Fortinet black logo

FortiSwitchOS Administration Guide

Home FortiSwitch 7.4.0 FortiSwitchOS Administration Guide
7.4.0
7.4.3
7.4.2
7.4.1
7.4.0

Link aggregation groups

Link aggregation groups

This section provides information on how to configure a link aggregation group (LAG). For LAG control, the FortiSwitch unit supports the industry-standard Link Aggregation Control Protocol (LACP). The FortiSwitch unit supports LACP in active and passive modes. In active mode, you can optionally specify the minimum and maximum number of active members in a trunk group.

If the trunk is in LACP mode and has ports with different speeds, the ports of the same negotiated speed are grouped in an aggregator.

If multiple aggregators exist, one and only one of the aggregators is used by the trunk.

You can use the CLI to specify how the aggregator is selected:

  • When the aggregator-mode is set to bandwidth, the aggregator with the largest bandwidth is selected. This mode is the default.
  • When the aggregator-mode is set to count, the aggregator with the largest number of ports is selected.

The FortiSwitch unit supports flap-guard protection for switch ports in a LAG.

Starting in FortiSwitchOS 7.4.0, LACP fallback mode is supported in the CLI. LACP fallback mode allows a selected port to stay up so that a device not running LACP can still connect to the network. LACP fallback mode is useful if you have a preboot execution environment (PXE) and need to download an image from the network before running LACP.

When you select the fallback port for a switch trunk, the aggregate interface will use the LACP fallback mode if the trunk does not receive any LACP protocol data units (PDUs). The fallback port is set to up, and all other ports are blocked. When the trunk starts receiving LACP PDUs again, the switch trunk changes from fallback mode to LACP.

When the switch trunk is running LACP and stops receiving LACP PDUs:

  • There is a 90-second delay before LACP fallback mode if the lacp-speed for the switch trunk is set to slow.

  • There is a 30-second delay before LACP fallback mode if the lacp-speed for the switch trunk is set to fast.

The following are the requirements and limitations for LACP fallback mode:

  • If you are using MCLAG, do not configure fallback mode on more than one MCLAG switch. If you configure fallback mode on both MCLAG switches, the diagnose switch mclag peer-consistency-check command will report it as a mismatch.

  • You cannot use fallback mode with the min_bundle or max_bundle setting.

  • You cannot use fallback mode with an MCLAG split-brain state.

Configuring the trunk and LAG ports

It is important to configure the trunk to prevent loops.
Using the GUI:
  1. Go to Switch > Trunks and select Add Trunk.
  2. Give the trunk an appropriate name.
  3. For the mode, select Static, LACP Active, LACP Passive, or Fortinet Trunk.
  4. Add the required ports to the Included list.
  5. Select Create.
Using the CLI:

config switch trunk

edit <trunk name>

set aggregator-mode {bandwidth | count}

set description <description_string>

set members <ports>

set mode {lacp-active | lacp-passive | static}

set member-withdrawal-behavior {block | forward}

set lacp-speed {fast | slow}

set bundle [enable|disable]

set min_bundle <integer>

set max_bundle <integer>

set port-selection-criteria
{src-ip | src-mac | dst-ip |dst-mac | src-dst-ip |src-dst-mac}

end

end

tooltip icon The set auto-isl command (under config switch trunk) is used when a trunk is automatically managed by the system. Do not set this command on trunks that you want to manage, for example, when the FortiSwitch unit is in standalone mode without auto topology (config switch auto-network) enabled.

Example configuration

The following is an example CLI configurations for trunk/LAG ports:

Trunk/LAG ports

To configure Trunk 2 on FortiSwitch 1:
  1. Configure the trunk 2 interface and assign member ports as a LAG group:

    config switch trunk

    edit trunk2

    set members "port4" "port5"

    set description test

    set mode lacp-passive

    set port-selection criteria src-dst-ip

    end

    end

  2. Configure the trunks to allow the VLANs:

    config switch interface

    edit trunk2

    set allowed-vlans 2,8

    next

    end

To configure Trunk 2 on FortiSwitch 2:
  1. Configure the trunk 2 interface and assign member ports as a LAG group:

    config switch trunk

    edit trunk2

    set members "port8" "port10"

    set description test

    set mode lacp-active

    set port-selection criteria src-dst-ip

    end

    end

  2. Configure the trunks to allow the VLANs:

    config switch interface

    edit trunk2

    set allowed-vlans 2,8

    next

    end

Configuring LACP fallback mode

To configure LACP fallback mode:

config switch trunk

edit <trunk_name>

set mode {lacp-active | lacp-passive}

set fallback-port <port_name>

next

end

For example:

config switch trunk

edit LACPtrunk

set mode lacp-active

set fallback-port port5

next

end

Checking the trunk configuration

Using the GUI:

Go to Switch > Trunks or Switch > Monitor > Trunks.

Using the CLI:

diagnose switch trunk list

Previous
Next

Link aggregation groups

This section provides information on how to configure a link aggregation group (LAG). For LAG control, the FortiSwitch unit supports the industry-standard Link Aggregation Control Protocol (LACP). The FortiSwitch unit supports LACP in active and passive modes. In active mode, you can optionally specify the minimum and maximum number of active members in a trunk group.

If the trunk is in LACP mode and has ports with different speeds, the ports of the same negotiated speed are grouped in an aggregator.

If multiple aggregators exist, one and only one of the aggregators is used by the trunk.

You can use the CLI to specify how the aggregator is selected:

  • When the aggregator-mode is set to bandwidth, the aggregator with the largest bandwidth is selected. This mode is the default.
  • When the aggregator-mode is set to count, the aggregator with the largest number of ports is selected.

The FortiSwitch unit supports flap-guard protection for switch ports in a LAG.

Starting in FortiSwitchOS 7.4.0, LACP fallback mode is supported in the CLI. LACP fallback mode allows a selected port to stay up so that a device not running LACP can still connect to the network. LACP fallback mode is useful if you have a preboot execution environment (PXE) and need to download an image from the network before running LACP.

When you select the fallback port for a switch trunk, the aggregate interface will use the LACP fallback mode if the trunk does not receive any LACP protocol data units (PDUs). The fallback port is set to up, and all other ports are blocked. When the trunk starts receiving LACP PDUs again, the switch trunk changes from fallback mode to LACP.

When the switch trunk is running LACP and stops receiving LACP PDUs:

  • There is a 90-second delay before LACP fallback mode if the lacp-speed for the switch trunk is set to slow.

  • There is a 30-second delay before LACP fallback mode if the lacp-speed for the switch trunk is set to fast.

The following are the requirements and limitations for LACP fallback mode:

  • If you are using MCLAG, do not configure fallback mode on more than one MCLAG switch. If you configure fallback mode on both MCLAG switches, the diagnose switch mclag peer-consistency-check command will report it as a mismatch.

  • You cannot use fallback mode with the min_bundle or max_bundle setting.

  • You cannot use fallback mode with an MCLAG split-brain state.

Configuring the trunk and LAG ports

It is important to configure the trunk to prevent loops.
Using the GUI:
  1. Go to Switch > Trunks and select Add Trunk.
  2. Give the trunk an appropriate name.
  3. For the mode, select Static, LACP Active, LACP Passive, or Fortinet Trunk.
  4. Add the required ports to the Included list.
  5. Select Create.
Using the CLI:

config switch trunk

edit <trunk name>

set aggregator-mode {bandwidth | count}

set description <description_string>

set members <ports>

set mode {lacp-active | lacp-passive | static}

set member-withdrawal-behavior {block | forward}

set lacp-speed {fast | slow}

set bundle [enable|disable]

set min_bundle <integer>

set max_bundle <integer>

set port-selection-criteria
{src-ip | src-mac | dst-ip |dst-mac | src-dst-ip |src-dst-mac}

end

end

tooltip icon The set auto-isl command (under config switch trunk) is used when a trunk is automatically managed by the system. Do not set this command on trunks that you want to manage, for example, when the FortiSwitch unit is in standalone mode without auto topology (config switch auto-network) enabled.

Example configuration

The following is an example CLI configurations for trunk/LAG ports:

Trunk/LAG ports

To configure Trunk 2 on FortiSwitch 1:
  1. Configure the trunk 2 interface and assign member ports as a LAG group:

    config switch trunk

    edit trunk2

    set members "port4" "port5"

    set description test

    set mode lacp-passive

    set port-selection criteria src-dst-ip

    end

    end

  2. Configure the trunks to allow the VLANs:

    config switch interface

    edit trunk2

    set allowed-vlans 2,8

    next

    end

To configure Trunk 2 on FortiSwitch 2:
  1. Configure the trunk 2 interface and assign member ports as a LAG group:

    config switch trunk

    edit trunk2

    set members "port8" "port10"

    set description test

    set mode lacp-active

    set port-selection criteria src-dst-ip

    end

    end

  2. Configure the trunks to allow the VLANs:

    config switch interface

    edit trunk2

    set allowed-vlans 2,8

    next

    end

Configuring LACP fallback mode

To configure LACP fallback mode:

config switch trunk

edit <trunk_name>

set mode {lacp-active | lacp-passive}

set fallback-port <port_name>

next

end

For example:

config switch trunk

edit LACPtrunk

set mode lacp-active

set fallback-port port5

next

end

Checking the trunk configuration

Using the GUI:

Go to Switch > Trunks or Switch > Monitor > Trunks.

Using the CLI:

diagnose switch trunk list

Previous
Next