FortiLink mode supported over a layer-3 network (457103)
This feature allows FortiSwitch islands (FSIs) to operate in FortiLink mode over a layer-3 network, even though they are not directly connected to the switch-controller FortiGate unit. FSIs contain one or more FortiSwitch units.
The following limitations apply to FSIs operating in FortiLink mode over a layer-3 network:
- All FortiSwitch units using this feature must be included in the FortiGate preconfigured switch table.
- No layer-2 data path component, such as VLANs, can span across layer 3 between the FortiGate unit and the FortiSwitch unit.
- All FortiSwitch units within an FSI must be connected to the same FortiGate unit.
- The FortiSwitch unit needs a functioning layer-3 routing configuration to reach the FortiGate unit or any featureconfigured destination, such as syslog or 802.1x.
- Do not connect a layer-2 FortiGate unit and a layer-3 FortiGate unit to the same FortiSwitch unit.
- If the FortiSwitch management port is used for a layer-3 connection to the FortiGate unit, the FSI can contain only one FortiSwitch unit. All switch ports must remain in standalone mode.
- Do not connect a FortiSwitch unit to a layer-3 network and a layer-2 network on the same segment.
- If the network has a wide geographic distribution, some features, such as software downloads, might operate slowly.
To configure a FortiSwitch unit to operate in a layer-3 network:
- Reset the FortiSwitch to factory default settings with the execute factoryreset
- Manually set the FortiSwitch unit to FortiLink mode:
config system global
set switch-mgmt-mode fortilink end
- Configure the discovery setting for the FortiSwitch unit. You can either use DHCP discovery or static discovery.
The default dhcp-option-code is 138.
To use DHCP discovery:
config switch-controller global set ac-discovery dhcp set dhcp-option-code <integer> end
To use static discovery:
config switch-controller global
set ac-discovery static
config ac-list
edit <id>
set ipv4-address <IPv4_address>
next
end
end
- Configure at least one port of the FortiSwitch unit as an uplink port. When the FortiSwitch is in FortiLink mode, VLAN 4094 is configured on an internal port, which can provide a path to the layer-3 network with the following commands:
config switch interface edit <port_number> set fortilink-l3-mode enable
end
end
NOTE: The NTP server must be configured on the FortiSwitch unit either manually or provided by DHCP. The NTP server must be reachable from the FortiSwitch unit.
I have setup Fortiswitches using Layer3 Fortilink. I have a single Fiber uplink to my distribution switches. It is setup as the Fortilink interface and does all layer 2 trunking. I would like to change my uplinks so that I am using a LAG back to my distribution switches (Cisco) to provide redundant links and additional bandwidth.
How would you recommend doing this?