I have configured LACP link (2 port) on Cisco 3560 and FG310B, everything seem be fine, but when I put traffic on this LACP link, traffic just rided on one physical link, when I shutdown one port of LACP, traffic switch to another. It didn't load share!
Do I have to config somthing futher on Fortigate ?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
When you did your tests, did you generate traffic from one host to another, or multiple to multiple?
If you've got one source/destination ip-address then the traffic will only use one link.
If you got multiple streams of traffic to/from different hosts, then it should load balance between the physical links.
cisco fortinet LACP is pretty straightforward, you can diagnose the status of the LACP on the fortigate with
command below and output of one of my units. LACP flags should be remote and local the same. Fyi the name of my trunk is trunk. :)
dia netlink aggregate name trunk LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D) (A|P) - LACP mode is Active or Passive (S|F) - LACP speed is Slow or Fast (A|I) - Aggregatable or Individual (I|O) - Port In sync or Out of sync (E|D) - Frame collection is Enabled or Disabled (E|D) - Frame distribution is Enabled or Disabled
status: up npu: y flush: y asic helper: n oid: 7 ports: 2 link-up-delay: 50ms min-links: 1 ha: master distribution algorithm: L4 LACP mode: active LACP speed: slow LACP HA: enable aggregator ID: 2 actor key: 17 actor MAC address: 08:5b:0e:bb:10:2f partner key: 2 partner MAC address: 2c:3f:38:a8:94:80
slave: port1 link status: up link failure count: 2 permanent MAC addr: 08:5b:0e:bb:10:2f LACP state: established actor state: ASAIEE actor port number/key/priority: 1 17 255 partner state: ASAIEE partner port number/key/priority: 305 2 32768 partner system: 32768 2c:3f:38:a8:94:80 aggregator ID: 2 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4
slave: port2 link status: up link failure count: 2 permanent MAC addr: 08:5b:0e:bb:10:34 LACP state: established actor state: ASAIEE actor port number/key/priority: 2 17 255 partner state: ASAIEE partner port number/key/priority: 304 2 32768 partner system: 32768 2c:3f:38:a8:94:80 aggregator ID: 2 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Thank for your answer, dear Eric, but I don't really understand your mean. I did the command you advise and get something seem ok. Could you please advise me what I should to check ?
Here are output informations (my trunk is LACP_TEST)
FG300B3909605039 # diagnose netlink aggregate name LACP_TEST LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D) (A|P) - LACP mode is Active or Passive (S|F) - LACP speed is Slow or Fast (A|I) - Aggregatable or Individual (I|O) - Port In sync or Out of sync (E|D) - Frame collection is Enabled or Disabled (E|D) - Frame distribution is Enabled or Disabled status: up npu: y oid: 7 ports: 2 distribution algorithm: L4 LACP mode: active LACP speed: slow LACP HA: enable aggregator ID: 1 actor key: 17 actor MAC address: 00:09:0f:d2:bf:9d partner key: 1 partner MAC address: 64:ae:0c:34:25:80 slave: port3 link status: up link failure count: 1 permanent MAC addr: 00:09:0f:d2:bf:9d LACP state: established actor state: ASAIEE partner state: ASAIEE aggregator ID: 1 slave: port4 link status: up link failure count: 1 permanent MAC addr: 00:09:0f:d2:bf:9c LACP state: established actor state: ASAIEE partner state: ASAIEE aggregator ID: 1
So the LACP is fine, we've established that.
The load balance algorithm is L4, based on that it should divide traffic between the members.
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
When you did your tests, did you generate traffic from one host to another, or multiple to multiple?
If you've got one source/destination ip-address then the traffic will only use one link.
If you got multiple streams of traffic to/from different hosts, then it should load balance between the physical links.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.