Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Philippe_ASTIER
New Contributor

LACP to Unifi

Hi all,

 

I've been running a Fortigate 61E in LAG mode (ie: static) on an Edgeswitch for some months now and it has worked well. I never managed to make it work in LACP.

 

Now I'm moving to a Unifi Switch, which only supports LACP, and ... they don't negotiate. Wether I use passive or active, they just won't talk to each other.

 

Any clue ?

1 Solution
brycemd

Pretty sure it was a bug when LAGs were introduced to sub 100 models in 6.2.1. Static LAGs worked but it wouldn't do LACP.

 

The fix may not have made it into 6.4.x

 

According to bug fixes in 6.2.3 they fixed:

 

Aggregate link does not work for LACP mode active for FG-60E internal ports but works for wan1 and wan2 combination.

View solution in original post

9 REPLIES 9
brycemd
Contributor II

What firmware are you on? I remember there was a bug when they introduced LAGs on the lower models that LACP didn't work properly. Pretty sure it was fixed in 6.2.3, but I haven't tested it.

Philippe_ASTIER

Yes, I can remember that (which is most certainly why I went to static on my Edgeswitch). I'm running 6.4.1.

ede_pfau
Esteemed Contributor III

I think it wasn't a bug but ... a missing feature. LACP on desktop models used to be unsupported.

Do you have any debug info on the LACP negos ('diag netlink aggregate name <nameOfTrunk>')?

 

Debugging is documented in the KB: http://kb.fortinet.com/kb/viewContent.do?externalId=FD30542

 


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Philippe_ASTIER

Maybe but it has been supported for some months now. I will try to debug. Thanks for pointing to the doc.

(only issue is that this is on my internal side, so I'm currently forced to debug through serial console).

 

Let me look deeper.

brycemd

Pretty sure it was a bug when LAGs were introduced to sub 100 models in 6.2.1. Static LAGs worked but it wouldn't do LACP.

 

The fix may not have made it into 6.4.x

 

According to bug fixes in 6.2.3 they fixed:

 

Aggregate link does not work for LACP mode active for FG-60E internal ports but works for wan1 and wan2 combination.

Philippe_ASTIER

ok... I did a few tests.

 

They exchange LACPDU and stay in "negotiating". I have tried active, passive, slow, fast, ha-slave enabled or disabled, they keep "negotiating". I'm not a 802.3ad expert, but that sounds wrong. Any output that could provide you with more information ?

 

ede_pfau
Esteemed Contributor III

This is the moment when you have to collect data on the switch side.

"fast" and "slow" is about the exchange rate of BPDUs, so that's not important.

LACP mode either is "active" (FGT negotiating) or "passive" (awaiting negos). Allowed:

act-act

pas-act

act-pas

 

Static is (AFAIR) Cisco legacy mode bonding.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Philippe_ASTIER

Thanks for your help, I opened a support ticket with Fortinet.

bascheew

Did you find a resolution to this?  Trying to help a client get a LAG to work with a Ubiquiti switch as well.  Sounds like the same symptoms.