Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FGFan
New Contributor

LACP fortigate - Cisco switch

I have configured LACP link (2 port) on Cisco 3560 and FG310B, everything seem be fine, but when I put traffic on this LACP link, traffic just rided on one physical link, when I shutdown one port of LACP, traffic switch to another. It didn't load share!

Do I have to config somthing futher on Fortigate ?

1 Solution
Nils

When you did your tests, did you generate traffic from one host to another, or multiple to multiple?

If you've got one source/destination ip-address then the traffic will only use one link.

If you got multiple streams of traffic to/from different hosts, then it should load balance between the physical links.

View solution in original post

4 REPLIES 4
FortiRack_Eric
New Contributor III

cisco fortinet LACP is pretty straightforward,  you can diagnose the status of the LACP on the fortigate with

command below and output of one of my units. LACP flags should be remote and local the same. Fyi the name of my trunk is trunk. :)

 

dia netlink aggregate name trunk LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D) (A|P) - LACP mode is Active or Passive (S|F) - LACP speed is Slow or Fast (A|I) - Aggregatable or Individual (I|O) - Port In sync or Out of sync (E|D) - Frame collection is Enabled or Disabled (E|D) - Frame distribution is Enabled or Disabled

status: up npu: y flush: y asic helper: n oid: 7 ports: 2 link-up-delay: 50ms min-links: 1 ha: master distribution algorithm: L4 LACP mode: active LACP speed: slow LACP HA: enable aggregator ID: 2 actor key: 17 actor MAC address: 08:5b:0e:bb:10:2f partner key: 2 partner MAC address: 2c:3f:38:a8:94:80

slave: port1 link status: up link failure count: 2 permanent MAC addr: 08:5b:0e:bb:10:2f LACP state: established actor state: ASAIEE actor port number/key/priority: 1 17 255 partner state: ASAIEE partner port number/key/priority: 305 2 32768 partner system: 32768 2c:3f:38:a8:94:80 aggregator ID: 2 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4

slave: port2 link status: up link failure count: 2 permanent MAC addr: 08:5b:0e:bb:10:34 LACP state: established actor state: ASAIEE actor port number/key/priority: 2 17 255 partner state: ASAIEE partner port number/key/priority: 304 2 32768 partner system: 32768 2c:3f:38:a8:94:80 aggregator ID: 2 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
FGFan

Thank for your answer, dear Eric, but I don't really understand your mean. I did the command you advise and get something seem ok. Could you please advise me what I should to check ?

Here are output informations (my trunk is LACP_TEST)

FG300B3909605039 # diagnose netlink aggregate name LACP_TEST LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D) (A|P) - LACP mode is Active or Passive (S|F) - LACP speed is Slow or Fast (A|I) - Aggregatable or Individual (I|O) - Port In sync or Out of sync (E|D) - Frame collection is Enabled or Disabled (E|D) - Frame distribution is Enabled or Disabled status: up npu: y oid: 7 ports: 2 distribution algorithm: L4 LACP mode: active LACP speed: slow LACP HA: enable aggregator ID: 1 actor key: 17 actor MAC address: 00:09:0f:d2:bf:9d partner key: 1 partner MAC address: 64:ae:0c:34:25:80 slave: port3   link status: up   link failure count: 1   permanent MAC addr: 00:09:0f:d2:bf:9d   LACP state: established   actor state: ASAIEE   partner state: ASAIEE   aggregator ID: 1 slave: port4   link status: up   link failure count: 1   permanent MAC addr: 00:09:0f:d2:bf:9c   LACP state: established   actor state: ASAIEE   partner state: ASAIEE   aggregator ID: 1

FortiRack_Eric
New Contributor III

So the LACP is fine, we've established that.  

The load balance algorithm is L4, based on that it should divide traffic between the members. 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Nils

When you did your tests, did you generate traffic from one host to another, or multiple to multiple?

If you've got one source/destination ip-address then the traffic will only use one link.

If you got multiple streams of traffic to/from different hosts, then it should load balance between the physical links.

Labels
Top Kudoed Authors