beautypg.com

Fortinet 5003 User Manual

Page 59

background image

FortiGate-5050 fabric backplane communication

Fabric channel layer-2 link aggregation and redundancy

FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide
01-30000-85717-20081205

59

You must also enable the FortiSwitch-5003A board to listen for heartbeat packets
on all of the interfaces connected to FortiGate-5001A boards:

config switch fabric-channel physical-port

edit "slot-3"

set heartbeat enable

next
edit "slot-4"

set heartbeat enable

next
edit "slot-5"

set heartbeat enable

end

Fabric channel layer-2 link aggregation and redundancy

In addition to 802.3ad static mode layer-2 link aggregation and 802.1q VLANs the
FortiSwitch-5003A board also supports 802.1s Multi-Spanning Tree Protocol
(MSTP) for the fabric channels. You can use MSTP to add redundancy to a link
aggregation configuration. Redundancy consists of redundant FortiSwitch-5003A
boards that both distribute traffic to multiple FortiGate-5001A or 5005FA2 boards.

To be able to use redundant FortiSwitch-5003A boards in one chassis you must
configure MSTP to eliminate loops. You can also use MSTP settings to control
traffic flow and create different kinds of redundant configurations:

• An active-passive configuration where the active FortiSwitch-5003A board

receives all traffic and distributes it to the FortiGate-5001A or 5005FA2 boards.
If the active FortiSwitch-5003A board fails, all traffic is diverted to the passive
FortiSwitch-5003A board which takes over distributing traffic to the FortiGate-
5001A or 5005FA2 boards.

• An active-active configuration where both FortiSwitch-5003A boards receive

and distribute traffic. If one of the FortiSwitch-5003A boards fails, all traffic is
diverted to the remaining FortiSwitch-5003A board which takes over
distributing all traffic to the FortiGate-5001A or 5005FA2 boards.

Redundant configurations require a third-party switch that supports MSTP and is
used to connect the FortiSwitch-5003A boards to the networks. You configure
MSTP on the third-party switch and on the FortiSwitch-5003A boards to create a
spanning tree region consisting of spanning tree instances on all three devices. All
three devices must have the same spanning tree instances. Depending on the
requirement, the spanning tree instances can have different priorities on each
device. You can also use the third-party switch to add and remove VLAN tags
from incoming and outgoing traffic.

The configuration of the spanning tree instances on each device determines
whether you create an active-passive or active-active configuration:

• For an active-passive configuration, you can create one spanning tree

instance on all three devices and give one of the FortiSwitch-5003A boards a
higher priority. This board becomes the active board in the configuration
because spanning tree sends all traffic to the high priority spanning tree
instance. If the active board fails, spanning tree re-directs all traffic to the other
board.