Hi all,

Does anyone who has experience in building Link aggregation in Transparent mode?

I have a scenario like below

The Firewall in pic works in transparent mode with policy permit any to any.

As the pic, port17&port18,port19&port20 are two different link aggregation interface running in active-passive mode with Cisco switch.

And I used port-pair in those two link aggregation interface.

In this scenario I ping 10.10.20.14 from 10.10.20.1, failed.

But it's wired that if I untied the link aggregation , and used port-pair "port17-port19" and "port18-port20".

I can ping between two IPs in pic.

I doubt that something wrong when I setting link aggregation in transparent.

Is there any point I need to notice setting link aggregation in transparent mode?

I find out some command on website,and I post the result below:

FW1 (CR_test) # diag netlink aggregate name cr_vlan100 

status: up

npu: y flush: n asic helper: y oid: 145 ports: 2 ha: master distribution algorithm: L4 LACP mode: passive LACP speed: slow LACP HA: enable aggregator ID: 2

slave: port17 link status: up link failure count: 0 LACP state: established actor state: PSAIEE actor port number/key/priority: 1 17 255 partner state: ASAIEE partner port number/key/priority: 274 3 32768 aggregator ID: 2 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4

slave: port18 link status: up link failure count: 0 LACP state: established actor state: PSAIEE actor port number/key/priority: 2 17 255 partner state: ASAIEE partner port number/key/priority: 276 3 32768 aggregator ID: 2 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4

I think my link aggregation most be up in this result,but the network still no work.

Please help,thanks!