Setup MCLAG Trunks between FortiSwitch and VMware
If you have MCLAG setup on FortiSwitches, you can setup static Trunks to the ESXi hosts for redundant connections.
I’ve used this with FortiOS 6.2 and 6.4 with VMware 6.7. I’ve only attempted this with FortiGate Managed FortiSwitch, I believe - but can’t confirm - that this is a requirement. (I’m pretty sure MCLAG only works when the FortiSwitches are Managed by a FortiGate.)
Directions are below.
Requirments:
- Two FortiSwitches capable of MCLAG (Model 200+)
- Two NIC ports in the ESXi hosts
- One cable from the ESXi host connecting to each switch
vSwitch Standard Settings
I’ve only tested this with Standard vSwitches, so my directions will only cover them.
Create a vSwitch for the ESXi host with the Teaming and Failover settings as follows:
- Load Balancing set to ‘Route based on IP hash’
- Network Failure Detection to ‘Link status only’
- Teaming and Failover setting for the NICs to have both NICs as Active
FortiSwitch Settings
With the switches already setup for MCLAG, create a new Trunk.
- Set MCLAG to Enabled
- Set the Mode to Static
That is all the config required.
Make sure your hosts are cabled correctly and you should have redundant connections.
You will need to assign the correct Native and Allowed VLANs - just like any other connection type. If you have Device Detection enabled for those VLANs the FortiGate will start to report the VMs as connected to the ports - in my experience the VM names only show up on one of the Trunk links at a time, I believe because of how vSphere/ESXi assigns VM NICs to Physical NICs…