Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎05-30-2006 12:00 AM Edited on ‎02-05-2024 07:45 AM By Moderator

Article Id 196438

Technical Tip: Link Aggregation how tos

Article

Description "How Tos" for link aggregation
Components
  • FortiGate models supporting Link Aggregation are described in the related article FortiGate 802.3ad Link Aggregation FAQ
Steps or Commands

How can I tell what interfaces can be used in a trunk?

The FortiGate v3.0 Administration Guide chapter on creating interfaces lists the restrictions for creating a trunk. Some of it is included below.

An interface is available for aggregation only if

  • it is a physical interface, not a VLAN interface
  • it is not already part of an aggregated interface
  • it is in the same VDOM as the aggregated interface
  • it has no defined IP address and is not configured for DHCP or PPPoE
  • it has no DHCP server or relay configured on it
  • it does not have any VLAN subinterfaces
  • it is not referenced in any firewall policy, VIP, IP Pool or multicast policy
  • it is not an HA heartbeat interface
  • it is a FGT-5000 backplane interface, it must be visible

How do I configure an interface to use link aggregation using CLI commands?

If port 2 and port 3 are available, the following CLI commands create an aggregate called "link_agg" with an IP/netmask of 172.168.1.2/255.255.255.0 on the root vdom using those two interfaces. You can optionally set other interface settings.

 

config system interface
            edit "link_agg"
            set vdom "root"
            set ip 172.168.1.2 255.255.255.0
            set type aggregate
            set member "port2""port3"
            end

 

How do I configure my HA setup to use link aggregation?

In the HA section of the FortiGate HA Overview there is a very good explanation and diagram showing an easy way to configure two FortiGate units in an HA configuration using link aggregation.

How do I check the number of statically configured ports in a trunk?

Use the following CLI command:

show system interface <trunk-name>

How do I check the number of dynamically configured ports in a trunk and in use?

Use the following CLI command:

diagnose netlink interface name <trunk-name>

How do I check the aggregate speed of a trunk?

This is not currently supported. However as mentioned above in MR1 and up you can use SNMP to find the aggregate speed of the trunk.

See also the related article "FortiGate 802.3ad Link Aggregation FAQ".

 

Related Articles

Technical Note / FAQ: FortiGate and FortiOS support for 802.3ad (LACP - Link Aggregation)

Labels:
16312
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.