MCLAG configuration for access ports
A multichassis LAG (MCLAG) provides node-level redundancy by grouping two FortiSwitch models together so that they appear as a single switch on the network. If either switch fails, the MCLAG continues to function without any interruption, increasing network resiliency and eliminating the delays associated with the Spanning Tree Protocol (STP). For the network topologies, see Dual-homed servers connected to a pair of FortiSwitch units using an MCLAG and Standalone FortiGate unit with dual-homed FortiSwitch access.
MCLAG requirements
- Both peer switches should be of the same hardware model and same software version. Mismatched configurations might work but are unsupported.
- There is a maximum of two FortiSwitch models per MCLAG.
- The routing feature is not available within an MCLAG.
- When min_bundle or max_bundle is combined with MCLAG, the bundle limit properties are applied only to the local aggregate interface.
- On the global switch level,
mclag-stp-aware
must be enabled, and STP must be enabled on all ICL trunks.
NOTE: If you are going to use IGMP snooping with an MCLAG topology:
- On the global switch level,
mclag-igmp-aware
must be enabled, - The
igmps-flood-traffic
andigmps-flood-report
settings must be disabled on the ISL and FortiLink trunks; but theigmps-flood-traffic
andigmps-flood-report
settings must be enabled on ICL trunks. - IGMP proxy must be enabled.
Using the GUI
- Go to WiFi & Switch Controller > FortiSwitch Ports.
- Select Create New > Trunk.
- Enter a name for the MCLAG trunk.
- For the MC-LAG status, select Enabled to create an active MCLAG trunk.
- For the mode, select Static, Passive LACP, or Active LACP.
- Set to Static for static aggregation. In this mode, no control messages are sent, and received control messages are ignored.
- Set to Passive LACP to passively use LACP to negotiate 802.3ad aggregation.
- Set to Active LACP to actively use LACP to negotiate 802.3ad aggregation.
- For trunk members, select Select Members, select the ports to include in the MCLAG trunk, and then select OK to save the trunk members.
- Select OK to save the MCLAG configuration.
The ports are listed as part of the MCLAG trunk on the FortiSwitch Ports page.
After the FortiSwitch units are configured as MCLAG peer switches, any port that supports advanced features on the FortiSwitch can become a LAG port. When mclag
is enabled and the LAG port names match, an MCLAG peer set is automatically formed. The member ports for each FortiSwitch in the MCLAG do not need to be identical to the member ports on the peer FortiSwitch.
If you disable the MCLAG ICL (with the |
Using the CLI
Configure a trunk in each switch that is part of the MCLAG pair:
- The trunk name for each switch must be the same.
- The port members for each trunk can be different.
- After you enable MCLAG, you can enable LACP if needed.
config switch-controller managed-switch
edit "<switch-id>"
config ports
edit "<trunk name>"
set type trunk
set mode {static | lacp-passive | lacp-active}
set members "<port>,<port>"
set mclag enable
next
end
next
Variable |
Description |
Default |
---|---|---|
<switch-id> |
FortiSwitch serial number. |
No default |
<trunk name> |
Enter a name for the MCLAG trunk. |
No default |
type trunk |
Set the interface type to a trunk port. |
physical |
mode {static | lacp-passive | lacp-active} |
Set the LACP mode. |
lacp-active |
members "<port>,<port>" |
Set the aggregated LAG bundle interfaces. |
No default |
mclag enable |
Enable or disable the MCLAG. |
disable |
Log into each managed FortiSwitch to check the MCLAG configuration with the following command:
diagnose switch mclag
When an MCLAG is formed, the time on all FortiSwitch units is synchronized with an NTP server. To confirm that each FortiSwitch in the MCLAG is using an NTP server, use the following command:
show system ntp