Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vladimircze
New Contributor III

LACP FGT-Cisco6509 and different aggergator ID

Hello,

we have LACP with two port on each of two nodes of A-A cluster configured. I noticed that etherchannel haves different aggregator ID on Fortigate and act as secondary aggregator also on Cisco (6509E). Each node in FG Cluster configured with their own ether channel. FGT100D-HA1 (root) # diag netlink aggregate name MAINLINK-LACP LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D) (A|P) - LACP mode is Active or Passive (S|F) - LACP speed is Slow or Fast (A|I) - Aggregatable or Individual (I|O) - Port In sync or Out of sync (E|D) - Frame collection is Enabled or Disabled (E|D) - Frame distribution is Enabled or Disabled status: up ports: 2 link-up-delay: 50ms min-links: 1 ha: master distribution algorithm: L4 LACP mode: active LACP speed: slow LACP HA: enable aggregator ID: 1 actor key: 17 actor MAC address: 00:09:0f:ac:98:5e partner key: 101 partner MAC address: ec:30:91:e1:03:40 slave: port3 link status: up link failure count: 0 permanent MAC addr: 00:09:0f:ac:98:5e LACP state: established actor state: ASAIEE actor port number/key/priority: 1 17 255 partner state: ASAIEE partner port number/key/priority: 773 101 32768 partner system: 32768 ec:30:91:e1:03:40 aggregator ID: 1 speed/duplex: 100 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4 slave: port4 link status: up link failure count: 0 permanent MAC addr: 00:09:0f:ac:98:5f LACP state: established actor state: ASAIEE actor port number/key/priority: 2 9 255 partner state: ASAIEE partner port number/key/priority: 1029 101 32768 partner system: 32768 ec:30:91:e1:03:40 aggregator ID: 2 speed/duplex: 100 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4

 

Ports configuration:

FGT100D-HA1 (interface) # ed port4 FGT100D-HA1 (port4) # show config system interface edit "port4" set vdom "ROUTER" set type physical set snmp-index 12 next end FGT100D-HA1 (port4) # next FGT100D-HA1 (interface) # ed port3 FGT100D-HA1 (port3) # show config system interface edit "port3" set vdom "ROUTER" set type physical set snmp-index 10 next end FGT100D-HA1 (port3) # next FGT100D-HA1 (interface) # ed MAINLINK-LACP FGT100D-HA1 (MAINLINK-LACP) # show config system interface edit "MAINLINK-LACP" set vdom "ROUTER" set allowaccess ping capwap set vlanforward enable set type aggregate set member "port3" "port4" set snmp-index 20 next end

 

 

 

Cisco configuration: interface GigabitEthernet3/4 description FORTIGATE-HA1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 6,153-155,210,240,242-247,250,260,270,280 switchport trunk allowed vlan add 291-295,302,303,400-403 switchport mode trunk channel-group 101 mode active end core#sh ru int g4/4 Building configuration... Current configuration : 327 bytes ! interface GigabitEthernet4/4 description FORTIGATE-HA1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 6,153-155,210,240,242-247,250,260,270,280 switchport trunk allowed vlan add 291-295,302,303,400-403 switchport mode trunk channel-group 101 mode active end core#sh etherchannel 101 detail Group state = L2 Ports: 2 Maxports = 16 Port-channels: 2 Max Port-channels = 16 Protocol: LACP Minimum Links: 0 Ports in the group: ------------------- Port: Gi3/4 ------------ Port state = Up Mstr In-Bndl Channel group = 101 Mode = Active Gcchange = - Port-channel = Po101 GC = - Pseudo port-channel = Po101 Port index = 0 Load = 0xFF Protocol = LACP Mode = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode. Local information: LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi3/4 SA bndl 32768 0x65 0x65 0x305 0x3D Partner's information: Partner Partner LACP Partner Partner Partner Partner Partner Port Flags State Port Priority Admin Key Oper Key Port Number Port State Gi3/4 SA bndl 255 0x0 0x11 0x1 0x3D Age of the port in the current state: 19d:09h:03m:08s Port: Gi4/4 ------------ Port state = Up Mstr In-Bndl Channel group = 101 Mode = Active Gcchange = - Port-channel = Po101A GC = - Pseudo port-channel = Po101 Port index = 0 Load = 0xFF Protocol = LACP Mode = LACP Flags: S - Device is sending Slow LACPDUs F - Device is sending fast LACPDUs. A - Device is in active mode. P - Device is in passive mode. Local information: LACP port Admin Oper Port Port Port Flags State Priority Key Key Number State Gi4/4 SA bndl 32768 0x65 0x65 0x405 0x3D Partner's information: Partner Partner LACP Partner Partner Partner Partner Partner Port Flags State Port Priority Admin Key Oper Key Port Number Port State Gi4/4 SA bndl 255 0x0 0x9 0x2 0x3D Age of the port in the current state: 19d:09h:03m:09s Port-channels in the group: ---------------------- Port-channel: Po101 (Primary Aggregator) ------------ Age of the Port-channel = 42d:05h:56m:34s Logical slot/port = 14/26 Number of ports = 1 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = LACP Fast-switchover = disabled Load share deferral = disabled Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------------+------------------+----------- 0 FF Gi3/4 Active 8 Time since last port bundled: 19d:09h:03m:16s Gi3/4 Time since last port Un-bundled: 19d:09h:04m:02s Gi3/4 Port-channel: Po101A ------------ Age of the Port-channel = 19d:09h:03m:19s Logical slot/port = 14/30 Number of ports = 1 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = LACP Fast-switchover = disabled Load share deferral = disabled Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------------+------------------+----------- 0 FF Gi4/4 Active 8 Time since last port bundled: 19d:09h:03m:17s Gi4/4 Last applied Hash Distribution Algorithm: Fixed

 

Anybody know how to fix LACP?

 

1 Solution
emnoc
Esteemed Contributor III

It sounds like your 2 cisco ports switches are not correct in neg-LACP.

 

 Qs: are these switchports on the same switch ( VSS or standalone ) same blade ( looks like it's not )

 Qs: did you search for bugs issues on the IOS train your running pertaining to LACP

 Qs: did you check anything on FortiOS for your FortiOS ( what version are you running )

 Qs:  if you restart  LACP does anything change  ( Down and re-UP one interface at a time )

 

As temp, can you move port 3/4 4/4 on the same blade and see what happens , does the status change.  ( and yes you don't want to  leave this as a final solution ;) )

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
3 REPLIES 3
emnoc
Esteemed Contributor III

It sounds like your 2 cisco ports switches are not correct in neg-LACP.

 

 Qs: are these switchports on the same switch ( VSS or standalone ) same blade ( looks like it's not )

 Qs: did you search for bugs issues on the IOS train your running pertaining to LACP

 Qs: did you check anything on FortiOS for your FortiOS ( what version are you running )

 Qs:  if you restart  LACP does anything change  ( Down and re-UP one interface at a time )

 

As temp, can you move port 3/4 4/4 on the same blade and see what happens , does the status change.  ( and yes you don't want to  leave this as a final solution ;) )

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
vladimircze
New Contributor III

Hi, thanks for questions.

A: yes, switch ports on same standalone switch. But on different blades due to redundancy.

A: not yet searched, but we have number of LACP with linux/windows servers, dell/hp swithces, cisco stacked switches - all of them working without problem,

A: no any release notes (we are on 5.2.7). Support ticket created but no any update for last 3 days.

A: I will check with connection to slave FGT member for avoid possible production impact.

 

Vladimir.

vladimircze

Hi,

 

I tired to restart one port from LAG on slave and got positive results - both ports are belongs to same aggregator ID.

 

Looks like some negotiation problem forced to split LAG into two different sub-LAG :)

 

Thanks. Vladimir.

 

PS: I will do same with master unit on next week (maintenance window).

 

Labels
Top Kudoed Authors