FortiLink configuration using the FortiGate CLI
This section describes how to configure FortiLink using the FortiGate CLI. Fortinet recommends using the FortiGate GUI because the CLI procedures are more complex (and therefore more prone to error).
If you use one of the auto-discovery FortiSwitch ports, you can establish the FortiLink connection (single port or LAG) with no configuration steps on the FortiSwitch and with a few simple configuration steps on the FortiGate.
Summary of the procedure
- Remove the port(s) from the LAN interface.
- Configure the FortLink port or create a logical FortLink interface if it is required on the model you are using.
- Configure NTP.
- Authorize the managed FortiSwitch.
- Configure DHCP.
Configure FortiLink as a single link
Configure the FortiLink port on the FortiGate and authorize the FortiSwitch as a managed switch.
In the following steps, port 1 is configured as the FortiLink port.
- If required, remove port 1 from the lan interface:
config system virtual-switch
edit lan
config port
delete port1
end
end
end
- Configure port 1 as the FortiLink interface:
config system interface
edit port1
set auto-auth-extension-device enable
set fortilink enable
end
end
- Configure an NTP server on port 1:
config system ntp
set server-mode enable
set interface port1
end
- Authorize the FortiSwitch unit as a managed switch.
config switch-controller managed-switch
edit FS224D3W14000370
set fsw-wan1-admin enable
end
end
FortiSwitch will reboot when you issue the set fsw-wan1-admin enable command.
Configure FortiLink as a logical interface
You can configure the FortiLink as a logical interface: link-aggregation group (LAG), hardware switch, or software switch).
LAG is supported on all FortiSwitch models and on FortiGate models FGT-100D and above. Hardware switch is supported on some FortiGate models.
Connect any of the FortiLink-capable ports on the FortiGate to the FortiSwitch. Ensure that you configure auto-discovery on the FortiSwitch ports (unless it is auto-discovery by default).
In the following procedure, port 4 and port 5 are configured as a FortiLink LAG.
- If required, remove the FortiLink ports from the lan interface:
config system virtual-switch
edit lan
config port
delete port4
delete port5
end
end
end
- Create a trunk with the two ports that you connected to the switch:
config system interface
edit flink1 (enter a name, 11 characters maximum)
set allowaccess ping capwap https
set vlanforward enable
set type aggregate
set member port4 port5
set lacp-mode static
set fortilink enable
(optional) set fortilink-split-interface enable
next
end
If the members of the aggregate interface connect to more than one FortiSwitch, you must enable fortilink-split-interface.
- Authorize the FortiSwitch unit as a managed switch.
config switch-controller managed-switch
edit FS224D3W14000370
set fsw-wan1-admin enable
end
end
FortiSwitch will reboot when you issue the set fsw-wan1-admin enable command.