Fortinet 5003 User Manual
Page 35
FortiGate-5140 fabric backplane communication
Fabric channel layer-2 link aggregation
FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide
01-30000-85717-20081205
35
The FortiSwitch-5003A configuration consists of adding a trunk named trunk_6
that aggregates backplane slots 6, 8, 9, 10, 11, and 13:
config switch fabric-channel trunk
edit "trunk_6"
set members "slot-6" "slot-8" "slot-9" "slot-10"
"slot-11" "slot-13"
end
Allow VLAN packets on the FortiSwitch-5003A F7 front panel interface and the
trunk:
config switch fabric-channel interface
edit "f7"
set allowed-vlans 1,100-101
next
edit "trunk_6"
set allowed-vlans 1,100-101
end
The traffic enters and exits the FortiGate-5001A boards using the fabric1
interface. You must add two VLAN interfaces to the fabric1 interface, one for
traffic from the Internal network and one for traffic from the external network. Then
you must add firewall policies for traffic between these VLAN interfaces.
For example, you could name the VLAN interfaces vlan_fab1_100 and
vlan_fab1-101. From the FortiGate-5001A CLI enter:
config system interface
edit vlan_fab1_100
set interface fabric1
set vlanid 100
set vdom root
etc...
next
edit vlan_fab1_101
set interface fabric1
set vlanid 101
set vdom root
etc...
end
Then you can add vlan_fab1_100 to vlan_fab1-101 firewall policies the data
traffic.
You should also configure the FortiGate-5001A boards to send heartbeat packets
over the fabric1 channel so that the FortiSwitch-5003A board can verify that the
FortiGate-5001A boards are functioning. Each FortiGate-5001A board sends 10
heartbeat packets per second from each fabric interface. The packets are type
255 bridge protocol data unit (BPDU) packets. From the FortiGate-5001A CLI
enter:
config system global
set fortiswitch-heartbeat enable
end
Note: On some versions of the FortiGate-5001A firmware, when a FortiGate-5001A board
includes a FortiGate-RTM-XB2 module, the fabric1 and fabric2 interfaces are replaced with
interfaces that are named RTM/1 and RTM/2 to indicate the presence of the
FortiGate-RTM-XB2 module. Configuration settings that include the fabric1 and fabric2
interface names will have to be changed to use the RTM/1 and RTM/2 interface names.