Fortinet black logo

Administration Guide

Create an aggregate interface

Copy Link
Copy Doc ID 4f5a6250-a945-11ec-9fd1-fa163e15d75b:228179
Download PDF

Create an aggregate interface

You can create an interface that uses IEEE 802.3ad to bind multiple physical networks to form an aggregated, combined link. The aggregate link has the bandwidth of the combined links. If one interface in the group fails, traffic is automatically transferred to the other interfaces. The only noticeable effect is reduced bandwidth.

In System > Interfaces, a network interface that is part of an aggregate link is displayed in gray. You cannot configure the interface individually.

A network interface must meet all the following conditions to be added to an aggregate interface:

  • It is not already part of an aggregate interface.
  • It does not have the same IP address as another interface.
  • It is not an administration port.
  • It is not a VM outgoing port.
  • It is not a sniffer port.
  • It is not an HA-Cluster communication port.
To create an aggregate interface:

This example creates an aggregate interface on ports 4 - 6 with an internal IP address of 10.1.1.123 with administrative access to HTTPS and SSH.

  1. Go to System > Interfaces and click Create New.

    FortiSandbox sets the Name as bond{n} and the Type as 802.3ad Aggregate.

  2. For Interface Member, select the physical interface members. In this example, select ports 4, 5, and 6.
  3. Enter the IPv4 IP address for the port. In this example, enter 10.1.1.123/24.
  4. If necessary, enter the IPv6 IP address.

  5. Click OK to display the created bond.

  6. Use the CLI command show to display the bond information. For example:
    Bond 1  IPv4 IP: 10.1.1.123/24  MAC: xx:xx:xx:xx:xx:xx
           MTU: 1500
           Slave Interface:  port4  port5  port6
    
  7. Use the following CLI command to add bond1 as the administration port.
    set admin-port bond1

    System > Interfaces shows that bond1 has the same access rights as port1.

    When you change the port1 access rights, the bond1 access right is automatically synchronized.

To set the aggregate interface as the administration port, use the CLI command set admin-port bond1.

To change the MTU of an aggregate interface, use the set port mtu CLI command. For example, set port-mtu bond1 1200.

Additional information

There is no CLI command to create or delete the LACP 802.3ad interface.

The bond interface does not support PCAP.

You cannot delete an admin LCAP bond.

You cannot add a new interface to an existing bond.

You cannot remove an interface member from an existing bond.

For FortiSandbox VM, including KVM, Hyper-V, AWS, and Azure, implement the LCAP support on the virtual server first, then create the aggregate interface.

Create an aggregate interface

You can create an interface that uses IEEE 802.3ad to bind multiple physical networks to form an aggregated, combined link. The aggregate link has the bandwidth of the combined links. If one interface in the group fails, traffic is automatically transferred to the other interfaces. The only noticeable effect is reduced bandwidth.

In System > Interfaces, a network interface that is part of an aggregate link is displayed in gray. You cannot configure the interface individually.

A network interface must meet all the following conditions to be added to an aggregate interface:

  • It is not already part of an aggregate interface.
  • It does not have the same IP address as another interface.
  • It is not an administration port.
  • It is not a VM outgoing port.
  • It is not a sniffer port.
  • It is not an HA-Cluster communication port.
To create an aggregate interface:

This example creates an aggregate interface on ports 4 - 6 with an internal IP address of 10.1.1.123 with administrative access to HTTPS and SSH.

  1. Go to System > Interfaces and click Create New.

    FortiSandbox sets the Name as bond{n} and the Type as 802.3ad Aggregate.

  2. For Interface Member, select the physical interface members. In this example, select ports 4, 5, and 6.
  3. Enter the IPv4 IP address for the port. In this example, enter 10.1.1.123/24.
  4. If necessary, enter the IPv6 IP address.

  5. Click OK to display the created bond.

  6. Use the CLI command show to display the bond information. For example:
    Bond 1  IPv4 IP: 10.1.1.123/24  MAC: xx:xx:xx:xx:xx:xx
           MTU: 1500
           Slave Interface:  port4  port5  port6
    
  7. Use the following CLI command to add bond1 as the administration port.
    set admin-port bond1

    System > Interfaces shows that bond1 has the same access rights as port1.

    When you change the port1 access rights, the bond1 access right is automatically synchronized.

To set the aggregate interface as the administration port, use the CLI command set admin-port bond1.

To change the MTU of an aggregate interface, use the set port mtu CLI command. For example, set port-mtu bond1 1200.

Additional information

There is no CLI command to create or delete the LACP 802.3ad interface.

The bond interface does not support PCAP.

You cannot delete an admin LCAP bond.

You cannot add a new interface to an existing bond.

You cannot remove an interface member from an existing bond.

For FortiSandbox VM, including KVM, Hyper-V, AWS, and Azure, implement the LCAP support on the virtual server first, then create the aggregate interface.