- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Create Link Aggregation (802.3ad)
Hi Forum,
I want to create a new Interface on my 240D using Link Aggregation.
The Fortigate want's me to assign an IP-Address to the Interface. But why? "Normal" Ports are just assigned to my default Network and this is want I wan't to do withe the new Link aggregation Interface, too.
I think I have a problem in understanding how the fortigate is using link aggregation interfaces. The manual wasn't very helpful. Maybe one of you can explain to me how to aggregate pysical Ports and add them to my network.
Thank you and best regards,
Kai
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
as the FGT in "Routing/NAT" mode is a router it expects non-identical networks at each port. So, like with any other physical port, you assign an address to a LACP port.
As LACP is on Layer 2 it doesn't really need IP addresses on each end. The ultimate use of a port will be to connect the FGT to a network. For that, it needs an IP address.
Try creating other ports, i.e. VLAN ports. You can't get away with NOT assigning an address to it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
agreed here's what we do ( tag over LAG bundle )
config system interface edit "etherLAG01 set vdom "root" set type aggregate set member "port1" "port2" set snmp-index 413 next edit "LAN012" set vdom "root"
set type vlan set ip 10.1.12.1 255.255.255.0 set allowaccess ping https ssh set snmp-index 672 set interface "etherLAG01" set vlanid 12 next edit "LAN013" set vdom "root"
set type vlan set ip 10.1.13.1 255.255.255.0 set allowaccess ping https ssh set snmp-index 673 set interface "etherLAG01" set vlanid 13 next end
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is how we put multiple vlans on an aggregate interface on a 1500D under multi-vdom environment. May not apply to your environment though.
config system interface
edit "CISCO-MPLS" set vdom "root" set vlanforward enable set type aggregate set member "port3" "port4" set snmp-index 50 next edit "port3" set vdom "root" set type physical set snmp-index 5 set speed 1000full next edit "port4" set vdom "root" set type physical set snmp-index 6 set speed 1000full next
edit "v3004aaaa" set vdom "aaaa" set ip x.x.x.x 255.255.255.252 set allowaccess ping https ssh capwap set vlanforward enable set snmp-index 102 set interface "CISCOPath" set vlanid 3004 next edit "v3005bbbb" set vdom "bbbb" set ip x.x.x.x 255.255.255.252 set allowaccess ping https ssh set vlanforward enable set snmp-index 82 set interface "CISCO-MPLS" set vlanid 3005 next <and many more vlans> end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ede_pfau wrote:as the FGT in "Routing/NAT" mode is a router it expects non-identical networks at each port. So, like with any other physical port, you assign an address to a LACP port.
As LACP is on Layer 2 it doesn't really need IP addresses on each end. The ultimate use of a port will be to connect the FGT to a network. For that, it needs an IP address.
Try creating other ports, i.e. VLAN ports. You can't get away with NOT assigning an address to it.
In the Web-GUI interface IP-address field the string "0.0.0.0/0" is a place-holder for "no ip address". If you want to remove an IP address from an interface, simply enter this string.
Any interface with "0.0.0.0/0" in the GUI as the IP-address will have no IP address assigned. (CLI config is clearer this way, you won't see any "set ip-address ..." in the CLI).
