Fortinet 5003A User Manual
TM
FortiSwitch-5003A
System Guide
A detailed guide to the FortiSwitch-5003A system. This FortiSwitch-5003A System Guide describes the
FortiSwitch-5003A hardware features, how to install the FortiSwitch-5003A board in a FortiGate-5000 series chassis,
and how to configure the FortiSwitch-5003A system.
The most recent versions of this and all FortiGate-5000 series documents are available from the FortiGate-5000 page of
the Fortinet Technical Documentation web site (http://docs.forticare.com).
Visit http://support.fortinet.com to register your FortiSwitch-5003A system. By registering you can receive product
updates, technical support, and FortiGuard services.
FortiSwitch-5003A System Guide
Preliminary-01-30000-77803-20080917
Warnings and cautions
!
!
Only trained and qualified personnel should be allowed to install or maintain FortiGate-5000 series
equipment. Read and comply with all warnings, cautions and notices in this document.
CAUTION: Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used Batteries According
to the Instructions.
Caution: You should be aware of the following cautions and warnings before installing FortiGate-5000 series
hardware
• Turning off all power switches may not turn off all power to the FortiGate-5000 series equipment. Some
circuitry in the FortiGate-5000 series equipment may continue to operate even though all power
switches are off. Follow all instructions in the procedures in this document for disconnecting
FortiGate-5000 series equipment from power sources, telecommunications links and networks before
installing, or removing FortiGate-5000 series components, or performing other maintenance tasks.
Failure to do following these instructions can result in personal injury or equipment damage.
• Install FortiGate-5000 series chassis at the lower positions of a rack to avoid making the rack top-heavy
and unstable.
• Do not insert metal objects or tools into open chassis slots.
• Electrostatic discharge (ESD) can damage FortiGate-5000 series equipment. Only perform the
procedures described in this document from an ESD workstation. If no such station is available, you
can provide some ESD protection by wearing an anti-static wrist strap and attaching it to an available
ESD connector such as the ESD sockets provided on FortiGate-5000 series chassis.
• Make sure all FortiGate-5000 series components have reliable grounding. Fortinet recommends direct
connections to the building ground.
• If you install a FortiGate-5000 series component in a closed or multi-unit rack assembly, the operating
ambient temperature of the rack environment may be greater than room ambient. Make sure the
operating ambient temperature does not exceed Fortinet’s maximum rated ambient temperature.
• Installing FortiGate-5000 series equipment in a rack should be such that the amount of airflow required
for safe operation of the equipment is not compromised.
• FortiGate-5000 series chassis should be installed by a qualified electrician.
• FortiGate-5000 series equipment shall be installed and connected to an electrical supply source in
accordance with the applicable codes and regulations for the location in which it is installed. Particular
attention shall be paid to use of correct wire type and size to comply with the applicable codes and
regulations for the installation / location. Connection of the supply wiring to the terminal block on the
equipment may be accomplished using Listed wire compression lugs, for example, Pressure Terminal
Connector made by Ideal Industries Inc. or equivalent which is suitable for AWG 10. Particular attention
shall be given to use of the appropriate compression tool specified by the compression lug
manufacturer, if one is specified.
FortiSwitch-5003A System Guide
01-30000-77803-20080917
Contents
Contents
Warnings and cautions ..................................................................................... 2
FortiSwitch-5003A system ................................................ 5
Front panel LEDs and connectors ................................................................... 6
LEDs ............................................................................................................. 7
Base channel interfaces................................................................................ 8
Fabric channel interfaces .............................................................................. 9
Front panel connectors ............................................................................... 10
FortiSwitch-5003A configurations ................................................................. 10
Base and fabric gigabit switching within a chassis...................................... 10
Base and fabric 10-gigabit switching within a chassis ................................ 11
Layer-2 link aggregation and redundancy configurations ........................... 12
Hardware installation....................................................... 13
Setting the FortiSwitch-5003A configuration switch.................................... 13
FortiSwitch-5003A mounting components.................................................... 15
Inserting a FortiSwitch-5003A board ............................................................. 16
Removing a FortiSwitch-5003A board ........................................................... 18
Resetting a FortiSwitch-5003A board ............................................................ 20
Troubleshooting .............................................................................................. 20
FortiSwitch-5003A does not startup ............................................................ 20
Quick Configuration Guide ............................................. 21
Registering your Fortinet product ................................................................. 21
Factory default settings .................................................................................. 21
Basic configuration ......................................................................................... 22
Upgrading FortiSwitch-5003A firmware ........................................................ 23
Additional configuration ................................................................................. 23
For more information....................................................... 25
Fortinet documentation................................................................................... 25
Fortinet Tools and Documentation CD ........................................................ 25
Fortinet Knowledge Center ........................................................................ 25
Comments on Fortinet technical documentation ........................................ 25
Customer service and technical support ...................................................... 25
Register your Fortinet product....................................................................... 25
FortiSwitch-5003A System Guide
01-30000-77803-20080917 3
Contents
FortiSwitch-5003A System Guide
4 01-30000-77803-20080917
FortiSwitch-5003A system
FortiSwitch-5003A system
The FortiSwitch-5003A board provides 10/1-gigabit fabric backplane channel
layer-2 switching and 1-gigabit base backplane channel layer-2 switching in a
dual star architecture for the FortiGate-5140 and FortiGate-5050 chassis. The
FortiSwitch-5003A board provides a total capacity of 200 Gigabits per second
(Gbps) throughput.
The FortiGate-5140 chassis is a 14-slot ATCA chassis and the FortiGate-5050
chassis is a 5-slot ATCA chassis. In both chassis the FortiSwitch-5003A board is
installed in the first and second hub/switch fabric slots. For most versions of the
FortiGate-5140 and 5050 chassis the hub/switch fabric slots are slots 1 and 2. For
more information about these chassis see the FortiGate-5140 Chassis Guide and
the FortiGate-5140 Chassis Guide.
You can use the FortiSwitch-5003A board for fabric and base backplane layer-2
switching for FortiGate-5000 boards installed in slots 3 and up in FortiGate-5140
and FortiGate-5050 chassis. Usually you would use the base channel for
management traffic (for example, HA heartbeat traffic) and the fabric channel for
data traffic. FortiSwitch-5003A boards can be used for fabric and base backplane
layer-2 switching within a single chassis and between multiple chassis.
The FortiSwitch-5003A system also supports 802.3ad layer-2 link aggregation,
802.1q VLANs, and 802.1s Multi-Spanning Tree Protocol (MTSP) for the fabric
channels. You can use these features to configure link aggregation and support
redundant FortiSwitch-5003A switch configurations to distribute traffic to multiple
FortiGate-5000 boards. The FortiGate-5000 boards must operate in Transparent
mode, all are managed separately and all must have the same configuration.
A FortiSwitch-5003A board in hub/switch fabric slot 1 provides communications
on fabric channel 1 and base channel 1. A FortiSwitch-5003A board in hub/switch
fabric slot 2 provides communications on fabric channel 2 and base channel 2. If
your chassis includes one FortiSwitch-5003A board you can install it in hub/switch
fabric slot 1 or 2 and configure the FortiGate-5000 boards installed in the chassis
to use the correct fabric and base backplane interfaces.
For a complete 10-gigabit fabric backplane solution you must install
FortiGate-5000 hardware that supports 10-gigabit connections. For example, a
FortiGate-5001A board combined with a FortiGate-RTM-XB2 module provides
two 10-gigabit fabric interfaces. You can install the FortiGate-5001A boards in
chassis slots 3 and up and FortiGate-RTM-XB2 modules in the corresponding
RTM slots on the back of the chassis.
The FortiSwitch-5003A board includes the following features:
• One 1-gigabit base backplane channel for layer-2 base backplane switching
between FortiGate-5000 boards installed in the same chassis as the
FortiSwitch-5003A
• One 10/1-gigabit fabric backplane channel for layer-2 fabric backplane
switching between FortiGate-5000 boards installed in the same chassis as the
FortiSwitch-5003A
• Two front panel base backplane one-gigabit copper gigabit interfaces (B1 and
B2) that connect to the base backplane channel
FortiSwitch-5003A System Guide
01-30000-77803-20080917 5
Front panel LEDs and connectors FortiSwitch-5003A system
Figure 1: FortiSwitch-5003A front panel
Base Network
Activity LEDs
Fabric Network
Activity LEDs
B1 B2
Base 1G
Copper
Healthy
LED
Active
LED
BASE 10G Optical
or Copper SFP
Fault
LED
14/F8 F7 F6 F5 F4 F3 F2 F1
Fabric 10G Optical or Copper SFP
Reset
Switch
Hot Swap
LED
Retention
Screw
Extraction
Lever
Retention
Screw
Extraction
Lever
RJ-45 COM
Port
MGMT 1G
Copper
Interface
OOS
LED
• One front panel base backplane 10-gigabit optical or copper SFP+ interface
(BASE 10G) that connects to the base backplane channel
• Eight front panel fabric backplane 10-gigabit optical or copper SFP+ interfaces
(14/F8, F7, F6, F5, F4, F3, F2, and F1)
• One gigabit out of band management ethernet interface (MGMT)
• One RJ-45, RS-232 serial console connection (COM)
• Mounting hardware
• LED status indicators
• IEEE 802.1q VLANs
• IEEE 802.3ad layer-2 link aggregation
• Link aggregation using a hash algorithm based on source and destination IP
addresses
• Multi-Spanning Tree Protocol (MTSP) (IEEE 802.1s) to support redundant
FortiSwitch-5003A boards and external MTSP-compatible switches
• Heartbeat between FortiGate-5001A and FortiGate-5005FA2 boards and the
FortiSwitch-5003A over the fabric channel to support MTSP (configurable from
the FortiGate-5001A and FortiGate-5005FA2 systems)
• Standard FortiOS command line interface (CLI) for configuring fabric switch
settings (VLANs, MTSP, trunks, and so on)
Front panel LEDs and connectors
From the FortiSwitch-5003A font panel you can view the status of the board LEDs
to verify that the board is functioning normally. The front panel includes a reset
switch for restarting the FortiSwitch-5003A board.
The front panel also contains connectors to the fabric and base channels, an out
of band management ethernet interface, and an RJ-45 RS-232 console port for
connecting to the FortiSwitch-5003A CLI.
FortiSwitch-5003A System Guide
6 01-30000-77803-20080917
FortiSwitch-5003A system Front panel LEDs and connectors
LEDs
Ta bl e 1 lists and describes the FortiSwitch-5003A front panel LEDs.
Table 1: FortiSwitch-5003A front panel LEDs and switches
LED State Description
OOS (Out of Service) Off Normal operation.
Red Out of service. The LED turns on if the
ACT (Active) Green The FortiSwitch-5003A board is powered on and
Yellow Caution status. Caution status is indicated by the
Off The board is not connected to power.
HTY (Healthy) Green The FortiSwitch-5003A board is powered on and
Off The board health system has detected a fault.
FLT (Fault) Off Normal operation.
Yellow Cannot establish a link to a configured interface or
RST (Reset switch) Press and hold Reset for three seconds to restart the
Base Network Activity
LEDs
Fabric Network
Activity LEDs
MGMT, B1,
B2
(Management
and base
1-gigabit
LEDs)
Link/Act
(Left
LED)
Speed
(Right
LED)
FortiSwitch-5003A board.
Solid
Green
Blinking
Green
Off No link.
Solid
Green
Blinking
Green
Off No link.
Solid
Green
Blinking
Green
Off No Link
Green Connection at 1 Gbps.
Amber Connection at 100 Mbps.
Off Connection at 10 Mbps.
FortiSwitch-5003A board fails. The LED may also
flash briefly when the board is powering on.
operating normally.
fault condition of the HTY and FLT LEDs.
operating normally.
another connection problem external to the
FortiSwitch-5003A board. This LED may indicate
issues that do not affect normal operation.
Indicates this interface is connected to the 1-gigabit
base channel interface of a FortiGate-5000 board.
Table 2 on page 8 lists the base network activity
LEDs and the interface that each represents.
Indicates 1-gigabit network traffic on this interface.
Indicates this interface is connected to the
10/1-gigabit fabric channel interface of a
FortiGate-5000 board. Table 4 on page 10 lists the
fabric network activity LEDs and the interface that
each represents.
Indicates 10/1-gigabit network traffic on this interface.
Table 4 on page 10 lists the fabric network activity
LEDs and the interface that each represents.
Indicates this interface is connected with the correct
cable and the attached network device has power.
Indicates network traffic on this interface.
FortiSwitch-5003A System Guide
01-30000-77803-20080917 7
Front panel LEDs and connectors FortiSwitch-5003A system
Table 1: FortiSwitch-5003A front panel LEDs and switches (Continued)
LED State Description
Solid
BASE 10G, 14/F8, F7,
F6, F5, F4, F3, F2, F1
(Base and Fabric 10
gigabit LEDs)
HS (Hot Swap) Blue The FortiSwitch-5003A is ready to be hot-swapped
Green
Blinking
Green
Off No link.
Flashing
Blue
Off Normal operation. The FortiSwitch-5003A board is in
Indicates this interface is connected to a 10-gigabit
network device with the correct cable and the
attached network device has power.
Indicates 10-gigabit network traffic on this interface.
(removed from the chassis). If the HS light is blue
and no other LEDs are lit the FortiSwitch-5003A
board has lost power.
The FortiSwitch-5003A is changing from hot swap to
running mode or from running mode to hot swap.
This happens when the FortiSwitch-5003A board is
starting up or shutting down.
contact with the chassis backplane.
Base channel interfaces
Tab le 2 lists and describes the FortiSwitch-5003A base backplane channel
interfaces. The base backplane interfaces are not configurable or visible from the
FortiSwitch-5003A CLI.
Figure 2: FortiSwitch-5003A base network activity LEDs
Table 2: Base channel interfaces and network activity LEDs
Interface
Name
SH1 If the FortiSwitch-5003A board is in the first hub/switch fabric slot, this
15 and SH2 Not used.
2/1 Base channel connection between base channels 1 and 2.
3 to 14 Base channel connection to FortiGate-5000 boards in chassis slots 3 to
Description
LED indicates a backplane connection to shelf manager 1. If the
FortiSwitch-5003A board is in second hub/switch fabric slot this LED
indicates a backplane connection to shelf manager 2.
This LED may not be lit even if a shelf manager is present if the shelf
manager is configured to use its front panel interface.
The 2/1 LED is lit if there is any board capable of connecting to the base
channel in the other slot. For example, if the FortiSwitch-5003A board is
installed in the first hub/switch fabric slot, this LED will be lit if any board
is installed in the second hub/switch fabric slot, including a
FortiSwitch-5003A board or any FortiGate-5000 board.
14.
FortiSwitch-5003A System Guide
8 01-30000-77803-20080917
Loading...