Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
technician
New Contributor

link aggregation using port 15 and port 16

Hi, I was asked to cascade the port 16 or a Fortigate 200D to a Csico 2960-X L2 switch. Now my boss wants me to have a backup of port 15 in case port 16 goes down. So from ports 15 and 16 going to ports 23-24 of the Cisco 2960-X switch. I followed the following articles for me to link aggregate the 2 ports. 

http://kb.fortinet.com/kb/documentLink.do?externalID=FD30542

https://forum.fortinet.com/tm.aspx?m=106460

 

but in my cisco switch, it still shows that 

LACP is currently not enabled on remote ports. Am I imssing something here?

 

Thanks

Jeff

8 REPLIES 8
Nils
Contributor II

Try to set the Fortigate as Active in LACP.

Both can be configured as active.

technician

I'm not sure if I get it right but I think based on the article Ive followed it was set in active, unless I've missed something or other commands needed

Thanks

Jeff

hklb

Maybe with a copy of your interface configuration (fortinet and cisco), it will be easier to find this issue..

emnoc
Esteemed Contributor III

agreed  and cli diagnostic commands will show you what and if you have the  LACP aggregate built correct;

 

(cli)

diag netlink aggregate  name  <AE interface name>

 

PCNSE 

NSE 

StrongSwan  

technician

Hi, apologies for the incomplete info. Basically for the cisco switch, yesterday I removed the settings on ports 23 and 24, so I might not be able to post it here but same as the settings on the article I've mentioned above, same config. 

 

https://forum.fortinet.com/tm.aspx?m=106460

 

int range gi 1/0/1-2 no shut switchport channel-group 10 mode active channel-protocol lacp

 

As for the Fortinet, below is my config:

 

FG200D3916802531 # show system interface LINK_TO_CISCO 
config system interface
 edit "LINK_TO_CISCO"
 set vdom "root"
 set type aggregate
 set member "port15" "port16"
 set description "LINK_TO_CISCO"
 set snmp-index 8
 next
end

 

Thanks

Jeff

Nils

Don't you have this command?

set lacp-mode active

 

/ N

emnoc
Esteemed Contributor III

Did you execute the diagnostic commands? Are you on the master or slave if you have a HA pair? if you have a HA pair , on the slave you need to set the  lacp operations"

 

 

e.g 

 

 

config system interface

    edit "AE01"

        set description "AggrEthernet-to JNPREX01"

        set vdom "root"

        set type aggregate

        set lacp-ha-slave enable

        set member "port9" "port10"

    next

end

 

 

PCNSE 

NSE 

StrongSwan  

Sparta_FTNT