Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ShaileshMdr
New Contributor III

Created on ‎07-11-2023 03:36 AM Edited on ‎07-11-2023 03:41 AM

LACP confusion

Hi Community,

 

So I have a question whether this LACP will work or not. I need your views on this also is there any other way on how I can improve this redundancy.

 

I have 2 Cisco Switches (Stacked) acting as a link switch.

FGT is in HA (Active and Passive).

Here there are 4 ports that are members of a single port-channel in Cisco switch.

And whereas in FortiGate there are 2 ports each in LACP.

Will it work?

 

Regards,

Shailesh

LACP.jpg

 

#nse4
#nse4
Labels:
2256
0 Kudos
1 Solution
srajeswaran
Staff
Staff

Created on ‎07-11-2023 03:41 AM

The LACP link will be up, but there will be traffic issues. For example the switch can forward the traffic to passive node as part of load balancing , but passive node will drop the packets.

We can use "set lacp-ha-slave disable" on FGT, and make the LACP down on passive node, but this will influence the failover time and can cause traffic disruption.

Ideal would be to use 2 separate port channels on switch and fortigate nodes.

 

Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-LACP-behavior-in-an-HA-cluster/ta-p/195163

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

2242
4 REPLIES 4
srajeswaran
Staff
Staff

Created on ‎07-11-2023 03:41 AM

The LACP link will be up, but there will be traffic issues. For example the switch can forward the traffic to passive node as part of load balancing , but passive node will drop the packets.

We can use "set lacp-ha-slave disable" on FGT, and make the LACP down on passive node, but this will influence the failover time and can cause traffic disruption.

Ideal would be to use 2 separate port channels on switch and fortigate nodes.

 

Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-LACP-behavior-in-an-HA-cluster/ta-p/195163

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
2243
ShaileshMdr
New Contributor III
In response to srajeswaran

Created on ‎07-11-2023 03:50 AM

Ahh okay!

So I should be using 2 port-channels.

Example: In port-channel 1 both links for active FGT while port-channel 2 both links to slave FGT.

 

Regards,

Shailesh

 

#nse4
#nse4
2238
0 Kudos
srajeswaran
Staff
Staff
In response to ShaileshMdr

Created on ‎07-11-2023 04:11 AM

Hi@ShaileshMdr ,  that is correct.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
2222
ShaileshMdr
New Contributor III
In response to srajeswaran

Created on ‎07-11-2023 04:23 AM

Hello @srajeswaran 

 

Thanks for the suggestion. Appreciate it!

 

Regards,

Shailesh

#nse4
#nse4
2217
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.