Network Topologies for Managed FortiSwitch

With releases prior to FortiOS 5.4.1, the FortiGate required a separate FortiLink for each managed FortiSwitch. Starting in release FortiOS 5.4.1, the FortiGate requires only one active FortiLink to manage all of the subtending FortiSwitches. We refer to this new capability as "Stacking".

You can configure the FortiLink as a physical interface or as a logical interface (associated with one or more physical interfaces). Depending on the network topology, you may also configure a standby FortiLink.

For any of the topologies, note the following:

  • All of the managed FortiSwitches will function as one Layer-2 stack. The FortiGate manages each FortiSwitch separately.
  • The active FortiLink carries data as well as management traffic.

Supported Topologies

Fortinet recommends the following topologies for managed FortiSwitches:

  • Single FortiGate managing a single FortiSwitch
  • Single FortiGate managing a stack of several FortiSwitches
  • HA-mode FortiGate managing a single FortiSwitch
  • HA-mode FortiGate managing a stack of several FortiSwitches
  • HA-mode FortiGate managing a FortiSwitch two-tier topology
  • Single FortiGate managing multiple FortiSwitches (using hardware or software switch interface)
  • Enterprise/Office Closet Topology

Single FortiGate managing a single FortiSwitch

On the FortiGate, the FortiLink interface is configured as physical or aggregate. The 802.3ad aggregate interface type provides a logical grouping of one or more physical interfaces.

 

Single FortiGate managing a stack of several FortiSwitches

The FortiGate connects directly to one FortiSwitch device using a physical or aggregate interface. The remaining FortiSwitches connect in a ring using inter-switch links.

Optionally, you can connect a standby FortiLink connection to the last FortiSwitch. For this configuration, you create a FortiLink Split-Interface (an aggregate interface which contains one active link and one standby link).

HA-mode FortiGate managing a single FortiSwitch

The primary and secondary FortiGate units both connect a FortiLink to the FortiSwitch. The FortiLink port(s) and interface type must match on the two FortiGate units.

HA-mode FortiGate managing a stack of several FortiSwitches

The primary and secondary FortiGate units both connect a FortiLink to the first FortiSwitch, and (optionally) to the last FortiSwitch. The FortiLink ports and interface type must match on the two FortiGate units.

For the active/standby FortiLink configuration, you create a FortiLink Split-Interface (an aggregate interface which contains one active link and one standby link).

HA-mode FortiGate managing a FortiSwitch two-tier topology

The distribution FortiSwitch connects to the primary and secondary FortiGate units. The FortiLink port(s) and interface type must match on the two FortiGate units.

Single FortiGate managing multiple FortiSwitches (using hardware or software switch interface)

The FortiGate connects directly to each FortiSwitch. Each of these FortiLink ports is added to the logical hardware-switch or software-switch interface on the FortiGate.

Optionally, you can connect other devices to the FortiGate logical interface. These devices will have Layer 2 connectivity with the FortiSwitch ports. The device must support IEEE 802.1q VLAN tagging.

 

Enterprise/Office Closet Topology

HA-mode FortiGates connect to redundant distribution FortiSwitches. Access FortiSwitches are arranged in a stack in each IDF, connected to both distribution switches.

For the FortiLink connection to each distribution switch, you create a FortiLink Split-Interface (an aggregate interface which contains one active link and one standby link).

Stacking Configuration

The configuration steps for stacking include:

  1. Configure the active FortiLink interface on the FortiGate.
  2. (Optional) Configure the standby FortiLink interface.
  3. Connect the FortiSwitches together, based on your chosen topology.

 

1. Configure the Active FortiLink

Configure the FortiLink interface (as described in the FortiLink Configuration section).

When you configure the FortiLink interface, stacking capability is enabled automatically.

2. Configure the Standby FortiLink

Configure the standby FortiLink interface. Depending on your configuration, the standby FortiLink may connect to the same FortiGate as the active Fortilink, or to a different FortiGate.

If the FortiGate receives discovery requests from two FortiSwitches, the link from one FortiSwitch will be selected as active and the link from other FortiSwitch will be selected as standby.

If the active FortiLink fails, FortiGate converts the standby FortiLink to active.

3. Connect the FortiSwitches

Refer to the topology diagrams to see how to connect the FortiSwitches.

Inter-switch links (ISLs) form automatically between the stacked switches.

FortiGate will discover and authorize all of the FortiSwitches that are connected. After this, the FortiGate is ready to manage all of the authorized FortiSwitches.

Disable Stacking

To disable stacking, execute the following command from the FortiGate CLI. In the following example, port4 is the FortiLink interface:

config system interface

edit port4

set fortilink-stacking disable

end

end