Created on 12-14-2021 12:44 AM Edited on 03-27-2024 07:35 AM By Jean-Philippe_P
Description
This article describes the expected topologies with LACP bundles in a FortiGate HA cluster.
Scope
FortiGate.
Solution
It is a question that is often asked when LACP connections to the local switches are not coming up as expected.
These are the most common and expected topologies (valid for both A-P and A-A clusters), while the most common mistakes are shown below.
Note: If the switches are deployed in MCLAG topology, the dual-homed connection for LACP will work, and each FortiGate will have its own LACP bundle.
Reference: Deploying MCLAG topologies | FortiSwitch 7.4.2 | Fortinet Document Library
Note: For version 7.2.1 onwards, lacp-ha-slave has been replaced with lacp-ha-secondary.
When it comes to LACP, each unit must have its own LACP bundle on the switch.
HA with 802.3ad aggregate interfaces
'Link aggregation, HA failover performance, and HA mode'.
Related documents:
Technical Tip: High Availability basic deployment design
HA with 802.3ad aggregate interfaces
Technical Tip: Initial troubleshooting steps for LACP (Link Aggregation - 802.3ad)
Technical Tip: HA Cluster virtual MAC addresses
Troubleshooting Tip: Verifying physical and HA Virtual MAC addresses of FortiGate interfaces
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.