This article describes a glimpse of the configuration of LACP between the FortiGate firewall and Cisco Switch.
FortiOs.
The Topology setup is as follow:
Here the FortiGate is in an Active-Passive Setup and there is a VPC setup between the Cisco Switch.
LACP configuration on FortiGate Side:
config system interface
edit "LACP-X1-X2"
set vdom "root"
set type aggregate
set member "x2" "x1" --> Here it is selected X1, X2 port to be part of LAG.
set alias "SW_Uplink"
set device-identification enable
set lldp-reception enable
set lldp-transmission enable
set role lan
set snmp-index 12
set lacp-mode active
next
end
Since the FortiGate is in HA the same config will get synced with the Slave device.
LACP configuration on the Cisco Side:
Create the port channel:
interface port-channel1
description Fortigate-Uplink
switchport
switchport mode trunk
vpc 1
interface port-channel2
description Fortigate-Sec-Uplink
switchport
switchport mode trunk
vpc 2
Mapped the interface into the port channel:
interface Ethernet1/1/1
switchport
switchport mode trunk
channel-group 1 mode active
no shutdown
interface Ethernet1/1/2
switchport
switchport mode trunk
channel-group 2 mode active
no shutdown
Verify the LACP status on FortiGate and Cisco
Cisco Side:
sh port-channel summary
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
1 Po1(SU) Eth LACP Eth1/1/1(P)
2 Po2(SU) Eth LACP Eth1/1/2(P)
Note:
P - Up in port-channel (members)
FortiGate Side:
diag netlink aggregate name LACP-X1-X2
status: up
npu: y
flush: n
asic helper: y
oid: 82
ports: 2
link-up-delay: 50ms
min-links: 1
ha: master
distribution algorithm: L4
LACP mode: passive
LACP speed: slow
LACP HA: enable
aggregator ID: 1
slave: x1
index: 0
link status: up
LACP state: established
slave: x2
index: 0
link status: up
LACP state: established
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.