FortiSwitch Stand Alone Configuration in a Cisco Environment
HTML-код
- Опубликовано: 6 окт 2024
- Basic Configuration of a FortiSwitch when it is being connected to Cisco switches.
If you want to configure the switch through the CLI instead of the GUI. The commands are below:
config system global
set hostname Newswitch
set timezone 06
end
config system interface
edit "internal"
set mode static
set ip 10.2.2.5/24
next
edit "data"
set snmp-index 31
set vlanid 3
set interface "internal"
next
edit "Voice"
set snmp-index 32
set vlanid 4
set interface "internal"
config router static
edit 1
set dst 0.0.0.0 0.0.0.0
set gateway 10.2.2.1
next
end
config system admin
edit "admin"
set accprofile "super_admin"
set password XXXXXXXXXXXXXXXX
next
edit "mark"
set trusthost1 10.2.2.0 255.255.255.0
set accprofile "super_admin"
set password XXXXXXXXXXXXXXXX
next
end
Make sure you are plugged into Port 24.
config switch interface
edit "port1"
set allowed-vlans 1,3-4
set edge-port disabled
next
edit "port2"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port3"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port4"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port5"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port6"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port7"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port8"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port9"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port10"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port11"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port12"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port13"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port14"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port15"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port16"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port17"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port18"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port19"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
edit "port20"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
next
Do not set the auto-discovery-fortilink to disable on a port if you are going to plug in into another Fortinet. This is disabling Fortilink and I would recommend using it so you can manage the switch through a firewall.
edit "port21"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
set auto-discovery-fortilink disable
next
edit "port22"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
set auto-discovery-fortilink disable
next
edit "port23"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
set auto-discovery-fortilink disable
end
Change management interface native Vlan
config switch interface
edit "internal"
set native-vlan 3
end
This should kick you off, because port 24 should still be directing untagged traffic to VLAN1 and you will have to move your network cable to another port. However, it did automatically switch the native vlan to 3 on port 24 when I did this video. If it does that you will not be cutoff.
edit "port24"
set native-vlan 3
set allowed-vlans 3-4
set untagged-vlans 3
set auto-discovery-fortilink disable
end
config switch lldp profile
edit default
config med-network-policy
edit voice
set vlan 4
set sdcp 46
set status enable
end
config switch lldp profile
edit trunk
unset med-tlvs
end
I'm using this profile to connect to a Cisco switch. If you are connecting into a Fortigate you will want to use the default auto-isl profile. This enables the Fortigate to manage the Fortiswitch with Fortilink.
config switch physical-port
edit port1
set lldp-profile trunk
exit
![Chicken P - People's Favorite (Remix) [Feat. 42 Dugg] (Official Video)](http://i.ytimg.com/vi/a6Bn8FEtxmY/mqdefault.jpg)
Great vid, amazing explanation, would appreciate it if you could show us LACP config, and HA in fortinet switches, not sure if they support stack, vlt/vpc , or just configure a trunk between 2 fortiswitches for HA.
Thanks, I still don't have two Fortinet switches, but I could do a video between Fortinet and HPE switch. Future video and thanks!
Hey Mark, Can you show me how to connect a FortiSwitch 424E directly to a Cisco ASR1001, I am having an issue making this work. I can access the ASR thru the fortiswitch and I can also access the fortiswitch, both with IP's on my vlan1, I need to connect to a vlan 4 and a vlan 35 but not working.
Thanks so much, good guide. I have the same scenario with the trunk over SFP ports, but I can't make it ping to the gateway, even when the static route has been created. Also, every time I tried to change the "internal" interface native-vlan, to be able to admin the switch later from any port, shows me this error:
Native Vlan id cannot be same as system interface vlan. Conflicting SVI: VLAN-709object set operator error, -56 discard the settingCommand fail. Return code -56
I had the same issue, I added the IP on the VLAN interface rather than on the internal interface and changed the static route to work only on the management vlan. it then could ping and work
Is the static route the same as what Cisco call the Default Gateway? I assume FortiSwitch cannot do L3.
Thanks! No, this is a legitimate static route. This Fortinet can perform basic L3 static routing. Unlike Cisco L2 switches where the default gateway is the same as a computer default gateway and does not allow additional routing.
👍