Networking – Link Aggregation and Redundancy

redundancy

We have two managed switches (Draytek VigorSwitch P2261) in our (small) office. They are connected to each other with two ports (LACP).

We have four access points which provide plenty of coverage in our office, two of which are plugged into the first switch and two in the other. For redundancy, I'd like our network to continue operating if one of the switches dies (or is taking down for maintenance) but that would require both the switches to be connected to our router (Fortigate 60D). The little I know about networking tells me it's unlikely that just plugging both the switches into the router will work. (This lack of knowledge also made it hard for me to know what to search for, so my apologies if this is already answered somewhere)

So basically, my question is how can I achieve this? Or is it even possible?

Schematically, this is what I want to try to achieve:

          /---------- Switch 1
         /              |   |
Router  <               |   |
         \              |   |
          \---------- Switch 2

* edit *
Trying to make the question clearer:

The router/firewall in this case is just an example device, another device could be a NAS with at least two network ports for example. Ideally I would like to plug any LACP device with two ports into both switch 1 and 2 instead of both in the same switch. I've not been able to find out whether something like that is possible or not or if there is some other mechanism/protocol that allows you to do so.

Best Answer

There are many solutions to achieve redundancy on the first hop (Router). Normally one would use two routers which make use of a FHRP (First Hop Redundancy Protocol) like HSRP (Cisco-Propretary) or VRRP (open standard). A virtual ip address would be assigned to one of two routers and in case of failure a failover would occur and the standby router would take over the VIP.

Since in your case you have a firewall and not a router your solutions will differ. You only have one firewall in your disposal and want to connect it redundant to both your switches.

Many firewall vendors offer a "redundant" interface option. A secondary link may be connected to another switch and in case of the primary link going down a failover to the backup link would occur.

You may want to check your software version, FortiGate supports this feature http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/interfaces.100.12.html

Related Topic