Description
This article describes the behavior of LACP in an HA cluster.
Scope
FortiGate in HA.
Solution
The scenario is described as follows:
An aggregate link (LACP) is configured on both devices acting one as Master and the other one as Slave (Active - Passive mode). The aggregate link is comprised of the master's designated interfaces and an equal number of the slave's interfaces.
By default, in this configuration, it is not permitted for the Slave to participate in the LACP negotiation. In case it would be permitted and taking into account that the MAC address assigned to the cluster is the same for both members, then the HA could not work. This situation also applies to an HA cluster in Active–Active mode.
To prevent the Slave from participating in the LACP negotiation, apply the following commands:
config system interface
edit <aggregate-interface-name>
set lacp-ha-slave disable <-
next
end
With this configuration, the subordinate unit's interfaces cannot accept any packets. As a consequence, a failover will take more time because the slave unit must perform an LACP negotiation before being able to receive and process packets.
Note:
For version 7.2.1, lacp-ha-slave has been replaced with lacp-ha-secondary.
