Link Aggregation for Physical Interfaces with VLAN Subinterfaces

Forum|Forum|13 years ago
February 25, 2013
11 replies
30431 views

I am in the process of designing a HA environment with four VLANS, two redundant fortigate 200b' s (in NAT/Route mode), and two stacked switches. The Fortigates would serve as the default gateway for each VLAN, with subinterfaces defined for each, and be configured with HA in Active/Passive mode. I would like to integrate a full mesh topology to eliminate single points of failure between the switches and the Fortigates. My question is, is it possible to combine two physical interfaces on the fortigate 200B into one logical interface with VLAN subinterfaces, IE NIC Teaming or link aggregation? Ideally, I' d like to combine interfaces 13 and 14 on each Fortigate and create subinterfaces for each of the VLANs, so I can physically connect each interface to a different physical switch. Is it possible to achieve what I am describing? If NIC teaming or aggregation isn' t an option, what' s the best way to achieve full redundancy with two Fortigate' s and two switches with multiple vlans? Thanks in advance!

Carl_Wallmark

New Member

Hi and welcome, Thats no problem, Interfaces 13-16 support link aggregation or redundant interfaces.

emnoc

New Member

Ideally, I' d like to combine interfaces 13 and 14 on each Fortigate and create subinterfaces for each of the VLANs, so I can physically connect each interface to a different physical switch.

If I can chime in here, you can' t do that unless you have; A cisco VSS/VPc solution A pair of cisco stack or other vendor stack switches or some other devices that support multichassis-ether-channel ( MEC )

cfinnAuthor

New Member

Interfaces 13-16 support link aggregation or redundant interfaces.

If I can chime in here, you can' t do that unless you have; A cisco VSS/VPc solution A pair of cisco stack or other vendor stack switches or some other devices that support multichassis-ether-channel ( MEC )

Thank you both for the replies. We will be using a pair of stacked Cisco 3750x switches. If I' m understanding you correctly, I' ll need to create a etherchannel port group for the two ports that will connect to the Fortigate? Is there any additional configuration I' ll need on the switches (besides VLAN configuration, port assignment, etc)? I' m not familiar with Cisco VSS/VPC...is that required in addition to the switch stack? Thank you again for the help.

Carl_Wallmark

New Member

Yes that is correct.

emnoc

New Member

No if you want redundancey, just pick 2 like-as ports one on each stack member and added then to the FGT. This is common on the 3750E/G/X models of the cisco stacking models.

cfinnAuthor

New Member

No if you want redundancey, just pick 2 like-as ports one on each stack member and added then to the FGT. This is common on the 3750E/G/X models of the cisco stacking models.

Thanks, that makes sense...I' m also assuming that the switch ports will need to be configured as 802.11Q trunks, in order to pass VLAN IDs to the fortigate, correct?

emnoc

New Member

Will ... yes. But you actually configured the port-channel interface. interface port 10 switchport switch trunk allow vlan 10,23,30-40,50,66 description gig 1/1+ gi 2/1 to FGT200B-fw1 port 13+14 ! ! int range gi 1/1, 1/2 no shut channel-group 10 mode active channel-protocol lacp ! !

Silver

New Member

Hi Everyone, I want to setup a full mesh HA with link aggregation refer to the attached diagram. And I want to create sub interface for intervlan routing on the FGT link aggregation itself will it possible. The HA will work as active and passive. And both link aggregation both FGT will need to be in two different group or single group for both. what i mean from SW1 port 1 connect to FGT 1 port 1 in group 1 and from SW2 port 1 connect to FGT 1 port 2 in group 1 and for SW2 port 2 connect to FGT 2 group 2 and SW1 port 2 connect to FGT 2 port 2 group 2

Db84808.jpg

Silver

New Member

Any feedback plz

Silver

New Member

Any feedback plz

Silver

New Member

any feedback plz

Silver

New Member