lTheigmps-flood-trafficandigmps-flood-reportsettings must bedisabledon the ISL and FortiLinktrunks; but theigmps-flood-trafficandigmps-flood-reportsettings must beenabledon ICL trunks.These settings are enabled by default.lIGMP proxy must be enabled.Step 1: Ensure the MCLAG ICL is already configured between FortiSwitch 1 and FortiSwitch 2.diagnose switch-controller switch-info mclag iclStep 2: For each server, configure a trunk with MCLAG enabled. For server 1, select port10 onFortiSwitch 1 and FortiSwitch 2. For server 2, select port15 on FortiSwitch 1 and FortiSwitch 2.For details, refer toMCLAG trunks on page 74.Step 4: Verify the MCLAG configuration.diagnose switch-controller switch-info mclag listFortiSwitch 7.0.2 FortiSwitch Devices Managed by FortiOS 7.060Fortinet, Inc.
MCLAG peer groupsMulti-tiered MCLAG with HA-mode FortiGate unitsUse the following procedure to deploy tier-2 and tier-3 MCLAG peer groups from the FortiGate switch controller withoutthe need for direct console access to the FortiSwitch units.NOTE:lFortinet recommends using at least two links for ICL redundancy.lBefore FortiOS 6.2.0, when using HA-mode FortiGate units to manage FortiSwitch units, the HA mode must beactive-passive. Starting in FortiOS 6.2.0, the FortiGate HA mode can be either active-passive or active-active.lIn this topology, you must use theauto-isl-port-groupsetting as described in the following configurationexample. This setting instructs the switches to group ports from MCLAG peers together into one MCLAG when theinter-switch link (ISL) is formed.lTheauto-isl-port-groupsetting must be done directly on the FortiSwitch unit.lOn the global switch level,mclag-stp-awaremust be enabled, and STP must be enabled on all ICL trunks. Theyare both enabled by default.NOTE:If you are going to use IGMP snooping with an MCLAG topology:lOn the global switch level,mclag-igmpsnooping-awaremust be enabled. It is enabled by default.lTheigmps-flood-trafficandigmps-flood-reportsettings must bedisabledon the ISL and FortiLinktrunks; but theigmps-flood-trafficandigmps-flood-reportsettings must beenabledon ICL trunks.These settings are enabled by default.lIGMP proxy must be enabled.To create a three-tier FortiLink MCLAG topology, use FortiOS 6.2.3 GA or later and FortiSwitchOS 6.2.3 GA or later.Tier-1 MCLAGWire the two core FortiSwitch units to the FortiGate devices. To configure the FortiSwitch units in the core, seeTransitioning from a FortiLink split interface to a FortiLink MCLAG on page 57.FortiSwitch 7.0.2 FortiSwitch Devices Managed by FortiOS 7.061Fortinet, Inc.
MCLAG peer groupsTier-2 and Tier-3 MCLAGs1.Connectonlythe tier-2 MCLAG FortiSwitch units 3 and 4 to the core units 1 and 2 (leaving the other switches inCloset 1 disconnected). Wait until they are discovered and authorized (authorization must be done manually if auto-authorization is disabled).
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 209 pages?
Upload your study docs or become a
Course Hero member to access this document
Term
Fall
Professor
NoProfessor
Tags
Network switch, FortiSwitch
