This article describes the LACP protocol and the setup and troubleshooting steps under FortiManager and FortiAnalyzer.
FortiManager 7.2.0 or above.
FortiAnalyzer 6.4.9, 7.0.3 or above.
LACP: Link Aggregation Control Protocol (LACP) provides a method to control the bundling of several physical links together to form a single logical link.
There are two options for setting up the aggregate interface:
Under GUI:
Go to System Settings -> Network -> Create New.
config system interface
edit <port>
(LACPINT1)# set ?
status Interface status.
*ip IP address of interface.
allowaccess Allow management access to interface.
serviceaccess Allow service access to interface.
speed Speed.
description Description.
alias Alias.
mtu Maximum transportation unit(68 - 9000).
type Interface type.
lacp-speed How often the interface sends LACP messages.
min-links Minimum number of aggregated ports that must be up.
min-links-down Action to take when less than the configured minimum number of active links.
link-up-delay Number of milliseconds to wait before considering a link is up
(LACPINT1)# config ?
member Physical interfaces that belong to the aggregate or redundant interface.
ipv6 IPv6 of the interface.
config member
edit <interface-name>
next
edit <interface-name>
next
end
end
Troubleshooting commands.
Related documents:
Diagnose fmnetwork interface list
diagnose fmnetwork arp list
Packet capture.
Note: When the interface is created, changing the protocol type from slow to fast or vice versa will not change the current type. Deleting and recreating the interface is the only option.
Example:
In this example the minimum of commands to setup the aggregated interface will be used:
fmg-1 # config system interface
(interface) edit LACPINT1
new entry 'LACPINT1' added
(LACPINT1) set type aggregate
(LACPINT1) config member
(member) edit port3
new entry 'port3' added
(port3) next
(member) edit port4
new entry 'port4' added
(port4) end
(LACPINT1) set ip "10.10.10.10/24"
(LACPINT1) get <- To review the current setup.
name : LACPINT1
status : enable
ip : 10.10.10.10 255.255.255.0
allowaccess : ping https ssh snmp
serviceaccess :
speed : auto
description : (null)
alias : (null)
mtu : 1500
type : aggregate
member:
== [ port3 ]
interface-name: port3
== [ port4 ]
interface-name: port4
lacp-mode : active
lacp-speed : fast
min-links : 1
min-links-down : operational
link-up-delay : 500
ipv6:
ip6-address: ::/0 ip6-allowaccess: ip6-autoconf: enable
(LACPINT1) end <- To save the configuration.
To confirm the link statistics/details use these commands:
fmg-1 # diagnose fmnetwork interface list
LACPINT1 Link encap:Ethernet HWaddr 04:D5:90:75:5F:D2 <-
inet addr:10.10.10.10 Bcast:10.10.10.255 Mask:255.255.255.0
inet6 addr: fe80::6d5:90ff:fe75:5fd2/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:55 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5682 (5.5 KiB) TX bytes:6000 (5.8 KiB)
Use ping to confirm the link is up and can reach the neighbor/s.
fmg-1 # execute ping 10.10.10.11
PING 10.10.10.11 (10.10.10.11): 56 data bytes
64 bytes from 10.10.10.11: seq=0 ttl=64 time=6.704 ms
fmg-1 # diagnose fmnetwork arp list
index=2 ifname=port2 10.109.21.220 00:6a:6f:6b:31:03 state=00000002 use=79020 confirm=0 update=79020 ref=1
index=1 ifname=lo 0.0.0.0 00:00:00:00:00:00 state=00000040 use=405807 confirm=0 update=405807 ref=0
index=2 ifname=port2 10.109.31.254 00:09:0f:09:c6:23 state=00000002 use=5214 confirm=3180 update=4978 ref=1
index=12 ifname=LACPINT1 10.10.10.11 04:d5:90:75:5f:f2 state=00000004 use=46081 confirm=46081 update=42738 ref=0
The ARP list is showing which interface is used to make the connection between both devices.
The packet capture on the physical interface provides the information that is exchanged between the LACP neighbors. The packet capture under the aggregated interface will show the ICMP and ARP requests made.
Related Articles:
Technical Tip: Creating a VLAN interface on FortiManager and FortiAnalyzer
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.