Fortinet black logo

New Features

7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1

Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1

More tests have been added to the FortiSwitch recommendations to help optimize your network:

  • When a connected tier-1 MCLAG peer group is detected and FortiOS detects a possible tier-2 MCLAG pair of switches, FortiOS recommends forming a tier-2 MCLAG.

    After you accept the recommendation, the set lldp-profile default-auto-mclag-icl command is configured on the two switches with the recommended interchassis link (ICL) ports, and the config switch auto-isl-port-group command is configured on the parent MCLAG peer group.

  • When a connected tier-2 MCLAG peer group is detected and FortiOS detects a possible tier-3 MCLAG pair of switches, FortiOS recommends forming a tier-3 MCLAG.

    After you accept the recommendation, the set lldp-profile default-auto-mclag-icl command is configured on the two switches with the recommended ICL ports, and the config switch auto-isl-port-group command is configured on the parent MCLAG peer group.

Note

For detection to be successful, there must be fully meshed connection (each tier-2 FortiSwitcch unit must have a connection to each tier-1 FortiSwitch unit; each tier-3 FortiSwitch unit must have a connection to each tier-2 FortiSwitch unit.
Example

In this example, a FortiGate device manages four FortiSwitch units. Two of the switches already form an MCLAG, and the user wants a second MCLAG tier for redundancy.

  1. In the FortiOS GUI, go to WiFi & Switch Controller > Managed FortiSwitches and verify that the two tier-2 FortiSwitch units are the same model so that they can form an MCLAG.

  2. Go to Security Fabric > Security Rating and click Run Now.

  3. After the security rating report has run, expand the Optimization results to see Enable MC-LAG Tier 2/3.

  4. Go to WiFi & Switch Controller > Managed FortiSwitches and hover over the link connecting the two tier-2 FortiSwitch units. Click Create MC-LAG pair.

  5. In the Create MC-LAG Pair panel, enter the ISL port group name.

  6. The Managed FortiSwitches page shows that the MCLAG is formed for the tier-2 managed FortiSwitch units.

Previous
Next

Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1

More tests have been added to the FortiSwitch recommendations to help optimize your network:

  • When a connected tier-1 MCLAG peer group is detected and FortiOS detects a possible tier-2 MCLAG pair of switches, FortiOS recommends forming a tier-2 MCLAG.

    After you accept the recommendation, the set lldp-profile default-auto-mclag-icl command is configured on the two switches with the recommended interchassis link (ICL) ports, and the config switch auto-isl-port-group command is configured on the parent MCLAG peer group.

  • When a connected tier-2 MCLAG peer group is detected and FortiOS detects a possible tier-3 MCLAG pair of switches, FortiOS recommends forming a tier-3 MCLAG.

    After you accept the recommendation, the set lldp-profile default-auto-mclag-icl command is configured on the two switches with the recommended ICL ports, and the config switch auto-isl-port-group command is configured on the parent MCLAG peer group.

Note

For detection to be successful, there must be fully meshed connection (each tier-2 FortiSwitcch unit must have a connection to each tier-1 FortiSwitch unit; each tier-3 FortiSwitch unit must have a connection to each tier-2 FortiSwitch unit.
Example

In this example, a FortiGate device manages four FortiSwitch units. Two of the switches already form an MCLAG, and the user wants a second MCLAG tier for redundancy.

  1. In the FortiOS GUI, go to WiFi & Switch Controller > Managed FortiSwitches and verify that the two tier-2 FortiSwitch units are the same model so that they can form an MCLAG.

  2. Go to Security Fabric > Security Rating and click Run Now.

  3. After the security rating report has run, expand the Optimization results to see Enable MC-LAG Tier 2/3.

  4. Go to WiFi & Switch Controller > Managed FortiSwitches and hover over the link connecting the two tier-2 FortiSwitch units. Click Create MC-LAG pair.

  5. In the Create MC-LAG Pair panel, enter the ISL port group name.

  6. The Managed FortiSwitches page shows that the MCLAG is formed for the tier-2 managed FortiSwitch units.

Previous
Next