Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rohitchoudhary1978
New Contributor III

Created on ‎08-23-2020 04:26 AM

Cisco c2960 switches to Fotigate 400e in HA aggregation

Hi, Need urgent attention with an issue related to trunking aggregated ports in criss-cross HA environment. I am sharing below configs from cisco c2960 switch1 and cisco c2960 switch 2 with on the firewall fortigate 400E with ports 9,10,11,12 in 802.3ad aggregate. Switch C2960 -1   interface GigabitEthernet1/0/33  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate  channel-protocol lacp  channel-group 11 mode active ! interface GigabitEthernet1/0/34  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate  channel-protocol lacp  channel-group 11 mode active ! interface GigabitEthernet1/0/35  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate  channel-protocol lacp  channel-group 12 mode active ! interface GigabitEthernet1/0/36  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate  channel-protocol lacp  channel-group 12 mode active      and portchannel 11 and 12 config as below :      interface Port-channel11  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate ! interface Port-channel12  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate            Switch C2960 - 2      interface GigabitEthernet1/0/33  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate  channel-protocol lacp  channel-group 11 mode active ! interface GigabitEthernet1/0/34  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate  channel-protocol lacp  channel-group 11 mode active ! interface GigabitEthernet1/0/35  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate  channel-protocol lacp  channel-group 12 mode active ! interface GigabitEthernet1/0/36  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate  channel-protocol lacp  channel-group 12 mode active ! and portchannel 11 and 12 config on switch 2 interface Port-channel11  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate ! interface Port-channel12  switchport trunk native vlan 400  switchport trunk allowed vlan 2,3,11,15,18,50,52-54,62,64-66,161,171-174,181  switchport trunk allowed vlan add 400  switchport mode trunk  switchport nonegotiate      And the configuration i have done on Fortigate 400E(HA) - 1 & 2 is as below :    edit "Cisco_LAN"         set vdom "root"         set vlanforward enable         set type aggregate         set member "port9" "port10" "port11" "port12"                   Now the issue is with the ports. One switch acting as active and the other shows standby/passive(ports 33,34,35,36). If i disconnect switch-1 which is active then other switch starts the traffic after 30 seconds on particular ports 33,34,35,36 only. I want to achieve the network as active-active and which will be useful for me in case if needs more pipe. Please help with the config. Simple network diagram attached. Thanks Rohit K

Rohit K
Rohit K
networkdiagram.jpg
Preview file
130 KB
3919
0 Kudos
3 REPLIES 3
KPS
New Contributor III

Created on ‎08-23-2020 02:47 PM

This is only possible, if the two switches are stacked or acting as MLAG-domain.

You cannot span LACP-bonds over two independent switches.

3038
0 Kudos
harmesh88
New Contributor

Created on ‎08-24-2020 03:19 AM

Dear ,

 

How you configured Cisco Switch - is in stack or standalone mode ?

 

If you have configured cisco switch as stack then it will be good to go with this setup.

Regards,

Harmesh Yadav

CCNP CCSE

3028
0 Kudos
rohitchoudhary1978
New Contributor III
In response to harmesh88

Created on ‎08-24-2020 03:28 AM

Hi,

Thanks for the replies.

These are in standalone presently and I have to stack them. Just finding way out if it feasible to stack in C2960XR-48TS-I.

 

Regards,

Rohit

 

 

Rohit K
Rohit K
3025
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.