Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
3ad(LACPLinkAggregation)
TechnicalNote/FAQ:FortiGateandFortiOSsupportfor802.3ad(LACP PrintArticle
LinkAggregation)
Article
Description LinkAggregationonaFortiGateunit
FortiGateunits,runningFortiOSfirmwareversion4.00MR2,4.00
Components
MR3and5.0.x
Whatislinkaggregation?
Linkaggregation,otherwiseknownastheIEEE802.3adstandard,
allowsthegroupingofinterfacesintoalargerbandwidth'trunk'.It
alsoallowsforhighavailability(HA)byautomaticallyredirecting
trafficfromafailedlinkinatrunktotheremaininglinksinthat
trunk.
Arethereothernamesforlinkaggregation?
LinkaggregationisalsocalledEthernettrunk,NICteaming,port
teaming,porttrunking,andNICbonding.
IslinkaggregationsupportedinFortiOSversions4.00MR2,4.00
MR3and5.0.x?
Yes,butnotnecessarilyoneveryFortiGatehardwareplatform.
HowcanIcheckif802.3adissupportedonmyFortiGateunit?
Createanewinterface(System>Network>Interface)witha
typeof802.3adAggregate.Ifthisoptiondoesnotappear,then
linkaggregationisnotsupportedonyourFortiGateunit.
WhatisLACP?
LinkAggregationControlProtocolistheLayer2negotiation
protocolusedbybothendsoftheaggregatedlinkstoestablishthe
actuallinks.Theotherendofthelinksiscalledthepeer.
WhendoIneedtouseLACP?
IfyouarecreatinganaggregatebetweentwoFortiGateunits,you
canturnLACPoff(lacpmodestatic).IfyourFortiGateunitis
connectingtoanonFortiGatedevice,youwillneedLACPenabled
tonegotiatethelinkconnections.
Whenisitagoodideatouselinkaggregation?
Linkaggregationmakessense
ifyouneedtheredundancyofHA,
ifyouneed1.18Gigofbandwidth,or
ifyoucan'tjustifythecostof10Gigequipment.
WhatdevicesarecompatiblewithFortiGateunitlinkaggregation?
TheFortiGateunitshouldsupportanydevicethatsupportsthe
802.3adstandard.Atthistime,almostanymediumsizedswitch
willsupport802.3ad.
WhatdevicesarenotcompatiblewithFortiGate802.3adlink
aggregation?
Before802.3adsomecompaniesaddedtheirownstandardsto
theirproductsthesegenerallydonotworkwith802.3ad.For
exampleCiscoPAgP(PortAggregationProtocol),andAdaptec
Duralinktrunkingwillnotworkwith802.3ad.
http://kb.fortinet.com/kb/viewContent.do?externalId=11640 1/3
30.01.2017 TechnicalNote/FAQ:FortiGateandFortiOSsupportfor802.3ad(LACPLinkAggregation)
HowmanyinterfacescanIaggregateatonceonaFortiGate?
The802.3adstandardandFortinetallowamaximumofeight
interfacestobeaggregated.However,atthistimethenumberof
physicalinterfacesavailableonFortiGateunitsmaylimitthis
further.Becauseofthehashalgorithmusedtodistributethetraffic
inthelink,itisrecommendedtouseeither2,4or8physicalports
intheaggregate.
CanIsplitthelinksononeendofthetrunkbetweentwodevices,
Content saytwoFortiGate500xblades?
No.Atrunkmustterminateononedevice.Theonepossible
exceptiontothisisifaFortiGateunithasatrunkofsayfourlinks
thatconnecttotwoNortelboxes(twolinkseach)thatsharean
MLT(MultiLinkTrunking)link.Thissetuphasnotbeentestedwith
FortiGatebutistheoreticallypossible.
CanIaggregateportsofdifferenttypes,forexampleaGigEand
three10/100ports?
TheFortiGateunitwillallowyoutoputportswithadifferentspeed
inanaggregate.AnaggregatebetweentwoFortiGateunitswilllet
youmixspeeds(LACPisnotused).IfLACPisbeingused(default
mode),itisuptothepeerifalltheportswillaggregate
successfully.NonFortinetvendorsmaynotallowmixingofspeeds.
Whathappenswhenalinkinatrunkfailsandcomesbackup?
IfLACPisenabled,whenthelinkcarriersignalisdetectedLACP
startsnegotiationandifsuccessfulthelinkwillbereintegrated.If
LACPisnotused,theportwillbemarkedasupandcanbeusedby
thetrunk.
Arethererestrictionsonconfiguringatrunk?
TheFortiGateAdministrationGuidechapteroncreatinginterfaces
liststherestrictionsforcreatingatrunk.Someofitisincluded
below.
Aninterfaceisavailableforaggregationonlyif
itisaphysicalinterface,notaVLANinterface
itisnotalreadypartofanaggregatedinterface
itisinthesameVDOMastheaggregatedinterface
ithasnodefinedIPaddressandisnotconfiguredforDHCP
orPPPoE
ithasnoDHCPserverorrelayconfiguredonit
itdoesnothaveanyVLANsubinterfaces
itisnotreferencedinanyfirewallpolicy,VIP,IPPoolor
multicastpolicy
itisnotanHAheartbeatinterface
ifitisaFGT5000backplaneinterface,itmustbevisible
ArethererestrictionsonwhatIcandoonatrunkonceitis
configured,useVLANsforexample?
Youcandoalmostanythingonatrunkinterfacethatyoucando
onaregularinterface,withtheexceptionslistedabove.This
includesbeingallowedtoconfigureVLANsonthetrunk.
Whatlogeventsareassociatedwithlinkaggregation?
Therearecurrentlynologeventsonlyforlinkaggregation.
However,sinceaggregatedlinksarevirtualinterfaceslogevents
relatedtoVLANsshouldapply.
WhatSNMPtrapsareassociatedwithlinkaggregation?
SNMPreportsthetrunk'sspeedasthenumberofportsmulitplied
bythespeedofstaticallyconfiguredportsinthetrunk(ifthereare
three100M/sports,thetrunkhasareportedspeedof300M/s).
Thereisnospeedreportingfordynamicallyconfiguredports.There
http://kb.fortinet.com/kb/viewContent.do?externalId=11640 2/3
30.01.2017 TechnicalNote/FAQ:FortiGateandFortiOSsupportfor802.3ad(LACPLinkAggregation)
iscurrentlynodocumentingstandardforthisfeature.Themethod
CiscousesissimilartotheFortinetmethodofreportingthis
feature.Apartfromthetrunkspeed,therearenoSNMPtraps
particulartolinkaggregation.However,sinceitisavirtual
interfaceitshouldhavetrapssimilartoVLANs.
RelatedArticles
LinkAggregationhowtos
InitialtroubleshootingstepsforLACP(LinkAggregation802.3ad)onaFortiGate
LastModifiedDate:08152013DocumentID:11640
http://kb.fortinet.com/kb/viewContent.do?externalId=11640 3/3