Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.2.8 Administration Guide
    7.2.8
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Media Redundancy Protocol

    Media Redundancy Protocol

    A ring of Ethernet switches can use the Media Redundancy Protocol (MRP) to overcome a failure faster than with STP. An MRP network consists of a ring of switches with one master switch; the rest of the switches are clients. The switches in the ring must use physical ports to form the ring or a single port configured as a static trunk. The MRP ring ports are disabled in STP.

    If a ring has more than one switch that can be master, MRP selects the switch with the highest priority (numerically lower number) as the automanager. If a ring has more than one switch that can be master and the switches have the same priority, MRP selects the switch with the lowest MAC address as the automanager. Each node of the MRP network must be configured as an automanager (master switch) or a client. The MRP network cannot contain both a manually configured master and automanager. The MRP automanager and client switches must have matching parameters, such as MRP VLAN and domain identifier, for the MRP ring to function properly.

    MRP sends three types of frames through the ring ports:

    • MRP_Test frames detect a failure or recovery of a ring port link.
    • MRP_LinkChange frames indicate a failure or recovery of a ring port link.
    • MRP_TopologyChange frames indicate that the MRP network topology has changed.

    Starting in FortiSwitchOS 7.0.0, the FortiSwitch unit supports the following:

    • One MRP ring
    • One automanager per client
    • Ring-check mode
    • The media redundancy interconnection manager (MIM) is not supported.
    • The media redundancy interconnection client (MIC) is not supported.

    Configuring an MRP network

    Configuring an MRP network requires the following steps:

    1. Configure both ring ports with the MRP VLAN as the allowed-vlans or native-vlan.
    2. Use the default MRP profile (500ms) or create a custom MRP profile.
    3. Configure the settings for the MRP master.
    4. Configure the settings for the MRP client.

    NOTE: The MRP VLAN identifier must be configured as allowed-vlans or native-vlan on both ring ports. If there is mismatch between the MRP vlan-id and the ring-ports VLAN, MRP is disabled. If MRP is disabled because of a mismatch, you need to configure both ring ports for the MRP VLAN, and then you can manually enable the MRP status.

    To configure ring-port 1:

    config switch interface

    edit "<ring_port1>"

    set allowed-vlans <1-4094>

    next

    end

    For example:

    config switch interface

    edit "port8"

    set allowed-vlans 4094

    next

    end

    To configure ring-port 2:

    config switch interface

    edit " <ring_port2>"

    set allowed-vlans <1-4094>

    next

    end

    For example:

    config switch interface

    edit "port27"

    set allowed-vlans 4094

    next

    end

    To create a custom MRP profile:

    config switch mrp profile

    edit <MRP_profile_name>

    set default-test-interval <30-50 ms>

    set short-test-interval <10-30 ms>

    set test-monitoring-count <1-5>

    set topology-change-interval <10-20 ms>

    set topology-change-repeat-count <1-5>

    next

    end

    NOTE: With a custom profile, some parameters on the lower range, such as test-monitoring-count and default-test-interval, might make the MRP ring unstable or flapping. Fortinet recommends fine-tuning these parameters in a custom profile to ensure a stable MRP ring.

    To configure the settings for the MRP master:

    config switch mrp settings

    set status enable

    set role automanager

    set domain-id <32_hexadecimal_digits>

    set domain-name <domain_name>

    set vlan-id <1-4094>

    set priority <0-65535>

    set ring-port1 <port_name>

    set ring-port2 <port_name>

    set profile-name {500ms | <custom_profile_name>}

    end

    For example:

    config switch mrp settings

    set status enable

    set role automanager

    set domain-id FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

    set domain-name domain1

    set vlan-id 4094

    set priority 40960

    set ring-port1 port7

    set ring-port2 port8

    set profile-name profile1

    end

    To configure the settings for the MRP client:

    config switch mrp settings

    set status enable

    set role client

    set domain-id <32_hexadecimal_digits>

    set domain-name <domain_name>

    set vlan-id <1-4094>

    set priority <0-65535>

    set ring-port1 <port_name>

    set ring-port2 <port_name>

    set profile-name {500ms | <custom_profile_name>}

    end

    For example:

    config switch mrp settings

    set status enable

    set role client

    set domain-id FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

    set domain-name domain1

    set vlan-id 4094

    set priority <0-65535>

    set ring-port1 port8

    set ring-port2 port27

    set profile-name profile1

    end

    Viewing the MRP configuration

    To display the current MRP settings:

    get switch mrp settings

    To display the current MRP status:

    diagnose switch mrp status

    To display the statistics for the MRP manager:

    diagnose switch mrp stats

    To delete the statistics for the MRP manager:

    diagnose switch mrp clear

    To see the configuration commands for the specified MRP profile:

    show switch mrp profile <MRP_profile_name>

    To see the configuration commands for the MRP settings:

    show switch mrp settings

    Previous
    Next

    Media Redundancy Protocol

    Media Redundancy Protocol

    A ring of Ethernet switches can use the Media Redundancy Protocol (MRP) to overcome a failure faster than with STP. An MRP network consists of a ring of switches with one master switch; the rest of the switches are clients. The switches in the ring must use physical ports to form the ring or a single port configured as a static trunk. The MRP ring ports are disabled in STP.

    If a ring has more than one switch that can be master, MRP selects the switch with the highest priority (numerically lower number) as the automanager. If a ring has more than one switch that can be master and the switches have the same priority, MRP selects the switch with the lowest MAC address as the automanager. Each node of the MRP network must be configured as an automanager (master switch) or a client. The MRP network cannot contain both a manually configured master and automanager. The MRP automanager and client switches must have matching parameters, such as MRP VLAN and domain identifier, for the MRP ring to function properly.

    MRP sends three types of frames through the ring ports:

    • MRP_Test frames detect a failure or recovery of a ring port link.
    • MRP_LinkChange frames indicate a failure or recovery of a ring port link.
    • MRP_TopologyChange frames indicate that the MRP network topology has changed.

    Starting in FortiSwitchOS 7.0.0, the FortiSwitch unit supports the following:

    • One MRP ring
    • One automanager per client
    • Ring-check mode
    • The media redundancy interconnection manager (MIM) is not supported.
    • The media redundancy interconnection client (MIC) is not supported.

    Configuring an MRP network

    Configuring an MRP network requires the following steps:

    1. Configure both ring ports with the MRP VLAN as the allowed-vlans or native-vlan.
    2. Use the default MRP profile (500ms) or create a custom MRP profile.
    3. Configure the settings for the MRP master.
    4. Configure the settings for the MRP client.

    NOTE: The MRP VLAN identifier must be configured as allowed-vlans or native-vlan on both ring ports. If there is mismatch between the MRP vlan-id and the ring-ports VLAN, MRP is disabled. If MRP is disabled because of a mismatch, you need to configure both ring ports for the MRP VLAN, and then you can manually enable the MRP status.

    To configure ring-port 1:

    config switch interface

    edit "<ring_port1>"

    set allowed-vlans <1-4094>

    next

    end

    For example:

    config switch interface

    edit "port8"

    set allowed-vlans 4094

    next

    end

    To configure ring-port 2:

    config switch interface

    edit " <ring_port2>"

    set allowed-vlans <1-4094>

    next

    end

    For example:

    config switch interface

    edit "port27"

    set allowed-vlans 4094

    next

    end

    To create a custom MRP profile:

    config switch mrp profile

    edit <MRP_profile_name>

    set default-test-interval <30-50 ms>

    set short-test-interval <10-30 ms>

    set test-monitoring-count <1-5>

    set topology-change-interval <10-20 ms>

    set topology-change-repeat-count <1-5>

    next

    end

    NOTE: With a custom profile, some parameters on the lower range, such as test-monitoring-count and default-test-interval, might make the MRP ring unstable or flapping. Fortinet recommends fine-tuning these parameters in a custom profile to ensure a stable MRP ring.

    To configure the settings for the MRP master:

    config switch mrp settings

    set status enable

    set role automanager

    set domain-id <32_hexadecimal_digits>

    set domain-name <domain_name>

    set vlan-id <1-4094>

    set priority <0-65535>

    set ring-port1 <port_name>

    set ring-port2 <port_name>

    set profile-name {500ms | <custom_profile_name>}

    end

    For example:

    config switch mrp settings

    set status enable

    set role automanager

    set domain-id FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

    set domain-name domain1

    set vlan-id 4094

    set priority 40960

    set ring-port1 port7

    set ring-port2 port8

    set profile-name profile1

    end

    To configure the settings for the MRP client:

    config switch mrp settings

    set status enable

    set role client

    set domain-id <32_hexadecimal_digits>

    set domain-name <domain_name>

    set vlan-id <1-4094>

    set priority <0-65535>

    set ring-port1 <port_name>

    set ring-port2 <port_name>

    set profile-name {500ms | <custom_profile_name>}

    end

    For example:

    config switch mrp settings

    set status enable

    set role client

    set domain-id FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF

    set domain-name domain1

    set vlan-id 4094

    set priority <0-65535>

    set ring-port1 port8

    set ring-port2 port27

    set profile-name profile1

    end

    Viewing the MRP configuration

    To display the current MRP settings:

    get switch mrp settings

    To display the current MRP status:

    diagnose switch mrp status

    To display the statistics for the MRP manager:

    diagnose switch mrp stats

    To delete the statistics for the MRP manager:

    diagnose switch mrp clear

    To see the configuration commands for the specified MRP profile:

    show switch mrp profile <MRP_profile_name>

    To see the configuration commands for the MRP settings:

    show switch mrp settings

    Previous
    Next