Fortinet black logo

Deployment overview

7.0.0
Copy Link
Copy Doc ID 89ed3d92-8935-11ec-9fd1-fa163e15d75b:688440
Download PDF

Deployment overview

The deployment example uses the large-campus reference architecture. There are three buildings with three floors in each building.

Building 1

The Services department is in Building 1

The Communications room of Building 1 has the two FortiGate units in an HA cluster. There is a full-mesh configuration of the two FortiGate units and the two FortiSwitch units. The links are 100G.

The Building 1 cabinet contains the MCLAG peer group with four 10G inter-chassis links (ICLs). There are 100G uplinks to the core level, 10G downlinks to the Floor 3, and 40G downlinks to Floors 1 and 2. There are additional 10G ports for severs or more switches.

Floors 1 and 2 each use an MCLAG peer group for critical infrastructure, including the wireless network, and use 40G uplinks. The switches are dual-homed for redundancy and to increase the bandwidth. There are additional 10G ports for severs or more switches. Additional 1G and 2.5G ports can be used for endpoints, video, and so on.

Floor 3 contains eight switches in a ring topology, which provide the switch infrastructure for the wireless network. The switches use 10G uplinks. Additional 1G and 2.5G ports can be used for endpoints, video, and so on.

Building 2

The Operations department is in Building 2.

The Building 2 cabinet contains the MCLAG peer group with three 10G ICLs. There are 100G uplinks to the core level and 10G downlinks to Floors 1, 2, and 3. There are additional 10G ports for severs or more switches.

Floors 1, 2, and 3 each contain eight switches in a ring topology, which provides the switch infrastructure for the wireless network. The switches use 10G uplinks. Additional 1G and 2.5G ports can be used for endpoints, video, and so on.

Building 3

The Engineering department is in Building 3.

The Building 3 cabinet contains two MCLAG peer groups:

  • One MCLAG peer group has three 10G ICLs. There are 100G uplinks to the core level and 10G downlinks to Floors 1, 2, and 3. There are additional 10G ports for severs or more switches.

  • The other MCLAG peer group provides critical infrastructure and has three 100G ICLs and 100G downlinks to Floors 1, 2, and 3.

Floors 1, 2, and 3 each contain four switches in a ring topology, which provides the switch infrastructure for the wireless network. The switches use 10G uplinks. Additional 1G and 2.5G ports can be used for endpoints, video, and so on.

On each floor, an MCLAG peer group provides critical infrastructure with 100G uplinks and 10G downlinks. There are additional 10G ports for severs or more switches. Additional 1G and 2.5G ports can be used for the engineering environment.

The access ports in the large-campus example are distributed as follows:

Speed of access ports

Number of access ports

1G

1,408

2.5G

416

10G

318

100G/40G

100

Total

2,242

Additional capacity is available if more switches are added on each floor. For example, for 10,000 1G access ports, add twenty 48-port switches per floor.

Deployment plan

  1. Configure the core level.

  2. Configure the distribution level.

  3. Configure the access level.

    1. For the MCLAG peer groups (Building 1, Floors 1 and 2, and Building 3, Floors 1, 2, and 3), configure each MCLAG peer group before you configure the other switches to be dual-homed.

    2. For the switches in the ring topologies, connect the FortiSwitch units with uplinks to the distribution level, wait until the switches are managed, and then connect the rest of the FortiSwitch units.

Deployment overview

The deployment example uses the large-campus reference architecture. There are three buildings with three floors in each building.

Building 1

The Services department is in Building 1

The Communications room of Building 1 has the two FortiGate units in an HA cluster. There is a full-mesh configuration of the two FortiGate units and the two FortiSwitch units. The links are 100G.

The Building 1 cabinet contains the MCLAG peer group with four 10G inter-chassis links (ICLs). There are 100G uplinks to the core level, 10G downlinks to the Floor 3, and 40G downlinks to Floors 1 and 2. There are additional 10G ports for severs or more switches.

Floors 1 and 2 each use an MCLAG peer group for critical infrastructure, including the wireless network, and use 40G uplinks. The switches are dual-homed for redundancy and to increase the bandwidth. There are additional 10G ports for severs or more switches. Additional 1G and 2.5G ports can be used for endpoints, video, and so on.

Floor 3 contains eight switches in a ring topology, which provide the switch infrastructure for the wireless network. The switches use 10G uplinks. Additional 1G and 2.5G ports can be used for endpoints, video, and so on.

Building 2

The Operations department is in Building 2.

The Building 2 cabinet contains the MCLAG peer group with three 10G ICLs. There are 100G uplinks to the core level and 10G downlinks to Floors 1, 2, and 3. There are additional 10G ports for severs or more switches.

Floors 1, 2, and 3 each contain eight switches in a ring topology, which provides the switch infrastructure for the wireless network. The switches use 10G uplinks. Additional 1G and 2.5G ports can be used for endpoints, video, and so on.

Building 3

The Engineering department is in Building 3.

The Building 3 cabinet contains two MCLAG peer groups:

  • One MCLAG peer group has three 10G ICLs. There are 100G uplinks to the core level and 10G downlinks to Floors 1, 2, and 3. There are additional 10G ports for severs or more switches.

  • The other MCLAG peer group provides critical infrastructure and has three 100G ICLs and 100G downlinks to Floors 1, 2, and 3.

Floors 1, 2, and 3 each contain four switches in a ring topology, which provides the switch infrastructure for the wireless network. The switches use 10G uplinks. Additional 1G and 2.5G ports can be used for endpoints, video, and so on.

On each floor, an MCLAG peer group provides critical infrastructure with 100G uplinks and 10G downlinks. There are additional 10G ports for severs or more switches. Additional 1G and 2.5G ports can be used for the engineering environment.

The access ports in the large-campus example are distributed as follows:

Speed of access ports

Number of access ports

1G

1,408

2.5G

416

10G

318

100G/40G

100

Total

2,242

Additional capacity is available if more switches are added on each floor. For example, for 10,000 1G access ports, add twenty 48-port switches per floor.

Deployment plan

  1. Configure the core level.

  2. Configure the distribution level.

  3. Configure the access level.

    1. For the MCLAG peer groups (Building 1, Floors 1 and 2, and Building 3, Floors 1, 2, and 3), configure each MCLAG peer group before you configure the other switches to be dual-homed.

    2. For the switches in the ring topologies, connect the FortiSwitch units with uplinks to the distribution level, wait until the switches are managed, and then connect the rest of the FortiSwitch units.