.0

end

Adding a Managed FortiSwitch with FortiGate GUI

The procedure to add a new managed FortiSwitch consists of the following simple steps using the FortiGate GUI:

Note: For FortiSwitchOS releases prior to 3.3.0, you must Set the FortiSwitch to remote management mode prior to starting step 1
  1. Connect a cable from the designated FortiSwitch port to an unused port on the FortiGate. For example, use port 24 on the FS-224D-POE switch. Refer to FortiLink Port for each FortiSwitch Model for additional information.
  2. Go to System > Network > Interfaces and edit an internal port on the FortiGate.
  3. Set Addressing mode to Dedicate to Extension Device.
  4. Select OK.
  5. Go to WiFi & Switch Controller > Managed Devices > Managed FortiSwitch.
    The new FortiSwitch should now be displayed in the table.
  6. Right-click on the FortiSwitch and select Authorize.

 

After a delay (while FortiGate processes the request), an icon with a green checkmark appears in the Status column. For smaller FortiSwitch models, such as FS-108D-POE, the delay may be up to 3 minutes.

Set the FortiSwitch to remote management mode

Use the FortiSwitch web-based manager or the CLI to set remote management mode.

Note: This configuration step is not required in FortiSwitchOS release 3.3.0 or later releases.

Using the FortiSwitch web-based manager
  1. Go to System > Dashboard > Status and locate the System Information widget.
  2. Beside Operation Mode, select Change.
  3. Change Management Mode to FortiGate Remote Management.
  4. Select OK.
  5. A warning will appear, asking if you wish to continue. Select OK.
Using the FortiSwitch CLI

Use the following command to change the FortiSwitch management mode:

config system global

set switch-mgmt-mode fortilink

end

 

The FortiSwitch unit is now ready to be connected to the FortiGate unit.

FortiLink Port for each FortiSwitch Model

Each FortiSwitch model provides one designated port for the FortiLink connection. The table below lists the FortiLink port for each model:

FortiSwitch Model Port for FortiLink connection
FS-28C WAN port 1
FS-324B-POE Management Port
FS-448B (10G only) WAN port (uplink 1)
FS-348B Last port (port 48)
For all D-series switches, use the last (highest number) port for FortiLink. For example:
FS-108D-POE Last port (port 10)
FSR-112D-POE Last port (port 12)
FS-124D Last port (port 26).
May require an SFP module. See note below the table.
FS-224D-POE Last port (port 24)
FS-224D-FPOE Last port (port 28).
May require an SFP module. See note below the table.

 

Note: FortiSwitch 3.3.1 and later releases support the use of an RJ-45 port for FortiLink.
Please contact Fortinet Customer Support for additional information.

FortiLink Ports for Each FortiGate Model

For all FortiGate models, you can connect up to 16 FortiSwitches to one FortiGate unit.

The following table shows the ports for each model of FortiGate that can be FortiLink-dedicated.

FortiGate Model Ports for FortiLink connection
FGT-90D, FGT-90D-POE
FWF-90D, FWF-90D-POE 		port1 - port14
FGT-60D, FGT-60D-POE
FWF-60D, FWF-60D-POE 		port1 - port7
FGT-100D port1 - port16
FGT-140D , 140D-POE, 140D-POE-T1 port1 - port36
FGT-200D port1 - port16
FGT-240D port1 - port40
FGT-280D, FGT-280D-POE port1 - port84
FGT-600C port3 - port22
FGT-800C port3 - port24
FGT-1000C port3 - port14, port23 - port24

Adding a Managed FortiSwitch with FortiGate CLI

We recommend that you add a new managed FortiSwitch using the FortiGate GUI. However, the following steps show how to add a new managed FortiSwitch using the FortiGate CLI. In these steps, the FortiGate port1 is configured as the FortiLink port:

  1. If required, remove port 1 from the lan interface:

config system virtual-switch

edit lan

config port

delete port1

end

end

end

 

  1. Configure the interface for port 1.

config system interface

edit port1

set ip 172.20.120.10 255.255.255.0

set allowaccess capwap

set vlanforward enable

end

end

 

  1. Configure an NTP server on port 1.

config system ntp

set server-mode enable

set interface port1

end

 

  1. Authorize the FortiSwitch unit as a managed switch.

config switch-controller managed-switch

edit FS224D3W14000370

set fsw-wan1-admin enable

end

end

NOTE: FortiSwitch will reboot when you issue the above command.

 

  1. Configure a DHCP server on port 1.

config system dhcp server

edit 0

set netmask 255.255.255.252

set interface port1

config ip-range

edit 0

set start-ip 169.254.254.2

set end-ip 169.254.254.50

end

set vci-match enable

set vci-string FortiSwitch

set ntp-service local

end

end

Configuring FortiSwitch Remote Management Port

If the FortiSwitch model has a dedicated management port, you can configure remote management to the FortiSwitch. In FortiLink mode, the FortiGate is the default gateway, so you need to configure an explicit route for the FortiSwitch management port.

From the FortiSwitch CLI, enter the following commands:

config router static

edit 1

set device mgmt

set gateway <router IP address>

set dst <router subnet> <subnet mask>

end

end

 

In the following example, the FortiSwitch management port is connected to a router with IP address 192.168.0.10:

config router static

edit 1

set device mgmt

set gateway 192.168.0.10

set dst 192.168.0.0 255.255.0.0

end

end

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy