Fortinet 5003 User Manual

Page 35

Advertising
background image

FortiGate-5140 fabric backplane communication

Fabric channel layer-2 link aggregation

FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide
01-30000-85717-20081205

35

The FortiSwitch-5003A configuration consists of adding a trunk named trunk_6

that aggregates backplane slots 6, 8, 9, 10, 11, and 13:

config switch fabric-channel trunk

edit "trunk_6"

set members "slot-6" "slot-8" "slot-9" "slot-10"

"slot-11" "slot-13"

end

Allow VLAN packets on the FortiSwitch-5003A F7 front panel interface and the
trunk:

config switch fabric-channel interface

edit "f7"

set allowed-vlans 1,100-101

next
edit "trunk_6"

set allowed-vlans 1,100-101

end

The traffic enters and exits the FortiGate-5001A boards using the fabric1
interface. You must add two VLAN interfaces to the fabric1 interface, one for
traffic from the Internal network and one for traffic from the external network. Then
you must add firewall policies for traffic between these VLAN interfaces.

For example, you could name the VLAN interfaces vlan_fab1_100 and
vlan_fab1-101. From the FortiGate-5001A CLI enter:

config system interface

edit vlan_fab1_100

set interface fabric1
set vlanid 100
set vdom root
etc...

next
edit vlan_fab1_101

set interface fabric1
set vlanid 101
set vdom root
etc...

end

Then you can add vlan_fab1_100 to vlan_fab1-101 firewall policies the data

traffic.

You should also configure the FortiGate-5001A boards to send heartbeat packets
over the fabric1 channel so that the FortiSwitch-5003A board can verify that the
FortiGate-5001A boards are functioning. Each FortiGate-5001A board sends 10
heartbeat packets per second from each fabric interface. The packets are type
255 bridge protocol data unit (BPDU) packets. From the FortiGate-5001A CLI
enter:

config system global

set fortiswitch-heartbeat enable

end

Note: On some versions of the FortiGate-5001A firmware, when a FortiGate-5001A board
includes a FortiGate-RTM-XB2 module, the fabric1 and fabric2 interfaces are replaced with
interfaces that are named RTM/1 and RTM/2 to indicate the presence of the
FortiGate-RTM-XB2 module. Configuration settings that include the fabric1 and fabric2
interface names will have to be changed to use the RTM/1 and RTM/2 interface names.

Advertising
Popular Brands
Popular manuals