[FortiGate] How to configure link aggregation

Firewall (UTM)

Work environment

  • FortiGate-60E
    • version 7.0.6

Link Aggregation in FortiGate

Link aggregation can be configured with FortiGate, and modes can be selected from static, passive, and active.

FortiGate-60E (LAG01) # set lacp-mode
static     Use static aggregation, do not send and ignore any LACP messages.
passive    Passively use LACP to negotiate 802.3ad aggregation.
active     Actively use LACP to negotiate 802.3ad aggregation.

Link aggregation can be configured using both GUI and CLI, but mode settings can only be performed using CLI. The mode setting defaults to active.

Creating an aggregate interface

example environment

When configuring link aggregation, you need to create an aggregate interface.

When configuring with CLI, configure with the following command.

config system interface
    edit "LAG01"
        set vdom "root"
        set type aggregate
        set member "internal6" "internal7"
        set role lan
        set lacp-mode active
    next
end

  • Setting vdom is mandatory.
  • Set type to aggregate.
  • member specifies the member interfaces separated by spaces
  • Specify the link aggregation mode for lacp-mode.

IP address setting for aggregate interface

The IP address setting method for aggregate interface is the same as the IP address setting method for normal interfaces.

config system interface
    edit "LAG01"
       set mode static
       set ip 10.1.1.254 255.255.255.0
    next
end

Checking link aggregation status

  • diagnose netlink aggregate name <Aggregate interface name>
FortiGate-60E # diagnose netlink aggregate name LAG01
LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled

status: up
npu: y
flush: n
asic helper: y
oid: 73
ports: 2
link-up-delay: 50ms
min-links: 1
ha: master
distribution algorithm: L4
LACP mode: active
LACP speed: slow
LACP HA: enable
aggregator ID: 2
actor key: 9
actor MAC address: e8:1c:ba:ec:5e:e6
partner key: 1
partner MAC address: 00:22:0c:be:7a:80

slave: internal6
  index: 0
  link status: up
  link failure count: 1
  permanent MAC addr: e8:1c:ba:ec:5e:e6
  LACP state: established
  actor state: ASAIEE
  actor port number/key/priority: 1 9 255
  partner state: ASAIEE
  partner port number/key/priority: 7 1 32768
  partner system: 34752 00:22:0c:be:7a:80
  aggregator ID: 2
  speed/duplex: 100 1
  RX state: CURRENT 6
  MUX state: COLLECTING_DISTRIBUTING 4

slave: internal7
  index: 1
  link status: up
  link failure count: 0
  permanent MAC addr: e8:1c:ba:ec:5e:e7
  LACP state: established
  actor state: ASAIEE
  actor port number/key/priority: 2 9 255
  partner state: ASAIEE
  partner port number/key/priority: 8 1 32768
  partner system: 34752 00:22:0c:be:7a:80
  aggregator ID: 2
  speed/duplex: 100 1
  RX state: CURRENT 6
  MUX state: COLLECTING_DISTRIBUTING 4

Firewall policy settings

Configure firewall policies to allow communication through aggregate interfaces.

Note that you specify aggregate interfaces for Incoming Interface/Outgoing Interface. Others are the same as regular firewall policy settings.

FortiGate Mastery Web Book
Getting Started with FortiGate How to access the GUI of factory default FortiGate Basic knowledge about configuration co...
network-knowledge.work
2021.11.01
スポンサーリンク

Comments

Copied title and URL