Fortinet white logo
Fortinet white logo

FortiGate-7000 Release Notes

FortiGate-6000 management interface LAG and VLAN support

FortiGate-6000 management interface LAG and VLAN support

FortiGate-6000 supports adding the mgmt1 and mgmt2 interfaces to an LACP link aggregation group (LAG). You can also add VLAN interfaces to the mgmt1, mgmt2, and mgmt3 interfaces or to a LAG that includes mgmt1 and mgmt2.

You can use the following configuration to create a management interface LAG that includes the mgmt1 and mgmt2 interfaces.

config system interface

edit "lacp_mgmt"

set vdom mgmt-vdom

set type aggregate

set member mgmt1 mgmt2

end

Note

To be able to add an interface to a LAG you must remove all references to that interface (including static routes) and unset the IP address of the interface.

The management interface LAG fully supports LACP and supports other standard interface features. The management interface LAG as well as any VLAN interfaces added to the mgmt1, mgmt2, or mgmt3 interfaces or to the management interface LAG must remain in the mgmt-vdom VDOM.

Management interface LAG limitations

Management interface LAG support has the following limitations:

  • You cannot set a management interface LAG to be the SLBC management interface by adding it to the config load-balance setting slbc-mgmt-intf option. This means that you cannot use the management interface LAG IP address with special port numbers to access the management board or individual FPCs as described in Special management port numbers.

    After creating a management interface LAG, if you still want to be able to use special port numbers to log into the management board or individual FPCs, you can use the mgmt3 interface for this access by setting slbc-mgmt-intf to mgmt3 and connecting MGMT3 to the management network.

  • FPCs and the management board assign different MAC addresses to the management interface LAG. The management board uses the MAC address of the second interface in the member list while the FPCs use the MAC address of the first interface in the member list.
  • You can add the mgmt3 interface to the same LAG as mgmt1 and mgmt2. This configuration is not recommended, since LACP may not work as expected if the LACP group contains interfaces with different speeds. Adding mgmt3 might work in some configurations.
  • You can add mgmt1, mgmt2, or mgmt3 to a LAG even if the management interface is configured as the SLBC management interface.
  • If mgmt1, mgmt2, or mgmt3 are HA monitored interfaces they cannot be added to a management interface LAG.

FortiGate-6000 management interface LAG and VLAN support

FortiGate-6000 management interface LAG and VLAN support

FortiGate-6000 supports adding the mgmt1 and mgmt2 interfaces to an LACP link aggregation group (LAG). You can also add VLAN interfaces to the mgmt1, mgmt2, and mgmt3 interfaces or to a LAG that includes mgmt1 and mgmt2.

You can use the following configuration to create a management interface LAG that includes the mgmt1 and mgmt2 interfaces.

config system interface

edit "lacp_mgmt"

set vdom mgmt-vdom

set type aggregate

set member mgmt1 mgmt2

end

Note

To be able to add an interface to a LAG you must remove all references to that interface (including static routes) and unset the IP address of the interface.

The management interface LAG fully supports LACP and supports other standard interface features. The management interface LAG as well as any VLAN interfaces added to the mgmt1, mgmt2, or mgmt3 interfaces or to the management interface LAG must remain in the mgmt-vdom VDOM.

Management interface LAG limitations

Management interface LAG support has the following limitations:

  • You cannot set a management interface LAG to be the SLBC management interface by adding it to the config load-balance setting slbc-mgmt-intf option. This means that you cannot use the management interface LAG IP address with special port numbers to access the management board or individual FPCs as described in Special management port numbers.

    After creating a management interface LAG, if you still want to be able to use special port numbers to log into the management board or individual FPCs, you can use the mgmt3 interface for this access by setting slbc-mgmt-intf to mgmt3 and connecting MGMT3 to the management network.

  • FPCs and the management board assign different MAC addresses to the management interface LAG. The management board uses the MAC address of the second interface in the member list while the FPCs use the MAC address of the first interface in the member list.
  • You can add the mgmt3 interface to the same LAG as mgmt1 and mgmt2. This configuration is not recommended, since LACP may not work as expected if the LACP group contains interfaces with different speeds. Adding mgmt3 might work in some configurations.
  • You can add mgmt1, mgmt2, or mgmt3 to a LAG even if the management interface is configured as the SLBC management interface.
  • If mgmt1, mgmt2, or mgmt3 are HA monitored interfaces they cannot be added to a management interface LAG.