Справочник Пользователя для Fortinet 5003A
FortiGate-5050 fabric backplane communication
Fabric channel layer-2 link aggregation and redundancy
FortiSwitch-5003A and 5003 Fabric and Base Backplane Communications Guide
01-30000-85717-20081205
01-30000-85717-20081205
59
You must also enable the FortiSwitch-5003A board to listen for heartbeat packets
on all of the interfaces connected to FortiGate-5001A boards:
on all of the interfaces connected to FortiGate-5001A boards:
config switch fabric-channel physical-port
edit "slot-3"
set heartbeat enable
next
edit "slot-4"
edit "slot-4"
set heartbeat enable
next
edit "slot-5"
edit "slot-5"
set heartbeat enable
end
Fabric channel layer-2 link aggregation and redundancy
In addition to 802.3ad static mode layer-2 link aggregation and 802.1q VLANs the
FortiSwitch-5003A board also supports 802.1s Multi-Spanning Tree Protocol
(MSTP) for the fabric channels. You can use MSTP to add redundancy to a link
aggregation configuration. Redundancy consists of redundant FortiSwitch-5003A
boards that both distribute traffic to multiple FortiGate-5001A or 5005FA2 boards.
FortiSwitch-5003A board also supports 802.1s Multi-Spanning Tree Protocol
(MSTP) for the fabric channels. You can use MSTP to add redundancy to a link
aggregation configuration. Redundancy consists of redundant FortiSwitch-5003A
boards that both distribute traffic to multiple FortiGate-5001A or 5005FA2 boards.
To be able to use redundant FortiSwitch-5003A boards in one chassis you must
configure MSTP to eliminate loops. You can also use MSTP settings to control
traffic flow and create different kinds of redundant configurations:
configure MSTP to eliminate loops. You can also use MSTP settings to control
traffic flow and create different kinds of redundant configurations:
• An active-passive configuration where the active FortiSwitch-5003A board
receives all traffic and distributes it to the FortiGate-5001A or 5005FA2 boards.
If the active FortiSwitch-5003A board fails, all traffic is diverted to the passive
FortiSwitch-5003A board which takes over distributing traffic to the FortiGate-
5001A or 5005FA2 boards.
If the active FortiSwitch-5003A board fails, all traffic is diverted to the passive
FortiSwitch-5003A board which takes over distributing traffic to the FortiGate-
5001A or 5005FA2 boards.
• An active-active configuration where both FortiSwitch-5003A boards receive
and distribute traffic. If one of the FortiSwitch-5003A boards fails, all traffic is
diverted to the remaining FortiSwitch-5003A board which takes over
distributing all traffic to the FortiGate-5001A or 5005FA2 boards.
diverted to the remaining FortiSwitch-5003A board which takes over
distributing all traffic to the FortiGate-5001A or 5005FA2 boards.
Redundant configurations require a third-party switch that supports MSTP and is
used to connect the FortiSwitch-5003A boards to the networks. You configure
MSTP on the third-party switch and on the FortiSwitch-5003A boards to create a
spanning tree region consisting of spanning tree instances on all three devices. All
three devices must have the same spanning tree instances. Depending on the
requirement, the spanning tree instances can have different priorities on each
device. You can also use the third-party switch to add and remove VLAN tags
from incoming and outgoing traffic.
used to connect the FortiSwitch-5003A boards to the networks. You configure
MSTP on the third-party switch and on the FortiSwitch-5003A boards to create a
spanning tree region consisting of spanning tree instances on all three devices. All
three devices must have the same spanning tree instances. Depending on the
requirement, the spanning tree instances can have different priorities on each
device. You can also use the third-party switch to add and remove VLAN tags
from incoming and outgoing traffic.
The configuration of the spanning tree instances on each device determines
whether you create an active-passive or active-active configuration:
whether you create an active-passive or active-active configuration:
• For an active-passive configuration, you can create one spanning tree
instance on all three devices and give one of the FortiSwitch-5003A boards a
higher priority. This board becomes the active board in the configuration
because spanning tree sends all traffic to the high priority spanning tree
instance. If the active board fails, spanning tree re-directs all traffic to the other
board.
higher priority. This board becomes the active board in the configuration
because spanning tree sends all traffic to the high priority spanning tree
instance. If the active board fails, spanning tree re-directs all traffic to the other
board.