Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Devices Managed by FortiOS

Adding 802.3ad link aggregation groups (trunks)

If the trunk is in LACP mode and has ports with different speeds, the ports of the same negotiated speed are grouped in an aggregator.

If multiple aggregators exist, one and only one of the aggregators is used by the trunk.

You can use the CLI to specify how the aggregator is selected:

  • When the aggregator-mode is set to bandwidth, the aggregator with the largest bandwidth is selected. This mode is the default.
  • When the aggregator-mode is set to count, the aggregator with the largest number of ports is selected.

Using the FortiGate GUI:

  1. Go to WiFi & Switch Controller > FortiSwitch Ports.
  2. Click Create New > Trunk.
  3. In the New Trunk Group page, enter a Name for the trunk group.
  4. Select two or more physical ports to add to the trunk group and then select Apply.
  5. Select the Mode: Static, Passive LACP, or Active LACP.
  6. Select Enabled or Disabled for the MCLAG.
    • An MCLAG peer group must be configured before adding a trunk with MCLAG enabled. See MCLAG peer groups.
    • Make sure to select ports from switches that are part of the same MCLAG peer group.
  7. Select OK.

Using the the FortiGate CLI:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config ports

edit <trunk_name>

set type trunk

set mode {static | lacp-passive | lacp-active}

set aggregator-mode {bandwidth | count}

set bundle {enable | disable}

set min-bundle <int>

set max-bundle <int>

set members <port1 port2 ...>

next

end

end

end

MCLAG trunks

The MCLAG trunk consists of 802.3ad link aggregation groups with members that belong to different FortiSwitch units. To configure an MCLAG trunk, you need an MCLAG peer group (see MCLAG peer groups). The MCLAG trunk members are selected from the same MCLAG peer group.

Using the GUI
  1. Go to WiFi & Switch Controller > FortiSwitch Ports.
  2. Select Create New > Trunk.
  3. Enter a name for the MCLAG trunk.
  4. For the MCLAG status, select Enabled to create an active MCLAG trunk.
  5. For the mode, select Static, Passive LACP, or Active LACP.
    • Set to Static for static aggregation. In this mode, no control messages are sent, and received control messages are ignored.
    • Set to Passive LACP to passively use LACP to negotiate 802.3ad aggregation.
    • Set to Active LACP to actively use LACP to negotiate 802.3ad aggregation.
  6. For trunk members, select Select Members, select the ports to include in the MCLAG trunk, and then select OK to save the trunk members. NOTE: The members must belong to the same MCLAG peer group.
  7. Select OK to save the MCLAG configuration.
    The ports are listed as part of the MCLAG trunk on the FortiSwitch Ports page.
Using the CLI

Configure a trunk in each switch that is part of the MCLAG pair:

  • The trunk name for each switch must be the same.
  • The port members for each trunk can be different.
  • After you enable MCLAG, you can enable LACP if needed.

 

config switch-controller managed-switch

edit "<switch-id>"

config ports

edit "<trunk name>"

set type trunk

set mode {static | lacp-passive | lacp-active}

set members "<port>,<port>"

set mclag enable

next

end

next

 

Variable

Description

Default

<switch-id>

FortiSwitch serial number.

No default

<trunk name>

Enter a name for the MCLAG trunk.

NOTE: Each FortiSwitch unit that is part of the MCLAG must have the same MCLAG trunk name configured.

No default

type trunk

Set the interface type to a trunk port.

physical

mode {static | lacp-passive | lacp-active}

Set the LACP mode.
—Set to static for static aggregation. In this mode, no control messages are sent, and received control messages are ignored.
—Set to lacp-passive to passively use LACP to negotiate 802.3ad aggregation.
—Set to lacp-active to actively use LACP to negotiate 802.3ad aggregation.

lacp-active

members "<port>,<port>"

Set the aggregated LAG bundle interfaces.

No default

mclag enable

Enable or disable the MCLAG.

disable

Adding 802.3ad link aggregation groups (trunks)

If the trunk is in LACP mode and has ports with different speeds, the ports of the same negotiated speed are grouped in an aggregator.

If multiple aggregators exist, one and only one of the aggregators is used by the trunk.

You can use the CLI to specify how the aggregator is selected:

  • When the aggregator-mode is set to bandwidth, the aggregator with the largest bandwidth is selected. This mode is the default.
  • When the aggregator-mode is set to count, the aggregator with the largest number of ports is selected.

Using the FortiGate GUI:

  1. Go to WiFi & Switch Controller > FortiSwitch Ports.
  2. Click Create New > Trunk.
  3. In the New Trunk Group page, enter a Name for the trunk group.
  4. Select two or more physical ports to add to the trunk group and then select Apply.
  5. Select the Mode: Static, Passive LACP, or Active LACP.
  6. Select Enabled or Disabled for the MCLAG.
    • An MCLAG peer group must be configured before adding a trunk with MCLAG enabled. See MCLAG peer groups.
    • Make sure to select ports from switches that are part of the same MCLAG peer group.
  7. Select OK.

Using the the FortiGate CLI:

config switch-controller managed-switch

edit <FortiSwitch_serial_number>

config ports

edit <trunk_name>

set type trunk

set mode {static | lacp-passive | lacp-active}

set aggregator-mode {bandwidth | count}

set bundle {enable | disable}

set min-bundle <int>

set max-bundle <int>

set members <port1 port2 ...>

next

end

end

end

MCLAG trunks

The MCLAG trunk consists of 802.3ad link aggregation groups with members that belong to different FortiSwitch units. To configure an MCLAG trunk, you need an MCLAG peer group (see MCLAG peer groups). The MCLAG trunk members are selected from the same MCLAG peer group.

Using the GUI
  1. Go to WiFi & Switch Controller > FortiSwitch Ports.
  2. Select Create New > Trunk.
  3. Enter a name for the MCLAG trunk.
  4. For the MCLAG status, select Enabled to create an active MCLAG trunk.
  5. For the mode, select Static, Passive LACP, or Active LACP.
    • Set to Static for static aggregation. In this mode, no control messages are sent, and received control messages are ignored.
    • Set to Passive LACP to passively use LACP to negotiate 802.3ad aggregation.
    • Set to Active LACP to actively use LACP to negotiate 802.3ad aggregation.
  6. For trunk members, select Select Members, select the ports to include in the MCLAG trunk, and then select OK to save the trunk members. NOTE: The members must belong to the same MCLAG peer group.
  7. Select OK to save the MCLAG configuration.
    The ports are listed as part of the MCLAG trunk on the FortiSwitch Ports page.
Using the CLI

Configure a trunk in each switch that is part of the MCLAG pair:

  • The trunk name for each switch must be the same.
  • The port members for each trunk can be different.
  • After you enable MCLAG, you can enable LACP if needed.

 

config switch-controller managed-switch

edit "<switch-id>"

config ports

edit "<trunk name>"

set type trunk

set mode {static | lacp-passive | lacp-active}

set members "<port>,<port>"

set mclag enable

next

end

next

 

Variable

Description

Default

<switch-id>

FortiSwitch serial number.

No default

<trunk name>

Enter a name for the MCLAG trunk.

NOTE: Each FortiSwitch unit that is part of the MCLAG must have the same MCLAG trunk name configured.

No default

type trunk

Set the interface type to a trunk port.

physical

mode {static | lacp-passive | lacp-active}

Set the LACP mode.
—Set to static for static aggregation. In this mode, no control messages are sent, and received control messages are ignored.
—Set to lacp-passive to passively use LACP to negotiate 802.3ad aggregation.
—Set to lacp-active to actively use LACP to negotiate 802.3ad aggregation.

lacp-active

members "<port>,<port>"

Set the aggregated LAG bundle interfaces.

No default

mclag enable

Enable or disable the MCLAG.

disable