FortiSwitch-5003B
System Guide
This FortiSwitch-5003B System Guide describes FortiSwitch-5003B hardware features, how to install a
FortiSwitch-5003B board in a FortiGate-5000 series chassis, and how to configure the FortiSwitch-5003B system for your
network.
The most recent versions of this and all FortiGate-5000 series documents are available from the FortiGate-5000 page of
the Fortinet Technical Documentation web site (http://docs.fortinet.com).
Access to Fortinet customer services, such as firmware updates, support, and FortiGuard services, requires product
registration. You can register your FortiSwitch-5003B at http://support.fortinet.com.
FortiSwitch-5003B System Guide
01-400-134822-20120216
Warnings and cautions
Only trained and qualified personnel should be allowed to install or maintain
FortiGate-5000 series equipment. Read and comply with all warnings, cautions and
notices in this document.
• Risk of Explosion if Battery is replaced by an Incorrect Type. Dispose of Used
Batteries According to the Instructions.
• Turning off all power switches may not turn off all power to the FortiGate-5000 series
equipment. Some circuitry in the FortiGate-5000 series equipment may continue to
operate even though all power switches are off.
• FortiGate-5000 equipment must be protected by a readily accessible disconnect
device or circuit breaker that can be used for product power down emergencies.
• Many FortiGate-5000 components are hot swappable and can be installed or
removed while the power is on. But some of the procedures in this document may
require power to be turned off and completely disconnected. Follow all instructions in
the procedures in this document that describe disconnecting FortiGate-5000 series
equipment from power sources, telecommunications links and networks before
installing, or removing FortiGate-5000 series components, or performing other
maintenance tasks. Failure to follow the instructions in this document can result in
personal injury or equipment damage.
• Install FortiGate-5000 series chassis at the lower positions of a rack to avoid making
the rack top-heavy and unstable.
• Do not insert metal objects or tools into open chassis slots.
• Electrostatic discharge (ESD) can damage FortiGate-5000 series equipment. Only
perform the procedures described in this document from an ESD workstation. If no
such station is available, you can provide some ESD protection by wearing an
anti-static wrist strap and attaching it to an available ESD connector such as the ESD
sockets provided on FortiGate-5000 series chassis.
• Make sure all FortiGate-5000 series components have reliable grounding. Fortinet
recommends direct connections to the building ground.
• If you install a FortiGate-5000 series component in a closed or multi-unit rack
assembly, the operating ambient temperature of the rack environment may be greater
than room ambient. Make sure the operating ambient temperature does not exceed
Fortinet’s maximum rated ambient temperature.
• Installing FortiGate-5000 series equipment in a rack should be such that the amount
of airflow required for safe operation of the equipment is not compromised.
• FortiGate-5000 series chassis should be installed by a qualified electrician.
• FortiGate-5000 series equipment shall be installed and connected to an electrical
supply source in accordance with the applicable codes and regulations for the
location in which it is installed. Particular attention shall be paid to use of correct wire
type and size to comply with the applicable codes and regulations for the installation /
location. Connection of the supply wiring to the terminal block on the equipment may
be accomplished using Listed wire compression lugs, for example, Pressure Terminal
Connector made by Ideal Industries Inc. or equivalent which is suitable for AWG-10.
Particular attention shall be given to use of the appropriate compression tool specified
by the compression lug manufacturer, if one is specified.
• This product is only intended for use in a Restricted Access Location.
FortiSwitch-5003B System Guide
01-400-134822-20120216
http://docs.fortinet.com/
FortiSwitch-5003B
Contents
Warnings and cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
FortiSwitch-5003B system 5
Physical description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Front panel components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About the SH1 and SH2 LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Fabric channel interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
More about Fabric backplane interfaces and chassis slots . . . . . . . . . . . . 11
Base channel interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Front panel connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
FortiSwitch-5003B configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Base and fabric switching within a chassis . . . . . . . . . . . . . . . . . . . . 14
Fabric 10-gigabit switching within a chassis. . . . . . . . . . . . . . . . . . . . 15
Enhanced Load Balance Clustering (ELBC) . . . . . . . . . . . . . . . . . . . . . . 15
Hardware installation 17
Installing SFP+ transceivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Changing FortiSwitch-5003B SW2 switch settings . . . . . . . . . . . . . . . . . . 18
FortiSwitch-5003B mounting components . . . . . . . . . . . . . . . . . . . . . . . 20
Inserting a FortiSwitch-5003B board . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Shutting down and removing a FortiSwitch-5003B board . . . . . . . . . . . . . . . 24
Power cycling a FortiSwitch-5003B board . . . . . . . . . . . . . . . . . . . . . . . 26
Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
FortiSwitch-5003B does not startup . . . . . . . . . . . . . . . . . . . . . . . . 27
FortiSwitch-5003B status LED is flashing during system operation . . . . . . . . 27
Quick Configuration Guide 29
Registering your Fortinet product . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Factory default settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Basic configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Web-based Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Upgrading FortiSwitch-5000 series firmware . . . . . . . . . . . . . . . . . . . . . 32
FortiSwitch-5003B System Guide
01-400-134822-20120216 3
http://docs.fortinet.com/
Contents
Additional configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Disabling the front panel F8 interface and enabling the fabric
backplane interconnect (slot-1/2) . . . . . . . . . . . . . . . . . . . . . . . . . 33
Disabling the front panel F8 interface and enabling the slot-14
fabric interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Changing the system time and host name. . . . . . . . . . . . . . . . . . . . . 34
Changing the switch fabric-channel configuration. . . . . . . . . . . . . . . . . 34
For more information 35
Training Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Technical Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Comments on Fortinet technical documentation . . . . . . . . . . . . . . . . . 35
Customer service and support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Fortinet products End User License Agreement . . . . . . . . . . . . . . . . . . . . 35
4 01-400-134822-20120216
FortiSwitch-5003B System Guide
http://docs.fortinet.com/
FortiSwitch-5003B
FortiSwitch-5003B system
The FortiSwitch-5003B board is an Advanced Telecommunications Computing
Architecture (ATCA) compliant hub/switch board that provides 10-gigabit fabric and
1-gigabit base backplane channel layer-2 switching in a dual star architecture. The
FortiSwitch-5003B board provides a total capacity of 225 Gigabits per second (Gbps)
throughput.
The FortiSwitch-5003B board can be installed in any ATCA chassis that can provide
sufficient power and cooling. You can install FortiSwitch-5003B boards in a
FortiGate-5060 chassis and in selected versions of the NEBS-compliant
FortiGate-5140-R chassis. Table 1 lists FortiGate-5000 series chassis that can support
the FortiSwitch-5003B board. For most up-to-date list of all chassis that can support the
FortiSwitch-5003B board see the FortiSwitch-5003B Release Notes.
Table 1: FortiGate-5000 series chassis that support the FortiSwitch-5003B board
Chassis
Model
FG-5140B C4GL51-01BD-0000 P09297-01 FG514B3Y12000xxx
FG-5060 C4FN27-01AA-0000 P08588-01 FG50603S1XXXXXXX
FG-5140 C4GL51-01BC-0000 P05355-01 FG51403S0900000X
FG-5140 C4GL51-02BC-0000 P05355-02 FG51403S090010XX
FG-5140 C4DH67-01AA-0000 P05853-01 FG51403S090020XX
FG-5140 C4DH67-02AA-0000 P05853-02 FG51403S1003XXXX
In all ATCA chassis FortiSwitch-5003B boards are installed in the first and second
hub/switch slots. For most versions of FortiGate chassis the hub/switch slots are slots 1
and 2. For more information about FortiGate-5000 series chassis see the FortiGate-5000
Chassis Guides page of the Fortinet Technical Documentation web site.
You can use the FortiSwitch-5003B board for fabric and base backplane layer-2
switching for FortiGate-5000 boards installed in slots 3 and up in FortiGate-5140 and
FortiGate-5060 chassis. Usually you would use the base channel for management traffic
(for example, HA heartbeat traffic) and the fabric channel for data traffic.
FortiSwitch-5003B boards can be used for fabric and base backplane layer-2 switching
within a single chassis and between multiple chassis.
The FortiSwitch-5003B system also supports LACP (802.3ad) link aggregation, 802.1q
VLANs, and 802.1s Multiple Spanning Tree Protocol (MSTP) for the fabric channels. You
can use these features to configure link aggregation and support redundant
FortiSwitch-5003B switch configurations to distribute traffic to multiple FortiGate-5000
boards. The FortiGate-5000 boards can operate in NAT/Route or Transparent mode.
Hardware ID System Part Number Serial Number
FortiSwitch-5003B System Guide
01-400-134822-20120216 5
http://docs.fortinet.com/
Figure 1: FortiSwitch-5003B front panel
1/2 to 14 Base Network
Activity LEDs
1/2 to 14 Fabric
Network Activity LEDs
Factory Use
RJ-45
Console
10 Gig Fibre Channel
F1 to F8
SFP+ Interfaces
FortiSwitch-5003B system
B1 and B2
10 Gig Base Channel
SFP+ Interfaces
IPM
LED
(board
position)
Retention
Screw
Extraction
Lever
OOS
LED
PWR
LED
STA
LED
ACC
LED
MGMT
10/100/1000 Copper
Management Interface
Retention
Screw
Extraction
Lever
A FortiSwitch-5003B board in hub/switch slot 1 provides communications on fabric
channel 1 and base channel 1. A FortiSwitch-5003B board in hub/switch slot 2 provides
communications on fabric channel 2 and base channel 2. If your chassis includes one
FortiSwitch-5003B board you can install it in hub/switch slot 1 or 2 and configure the
FortiGate-5000 boards installed in the chassis to use the correct fabric and base
backplane interfaces.
For a complete 10-gigabit fabric backplane solution you must install FortiGate-5000
hardware that supports 10-gigabit connections. For example:
• FortiGate-5001B boards include 10-gigabit fabric backplane interfaces. You can
install the FortiGate-5001B boards in chassis slots 3 and up.
• FortiGate-5001A boards must be combined with FortiGate-RTM-XB2 or FortiGateRTM-XD2 modules to support 10-gigabit fabric interfaces. You can install the
FortiGate-5001A boards in chassis slots 3 and up and FortiGate-RTM-XB2 or
FortiGate-RTM-XD2 modules in the corresponding RTM slots on the back of the
chassis.
The FortiSwitch-5003B board includes the following features:
• One 1-gigabit base backplane channel for layer-2 base backplane switching between
FortiGate-5000 series boards installed in the same chassis as the FortiSwitch-5003B
board. The base backplane channel includes 13 1-gigabit connections to up to 13
other slots in the chassis (Slots 2 to 14 if the FortiSwitch-5003B board is installed in
slot 1. Slots 1 and 3 to 14 if the FortiSwitch-5003B board is installed in slot 2.).
• One 10-gigabit fabric backplane channel for layer-2 fabric backplane switching
between FortiGate-5001B boards installed in the same chassis as the
FortiSwitch-5003B board. The fabric backplane channel includes 13 10-gigabit
connections to up to 13 other slots in the chassis (Slots 2 to 14 if the
FortiSwitch-5003B board is installed in slot 1. Slots 1 and 3 to 14 if the
FortiSwitch-5003B board is installed in slot 2.).
By default, FortiSwitch-5003B boards with part numbers lower than P11000-01 could
not connect to the 14th fabric channel slot interface without deactivating the F8 front
panel interface. See “Disabling the front panel F8 interface and enabling the slot-14
fabric interface” on page 33.
• Two front panel base backplane 10-gigabit SFP+ interfaces (B1 and B2) that connect
to the base backplane channel. These interfaces can also be configured to operate as
1-gigabit SFP interfaces.
6 01-400-134822-20120216
FortiSwitch-5003B System Guide
http://docs.fortinet.com/
FortiSwitch-5003B system Physical description
• Eight front panel fabric backplane 10-gigabit SFP+ interfaces (F1 to F8) that connect
to the fabric backplane channel. These interfaces can also be configured to operate
as 1-gigabit SFP interfaces.
By default on FortiSwitch-5003B boards with part number P11000-01 and up the F8
interface is activated but it can be deactivated (see “Disabling the front panel F8
interface and enabling the fabric backplane interconnect (slot-1/2)” on page 33).
• One 1-gigabit dedicated management Ethernet interface (MGMT). This interface is for
management purposes only and cannot forward traffic.
• One RJ-45, RS-232 serial console connection (CONSOLE).
• Mounting hardware.
• LED status indicators.
• IEEE 802.1q VLANs.
• IEEE 802.3ad link aggregation (LACP).
• Link aggregation using a hash algorithm based on source and destination IP
addresses.
• Multiple Spanning Tree Protocol (MSTP) (IEEE 802.1s) to support redundant
FortiSwitch-5003B boards and external MSTP-compatible switches.
• Heartbeat between a FortiGate-5000 board and the FortiSwitch-5003B board over the
fabric channel.
• Standard FortiOS web-based manager and command line interface (CLI) for
configuring fabric switch settings (VLANs, MSTP, trunks, and so on).
Physical description
Table 2: FortiSwitch-5003B board physical description
Dimensions
Weight 8.6 lb. (3.9 kg)
Operating Temperature 32 to 104°F (0 to 40°C)
Storage Temperature -13 to 158°F (-35 to 70°C)
Relative Humidity 5 to 90% (Non-condensing)
Power consumption Maximum: 180WDC; Average: 150WDC
Max Current 3.75A
Heat Dissipation 614BTU/h
Front panel components
From the FortiSwitch-5003B font panel you can view the status of the board LEDs to
verify that the board is functioning normally.
The front panel also contains connectors to the fabric and base channels, an out of band
management Ethernet interface, and an RJ-45 RS-232 console port for connecting to the
FortiSwitch-5003B CLI.
1.2 x 11.7 x 13.8 in. (3.1 x 29.6 x 35.1 cm) (Height x Width x
Depth)
FortiSwitch-5003B System Guide
01-400-134822-20120216 7
http://docs.fortinet.com/
Front panel components FortiSwitch-5003B system
Table 3: FortiSwitch-5003B front LEDs
LED State Description
Green Fabric backplane interface is connected at 10 Gbps or
1 Gbps.
Fabric
(1/2 to 14)
Flashing
Green
Network activity at the fabric backplane interface.
Off No link is established.
Green Base backplane interface is connected at 1 Gbps.
Base (1/2 to 14)
Flashing
Green
Network activity at the base backplane interface.
Off No link is established.
Off Normal operation.
OOS
(Out of Service)
Amber A fault condition exists and the FortiSwitch-5003B blade
is out of service (OOS). This LED may also flash very
briefly during normal startup.
PWR (Power) Green The FortiSwitch-5003B board is powered on.
Off The FortiSwitch-5003B board is powered on.
STA (Status)
Flashing
Green
The FortiSwitch-5003B is starting up. If this LED is
flashing at any time other than system startup, a fault
condition may exist.
Off or
Flashing
green
ACC (Disk
activity)
The ACC LED flashes green when the FortiSwitch-5003B
board accesses the flash disk. The flash disk stores the
current firmware build and configuration files. The
system accesses the flash disk when starting up, during
a firmware upgrade, or when an administrator is using
the CLI or GUI to change the FortiSwitch-5003B
configuration. Under normal operating conditions this
LED flashes occasionally, but is mostly off.
SH1
SH2
Not used in the default configuration. See “About the SH1 and SH2
LEDs” on page 9.
Green or
Flashing
Green
Network activity between the FortiSwitch-5003B board
and one of the shelf managers across the chassis
backplane. If the FortiSwitch-5003B board is installed in
chassis slot 1, this LED indicates a connection to shelf
manager 2. If the FortiSwitch-5003B board is installed in
chassis slot 2, this LED indicates a connection to shelf
manager 1.
Green The correct cable is connected to the fabric channel
interface and the connected equipment has power.
F1 to F8
Flashing
Network activity at the fabric channel interface.
Green
Off No link is established.
8 01-400-134822-20120216
FortiSwitch-5003B System Guide
http://docs.fortinet.com/
FortiSwitch-5003B system Front panel components
Table 3: FortiSwitch-5003B front LEDs (Continued)
LED State Description
Green The correct cable is connected to the base channel
interface and the connected equipment has power.
B1 and B2
Flashing
Network activity at the base channel interface.
Green
Off No link is established.
Link/Act
(Left
LED)
Solid
Green
Blinking
Indicates this interface is connected with the correct
cable and the attached network device has power.
Indicates network traffic on this interface.
Green
MGMT
Speed
(Right
LED)
Off No Link
Green Connection at 1 Gbps.
Amber Connection at 100 Mbps.
Off Connection at 10 Mbps.
The unlabeled interface beside the MGMT interface is not used.
Blue The FortiSwitch-5003B is ready to be hot-swapped
(removed from the chassis). If the IPM light is blue and no
other LEDs are lit the FortiSwitch-5003B board has lost
power
IPM
Flashing
Blue
The FortiSwitch-5003B is changing from hot swap to
running mode or from running mode to hot swap. This
happens when the FortiSwitch-5003B board is starting
up or shutting down.
Off Normal operation. The FortiSwitch-5003B board is in
contact with the chassis backplane. (If the chassis does
not contain an operating shelf manager, this LED being
off just indicates normal operation.)
About the SH1 and SH2 LEDs
SH1 and SH2 are base channel interfaces that can be used to connect the
FortiSwitch-5003B board to the chassis shelf managers over the chassis backplane. The
SH1 and SH2 LEDs indicate the status of the connections between the
FortiSwitch-5003B board and the shelf manager.
• In most chassis if a FortiSwitch-5003B board is installed in slot 1 the SH1 LED will
light if the board can communicate with the shelf manager in shelf manager slot 1 and
the SH2 LED will light if the board can communicate with a shelf manager in shelf
manager slot 2.
• In most chassis if a FortiSwitch-5003B board is installed in slot 2 the SH1 LED will
light if the board can communicate with the shelf manager in shelf manager slot 2 and
the SH2 LED will light if the board can communicate with a shelf manager in shelf
manager slot 1.
FortiSwitch-5003B System Guide
01-400-134822-20120216 9
http://docs.fortinet.com/
Front panel components FortiSwitch-5003B system
Whether or not these LEDs are lit depends on the configuration of the SH1 and SH2
interfaces on the FortiSwitch-5003B board, the configuration of the chassis backplane,
the ATCA chassis that the boards are installed in, and if one or both shelf managers are
installed and configured to connect using the backplane or their front panel Ethernet
interfaces.
Fabric channel interfaces
Table 4 lists and describes the FortiSwitch-5003B fabric channel interfaces. You can
configure fabric interface settings, group fabric interfaces into trunks, and configure
Multiple Spanning Tree Protocol (MSTP) for fabric interfaces from the FortiSwitch-5003B
web-based manager or CLI (see “Changing the switch fabric-channel configuration” on
page 34).
Table 4: Fabric channel interfaces
Interface Name
Front
Panel
CLI*
1/2 f8/slot-1/2
3 to 14
F1 to F7
slot-3 to
slot-14
f1 to f7/xchannel
F8 f8/slot-1/2
* You can configure settings for FortiSwitch-5003B fabric interfaces from the
FortiSwitch-5003B CLI. The CLI columns show the names of the interfaces as they
appear on the FortiSwitch-5003B CLI.
Description
Interconnection interface between fabric channels 1 and 2. If
there are two FortiSwitch-5003B boards installed in a chassis
this interface can be used to communicate between them.
This interface shares the same switch port as the front panel
F8 interface and is deactivated by default. The FortiGate5060 fabric backplane is a triply-replicated mesh that results
in additional connections between FortiSwitch-5003B boards
installed in the same chassis. See “More about Fabric
backplane interfaces and chassis slots” on page 11.
Fabric backplane slots 3 to 14.
The 3 to 14 fabric network activity LEDs are lit if there are
FortiGate boards in chassis slots 3 to 14.
Front panel 10-gigabit fabric interfaces F1 to F7.
Use these interfaces to connect your network to the fabric
channel, to connect fabric channel 1 to fabric channel 2, or to
connect a fabric channel on one chassis to a fabric channel
on another chassis.
F7/x-channel can be switched between the F7 interface and
the x-channel interface. By default this interface is set to F7
and the x-channel interface is not normally used.
Front panel interface F8. Fabric backplane interconnection
interface slot 1/2 and front panel interface F8 share the same
FortiSwitch-5003B switch port. By default the front panel
interface F8 is activated and fabric backplane
interconnection interface slot 1/2 is deactivated.
The fabric network activity LEDs show links and network activity for the interfaces and
connections listed in Table 5.
10 01-400-134822-20120216
FortiSwitch-5003B System Guide
http://docs.fortinet.com/
FortiSwitch-5003B system Front panel components
Table 5: Fabric network activity LEDs
Fabric
network
Interface or connection
activity LED
Interconnection interface between fabric channels 1 and 2. This LED is
1/2
lit if there are two FortiSwitch-5003B boards installed in the chassis to
indicate fabric backplane communication between them.
3 to 14
Fabric backplane connection to FortiGate-5000 boards in chassis slots
3 to 14.
More about Fabric backplane interfaces and chassis slots
The FortiSwitch-5003B board supports up to slots for 13 connections to the fabric
backplane. Normally these slots correspond to one connection between switch/hub slots
(slot-1/2) and then 12 more connections to the 12 node slots in an ATCA chassis (slot-3
to slot-14). For example, in a FortiGate-5140-series chassis, slot-3 to slot-14 correspond
to the 12 chassis node slots numbered 3 to 14 (see Table 6).
Table 6: FortiSwitch-5003B backplane mapping with a FortiGate-5140-series chassis
FortiSwitch-5003B Fabric Port
Name
Actual connection in a FortiGate-5140 chassis
slot-1/2 Connection between chassis slot 1 and slot 2.
slot-3 Connection to chassis slot 3.
slot-4 Connection to chassis slot 4.
slot-5 Connection to chassis slot 5.
slot-6 Connection to chassis slot 6.
slot-7 Connection to chassis slot 7.
slot-8 Connection to chassis slot 8.
slot-9 Connection to chassis slot 9.
slot-10 Connection to chassis slot 10.
slot-11 Connection to chassis slot 11.
slot-12 Connection to chassis slot 12.
slot-13 Connection to chassis slot 13.
slot-14 Connection to chassis slot 14.
Normally in a chassis with less than 12 node slots the extra fabric backplane interfaces
are not active. For example, in an ATCA chassis with 5 slots, slot-1/2 provides the
connections between chassis slots 1 and 2 and slot-3 to slot-5 connect to chassis node
slots 3 to 5. In this 5-slot chassis, slot-6 to slot-14 would not be connected (see Table 7).
Table 7: FortiSwitch-5003B backplane mapping with an example 5-slot chassis
FortiSwitch-5003B Fabric Port
Name
slot-1/2 Connection between chassis slot 1 and slot 2.
slot-3 Connection to chassis slot 3.
FortiSwitch-5003B System Guide
01-400-134822-20120216 11
http://docs.fortinet.com/
Actual connection in 5-slot ATCA chassis
Loading...