Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
laupin
New Contributor III

Fortiswitch configuration

Hello everyone!

I'm new with Fortiswitch and I have 6 to integrate now in my network. I have two FGT100E (HA cluster) and I want to manage all the fortiswitch from the Fortigates. I found some configuration step into Fortigate web site but there's some things that I can understans or isn't very clear for me.

Here're my questions:

1. If I configure STP, do I have to configure my fortigates as Root-Bridge?

2. There is some feature or parameter that I have to configure for STP or default configuration is gonna be ok?

3. I'm going to configure LAG between the fortiswitchs and between them and the Fortigates, can I configure the management VLAN inside these LAGs or I have to configure dedicated ports in the fortigate only for management the fortiswitch (Fortilinks)

 

Thanks in advance!

2 REPLIES 2
Prab
New Contributor

laupin wrote:

Hello everyone!

I'm new with Fortiswitch and I have 6 to integrate now in my network. I have two FGT100E (HA cluster) and I want to manage all the fortiswitch from the Fortigates. I found some configuration step into Fortigate web site but there's some things that I can understans or isn't very clear for me.

Here're my questions:

1. If I configure STP, do I have to configure my fortigates as Root-Bridge?

2. There is some feature or parameter that I have to configure for STP or default configuration is gonna be ok?

3. I'm going to configure LAG between the fortiswitchs and between them and the Fortigates, can I configure the management VLAN inside these LAGs or I have to configure dedicated ports in the fortigate only for management the fortiswitch (Fortilinks)

 

Thanks in advance!

Hi Laupin,

 

Please find my comments below to your questions:

 

3. I'm going to configure LAG between the fortiswitchs and between them and the Fortigates, can I configure the management VLAN inside these LAGs or I have to configure dedicated ports in the fortigate only for management the fortiswitch (Fortilinks)

Just a heads up, in case the fortiswitches are being managed by a FortiGate, then it is a bad idea to configure them directly, it might cause inconsistent switch configurations running on the fortiSwitches & the fortiGate. By default the VLAN ID 1 is used for managing the fortiSwitches via the fortiLink. As far as I know, this cannot be changed!

 

1. If I configure STP, do I have to configure my fortigates as Root-Bridge?

2. There is some feature or parameter that I have to configure for STP or default configuration is gonna be ok?

By default STP will do its job, but yes in case you want to make sure that the STP selects a particular device as a Root, then try configuring it manually. I never did it.

 

Hope it was helpful.

Thanks & regards,

Prab :)

laupin
New Contributor III

Thanks a lot. After a lot of troubles with my fortiswitch, I think I'm starting to understand them. You had right, it is a really bad idea to do any change directly into the fortiswitch when they are managed by the Fortigate. Another thing, Fortilinks are very sensible, you have to be sure of what you're configuring because in large environments it could be a nightmare. NTP, LLDP, STP, DHCP Snooping and IGMP snooping are the importants elements to consider in your configuration. I have my network in production now and I'm still having problems with the stability.

Thanks a lot again :)

Labels
Top Kudoed Authors