Technical Tip: How to setup an aggregated interface (LACP protocol) on FortiManager / FortiAnalyzer

Description

 

This article describes the LACP protocol and the setup and troubleshooting steps under FortiManager and FortiAnalyzer.

 

Scope

 

FortiManager 7.2.0 or above.

FortiAnalyzer 6.4.9, 7.0.3 or above.

 

Solution

 

LACP: Link Aggregation Control Protocol (LACP) provides a method to control the bundling of several physical links together to form a single logical link.

• Maximum number of bundled ports allowed in the port channel: Valid values are usually from 1 to 8.
• LACP packets are sent with multicast group MAC address 01:80:C2:00:00:02.
• During the LACP detection period: LACP packets are transmitted every second, a keep-alive mechanism for link members: (default: slow = 30s, fast=1s).

 

There are two options for setting up the aggregate interface:

 

Under GUI:

 

Go to System Settings -> Network -> Create New.

 

•  Under CLI:

 

config system interface

    edit <port>

        (LACPINT1)# set ?

 status            Interface status.

*ip                IP address of interface.

 allowaccess       Allow management access to interface.

 serviceaccess     Allow service access to interface.

 speed             Speed.

 description       Description.

 alias             Alias.

 mtu               Maximum transportation unit(68 - 9000).

 type              Interface type.

 lacp-speed        How often the interface sends LACP messages.

 min-links         Minimum number of aggregated ports that must be up.

 min-links-down    Action to take when less than the configured minimum number of active links.

 link-up-delay     Number of milliseconds to wait before considering a link is up

        (LACPINT1)# config ?

 member    Physical interfaces that belong to the aggregate or redundant interface.

 ipv6      IPv6 of the interface.                    

         config member

             edit <interface-name>

             next

             edit <interface-name>

             next

         end

end    

 

Troubleshooting commands.

 

Related documents:

Diagnose fmnetwork interface list

Execute ping

 

diagnose fmnetwork arp list

 

Packet capture.

 

Related documents:
GUI.
CLI.

 

Note: When the interface is created, changing the protocol type from slow to fast or vice versa will not change the current type. Deleting and recreating the interface is the only option.

 

Example:

 

In this example the minimum of commands to setup the aggregated interface will be used:

 

fmg-1 # config system interface

    (interface) edit LACPINT1

new entry 'LACPINT1' added

        (LACPINT1) set type aggregate

        (LACPINT1) config member

            (member) edit port3

new entry 'port3' added

            (port3) next

            (member) edit port4

new entry 'port4' added

        (port4) end

    (LACPINT1) set ip "10.10.10.10/24"

        (LACPINT1) get   <- To review the current setup.

name                : LACPINT1

status              : enable

ip                  : 10.10.10.10 255.255.255.0

allowaccess         : ping https ssh snmp

serviceaccess       :

speed               : auto

description         : (null)

alias               : (null)

mtu                 : 1500

type                : aggregate

member:

    == [ port3 ]

    interface-name: port3           

    == [ port4 ]

    interface-name: port4           

lacp-mode           : active

lacp-speed          : fast

min-links           : 1

min-links-down      : operational

link-up-delay       : 500

ipv6:

    ip6-address: ::/0           ip6-allowaccess:            ip6-autoconf: enable   

 

(LACPINT1) end            <- To save the configuration.

 

To confirm the link statistics/details use these commands:

 

fmg-1 # diagnose fmnetwork interface list

LACPINT1  Link encap:Ethernet  HWaddr 04:D5:90:75:5F:D2 <-

          inet addr:10.10.10.10  Bcast:10.10.10.255  Mask:255.255.255.0

          inet6 addr: fe80::6d5:90ff:fe75:5fd2/64 Scope:Link

          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1

          RX packets:49 errors:0 dropped:0 overruns:0 frame:0

          TX packets:55 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:5682 (5.5 KiB)  TX bytes:6000 (5.8 KiB)

 

Use ping to confirm the link is up and can reach the neighbor/s.

 

fmg-1 # execute ping 10.10.10.11

PING 10.10.10.11 (10.10.10.11): 56 data bytes

64 bytes from 10.10.10.11: seq=0 ttl=64 time=6.704 ms

 

fmg-1 # diagnose fmnetwork arp list

index=2 ifname=port2 10.109.21.220 00:6a:6f:6b:31:03 state=00000002 use=79020 confirm=0 update=79020 ref=1

index=1 ifname=lo 0.0.0.0 00:00:00:00:00:00 state=00000040 use=405807 confirm=0 update=405807 ref=0

index=2 ifname=port2 10.109.31.254 00:09:0f:09:c6:23 state=00000002 use=5214 confirm=3180 update=4978 ref=1

index=12 ifname=LACPINT1 10.10.10.11 04:d5:90:75:5f:f2 state=00000004 use=46081 confirm=46081 update=42738 ref=0

 

The ARP list is showing which interface is used to make the connection between both devices.

 

The packet capture on the physical interface provides the information that is exchanged between the LACP neighbors. The packet capture under the aggregated interface will show the ICMP and ARP requests made.

 

 

 

Related Articles:

Technical Tip: Creating a VLAN interface on FortiManager and FortiAnalyzer

Docs: interface.
Docs: Aggregate links.