HA-mode FortiGate units using hardware-switch interfaces and STP
In most FortiLink topologies, MCLAG or LAG configurations are used for FortiSwitch redundancy. However, some FortiGate models do not support the FortiLink aggregate interface, or some FortiSwitch models do not support MCLAG.
The following network topology uses a hardware-switch interface on each FortiGate unit. Each FortiSwitch unit is connected to a single port of the hardware-switch interface of the FortiGate unit. The inter-switch link (ISL) between the FortiSwitch units provides redundancy.
For this network topology to function, use the following commands on each FortiLink hardware-switch interface:
config system interface
edit <FortiLink_hardware_switch_interface>
set stp enable
end
NOTE:
- The FortiLink interface uses the Link Layer Discovery Protocol (LLDP) for neighbor detection. LLDP transmission must be enabled with the
set lldp-transmission enable
command before enabling Spanning Tree Protocol (STP). - STP and STP forwarding are both supported by the FortiLink hardware-switch interface.
- The software-switch interface is not supported.
- If the FortiGate model does not support aggregate interfaces, you need to configure the FortiGate unit to be the Common and Internal Spanning Tree (CIST) by assigning the lowest STP priority to the FortiGate unit and placing each switch in a different region. You can assign the STP priority to the FortiGate unit with the
set switch-priority
command underconfig system stp
. You can move a switch to another region with theset revision
command underconfig stp-settings
.