Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ShaileshMdr
New Contributor III

LACP confusion

Hi Community,

 

So I have a question whether this LACP will work or not. I need your views on this also is there any other way on how I can improve this redundancy.

 

I have 2 Cisco Switches (Stacked) acting as a link switch.

FGT is in HA (Active and Passive).

Here there are 4 ports that are members of a single port-channel in Cisco switch.

And whereas in FortiGate there are 2 ports each in LACP.

Will it work?

 

Regards,

Shailesh

LACP.jpg

 

#nse4
#nse4
1 Solution
srajeswaran
Staff
Staff

The LACP link will be up, but there will be traffic issues. For example the switch can forward the traffic to passive node as part of load balancing , but passive node will drop the packets.

We can use "set lacp-ha-slave disable" on FGT, and make the LACP down on passive node, but this will influence the failover time and can cause traffic disruption.

Ideal would be to use 2 separate port channels on switch and fortigate nodes.

 

Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-LACP-behavior-in-an-HA-cluster/ta-p/195163

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

4 REPLIES 4
srajeswaran
Staff
Staff

The LACP link will be up, but there will be traffic issues. For example the switch can forward the traffic to passive node as part of load balancing , but passive node will drop the packets.

We can use "set lacp-ha-slave disable" on FGT, and make the LACP down on passive node, but this will influence the failover time and can cause traffic disruption.

Ideal would be to use 2 separate port channels on switch and fortigate nodes.

 

Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-LACP-behavior-in-an-HA-cluster/ta-p/195163

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

ShaileshMdr

Ahh okay!

So I should be using 2 port-channels.

Example: In port-channel 1 both links for active FGT while port-channel 2 both links to slave FGT.

 

Regards,

Shailesh

 

#nse4
#nse4
srajeswaran

Hi@ShaileshMdr ,  that is correct.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

ShaileshMdr

Hello @srajeswaran 

 

Thanks for the suggestion. Appreciate it!

 

Regards,

Shailesh

#nse4
#nse4
Labels
Top Kudoed Authors