Work environment
- FortiGate-60E
- version 7.0.6
Link Aggregation in FortiGate
Link aggregation can be configured with FortiGate, and modes can be selected from static, passive, and active.
FortiGate-60E (LAG01) # set lacp-mode
static Use static aggregation, do not send and ignore any LACP messages.
passive Passively use LACP to negotiate 802.3ad aggregation.
active Actively use LACP to negotiate 802.3ad aggregation.Link aggregation can be configured using both GUI and CLI, but mode settings can only be performed using CLI. The mode setting defaults to active.
Creating an aggregate interface
When configuring link aggregation, you need to create an aggregate interface.
When configuring with CLI, configure with the following command.
config system interface
edit "LAG01"
set vdom "root"
set type aggregate
set member "internal6" "internal7"
set role lan
set lacp-mode active
next
end- Setting vdom is mandatory.
- Set type to aggregate.
- member specifies the member interfaces separated by spaces
- Specify the link aggregation mode for lacp-mode.
IP address setting for aggregate interface
The IP address setting method for aggregate interface is the same as the IP address setting method for normal interfaces.
config system interface
edit "LAG01"
set mode static
set ip 10.1.1.254 255.255.255.0
next
endChecking link aggregation status
diagnose netlink aggregate name <Aggregate interface name>
FortiGate-60E # diagnose netlink aggregate name LAG01
LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled
status: up
npu: y
flush: n
asic helper: y
oid: 73
ports: 2
link-up-delay: 50ms
min-links: 1
ha: master
distribution algorithm: L4
LACP mode: active
LACP speed: slow
LACP HA: enable
aggregator ID: 2
actor key: 9
actor MAC address: e8:1c:ba:ec:5e:e6
partner key: 1
partner MAC address: 00:22:0c:be:7a:80
slave: internal6
index: 0
link status: up
link failure count: 1
permanent MAC addr: e8:1c:ba:ec:5e:e6
LACP state: established
actor state: ASAIEE
actor port number/key/priority: 1 9 255
partner state: ASAIEE
partner port number/key/priority: 7 1 32768
partner system: 34752 00:22:0c:be:7a:80
aggregator ID: 2
speed/duplex: 100 1
RX state: CURRENT 6
MUX state: COLLECTING_DISTRIBUTING 4
slave: internal7
index: 1
link status: up
link failure count: 0
permanent MAC addr: e8:1c:ba:ec:5e:e7
LACP state: established
actor state: ASAIEE
actor port number/key/priority: 2 9 255
partner state: ASAIEE
partner port number/key/priority: 8 1 32768
partner system: 34752 00:22:0c:be:7a:80
aggregator ID: 2
speed/duplex: 100 1
RX state: CURRENT 6
MUX state: COLLECTING_DISTRIBUTING 4Firewall policy settings
Configure firewall policies to allow communication through aggregate interfaces.
Note that you specify aggregate interfaces for Incoming Interface/Outgoing Interface. Others are the same as regular firewall policy settings.
Comments