Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

Switch Trunk Group - Hyper-V Server

I’m relatively new to Hyper-V Server and to managing FortiSwitches via a FortiGate

FortiGate 60F on firmware 7.0.9

Pair of S224E switches on firmware 7.2.2 connected via fortilink

Dell PowerEdge T740 server running Windows Server 2022 with Hyper-V Server role. Hosting 2 Windows Server 2022 VM’s

The host server has 4 NIC ports, 2 each 10G and 2 each 1G

 

Would like to use a Trunk via the FortiGate switches with one Ethernet connection coming from each switch going to the 2 10G ports on the Dell PowerEdge R740 Server. Would like to do this for greater reliability and potentially greater networking speed.

 

I created a Trunk Group via the FortiGate on the FortiSwitches as follows:

  1. Click New, Trunk Group
  2. Name Trunk Group
  3. MC-LAG, click Enabled
  4. Mode, click Active LACP
  5. Click 2 ports from right navigation, click OK
  6. Click OK

I then created a NIC Team in the Windows Server Host as follows:

  1. Name Team, i.e. NicTeam-01
  2. Verify desired team member are checked
  3. Select Teaming mode: LACP
  4. Load balancing mode: Dynamic (verify correct setting)
  5. Standby adapter: None (verify correct setting)
  6. Click OK
  7. Click refresh on Local Server to view updated NIC team setting

When I tried to create a Hyper-V virtual switch using the host Virtual Switch Manager I don’t see the NicTeam-01 listed in Hyper-V Virtual Switch Manager. The only item I found that might relate to this NicTeam-01 is titled Microsoft Network Adapter Multiplexor Driver. Is this proper title for this NIC Team?

 

When I click OK to create the Virtual Switch, I get the following error:

Error applying Virtual Switch Properties changes

Failed while adding virtual Ethernet switch connections.

Attaching a virtual switch to an LBFO team is deprecated. Switch Embedded Teaming (SET) is an inbox replacement for this functionality. For more information on LBFO deprecation please see https://aka.ms/LBFODeprecation. To override this block, use the AllowNetLbfoTeams option in New-VMSwitch.

 

I have done some research on this, but I can’t determine a proper way forward. Any suggestions?

12 REPLIES 12
gfleming

OK well you have to either choose to use MCLAG or do not use MCLAG. In the configuration you posted you are enabling MCLAG for the Trunk Group. If your switches aren't configured for MCLAG then you can't enable MCLAG for the Trunk Group. And if the ports are on two different switches then a LAG won't work unless you are using MCLAG.

 

I can't really answer your questions about whether MCLAG is best or what docs you should follow to change anything because I don't have an accurate depiction of your current physical topology or what other requirements are on your network. MCLAG is good to provide redundancy at the switch level. i.e. if SWA goes down, connections remain on SWB and provides bandwidth aggregation assuming SWA and SWB are healthy. You can achieve redundancy with STP, too. And in your case it might be simpler to just leverage STP. Unless you know for sure you need >10Gbps at the server interface.

 

I wouldn't go changing anything until you've identified current state and fully understand what you need to do to get to your desired state.

 

Based on what you've told me I assume your current topology may be this: https://docs.fortinet.com/document/fortiswitch/7.2.1/fortilink-guide/801204/single-fortigate-unit-ma... (2 switches in a ring "stack" with one active link and one passive link going to the FGT).

 

Or it could be this: 

https://docs.fortinet.com/document/fortiswitch/7.2.1/fortilink-guide/801202/single-fortigate-unit-ma...

 

Cheers,
Graham
SecurityPlus
Contributor II

I'm sorry to disappear. Some sickness in our group and general busyness. I will review the very helpful feedback, hopefully further next week.

AndersJacoby
New Contributor

You need to install the Switch Embedded Teaming feature. This feature replaces the deprecated LBFO teams. After installing SET, you can use the New-VMSwitch cmdlet with the AllowNetLbfo Teams parameter to override the block and create the virtual switch. Follow the documentation provided by Microsoft for configuring and managing SET. Thanks

Labels
Top Kudoed Authors