FortiLink configuration using the FortiGate CLI
This section describes how to configure FortiLink using the FortiGate CLI. Fortinet recommends using the FortiGate GUI because the CLI procedures are more complex (and therefore more prone to error).
If you use one of the auto-discovery FortiSwitch ports, you can establish the FortiLink connection (single port or LAG) with no configuration steps on the FortiSwitch and with a few simple configuration steps on the FortiGate unit.
You can also configure FortiLink mode over a layer-3 network.
Summary of the procedure
- Configure FortiLink on a physical port or configure FortiLink on a logical interface.
- Configure NTP.
- Authorize the managed FortiSwitch unit.
- Configure DHCP.
Configure FortiLink on a physical port
Configure FortiLink on any physical port on the FortiGate unit and authorize the FortiSwitch unit as a managed switch.
In the following steps, port 1 is configured as the FortiLink port.
- If required, remove port 1 from the lan interface:
config system virtual-switch edit lan config port delete port1
end
end
end
- Configure port 1 as the FortiLink interface:
config system interface edit port1 set auto-auth-extension-device enable set fortilink enable
end
end
- Configure an NTP server on port 1:
config system ntp set server-mode enable set interface port1 end
- Authorize the FortiSwitch unit as a managed switch.
config switch-controller managed-switch edit FS224D3W14000370 set fsw-wan1-admin enable
end
end
NOTE: FortiSwitch will reboot when you issue the set fsw-wan1-admin enable command.
Configure FortiLink on a logical interface
You can configure FortiLink on a logical interface: link-aggregation group (LAG), hardware switch, or software switch).
NOTE: LAG is supported on all FortiSwitch models and on FortiGate models FGT-100D and above. Hardware switch is supported on some FortiGate models.
Connect any of the FortiLink-capable ports on the FortiGate to the FortiSwitch. Ensure that you configure autodiscovery on the FortiSwitch ports (unless it is auto-discovery by default).
In the following procedure, port 4 and port 5 are configured as a FortiLink LAG.
- If required, remove the FortiLink ports from the lan interface:
config system virtual-switch edit lan config port delete port4 delete port5
end
end
end
- Create a trunk with the two ports that you connected to the switch:
config system interface edit flink1 (enter a name, 11 characters maximum) set allowaccess ping capwap https set vlanforward enable set type aggregate set member port4 port5 set lacp-mode static set fortilink enable
(optional) set fortilink-split-interface enable next
end
NOTE: If the members of the aggregate interface connect to more than one FortiSwitch, you must enable fortilink-split-interface.
- Authorize the FortiSwitch unit as a managed switch.
config switch-controller managed-switch edit FS224D3W14000370
set fsw-wan1-admin enable
end
end
NOTE: FortiSwitch will reboot when you issue the set fsw-wan1-admin enable command.