HA cluster: duplicate MAC address of cluster MAC in different VLANs

Question

Hello,I have problems with a cluster after adding an additional VLAN (106) to an aggregated interface:[ul] setup: FortiGate 311B, routed, active-active cluster running FortiOS 5.2.13The cluster member A is connected with 4x 1Gbit/s ports to switch SThe cluster member B is connected with 4x 1Gbit/s port to switch S, aswellFailover is running great. When A gets down. B keeps the connectionsOn the cluster I configured the 4x 1Gbit/s with LACP, i.e.:[/ul]     edit "LACP-Port2"         set vdom "root"         set ip 10.41.1.1 255.255.255.0         set allowaccess ping https ssh snmp fgfm         set type aggregate         set member "port5" "port6" "port7" "port8"         set device-identification enable This is the first VLAN I added to the "LACP-Port2":     edit "vlan106"         set vdom "root"         set dhcp-relay-service enable         set ip 10.41.106.1 255.255.255.0         set allowaccess ping         set subst enable         set snmp-index 15         set interface "LACP-Port2"         set vlanid 106   Let´s look at switch S. It show the same cluster mac-address from the (master cluster) member A and the (slave cluster) member B on different VLANs: 0009-0f09-0005 1        Learned        Bridge-Aggregation3      AGING 0009-0f09-0005 106      Learned        Bridge-Aggregation3      AGING  0009-0fd1-8da7 1        Learned        Bridge-Aggregation2      AGING 0009-0fd1-8da7 246      Learned        Bridge-Aggregation2      AGING  Can someone explain why this happens at all? RegardsMichael

romanr · Answer

Hi,

A Fortigate will always use the MAC address of the parent interface for all VLAN sub-interfaces. For standalone operation as well as for virtual cluster MAC addresses.

Where do you encounter a problem - a MAC address has only to be unique in a broadcast domain...

Br,

Roman

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded