Scribd Logo
Upload

Welcome to Scribd!

  • 20120822104121979

    Uploaded by

    nbonina
    64 views9 pages
    ll

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ll

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    64 views9 pages

    20120822104121979

    Uploaded by

    nbonina
    ll

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    FortiGate

    1.0

    2011 11

    (ddhu@fortinet.com)

    FortiOS v4.3.x

    52 12

    : (010)62960376


    1. ..................................................................................................................................................... 3
    2. ............................................................................................................................................. 3
    3. .................................................................................................................................... 3
    4. .................................................................................................................................... 5
    5. ............................................................................................................................................. 8
    6. ..................................................................................................................................................... 9

    52 12

    : (010)62960376

    1.
    FortiGate 802.3ad , IEEE802.3ad
    LACPLink Aggregation Control Protocol,
    LACP LACPDULink Aggregation
    Control Protocol Data Unit,

    2.
    FortiOS
    FortiOS 3.0MR1-MR5: 310B,620B,800 ;
    FortiOS 3.0MR6:

    300A,310B,400A,500A,620B,800 ;

    FortiOS 4.0MR2:

    200B,300A,310B,400A,500A,620B,80

    2 FortiGate310B , FortiOS
    v4.0MR3 Patch2

    3.
    FortiGate ,,
    ,:

    , Vlan

    52 12

    : (010)62960376

    IP ,

    Vlan

    HA

    FortiGate , IEEE802.3ad
    FortiGate NP NP
    FortiGate LACP ,Passive,Active,Static
    Active ,
    ha-a # config system interface
    ha-a (interface) # edit 310B-a
    ha-b (310B-a) # set lacp-mode
    active
    actively use LACP to negotiate 802.3ad aggregation
    passive
    passively use LACP to negotiate 802.3ad aggregation
    static
    use static aggregation, do not send and ignore any LACP
    messages
    Active(): LACPDU ,
    LACP
    Passive(): LACPDU ,
    LACP ,
    Static():, LACP
    ,:
    Active

    Passive

    Static

    Active

    Preferred

    Functional

    LessFunctional

    Passive

    Functional

    Nonfunctiona

    Nonfunctional

    Static

    LessFunctional

    Nonfunctional

    LeastPreferred

    LACP : Slow,:
    ha-a # config system interface
    52 12

    : (010)62960376

    ha-a (interface) # edit 310B-a


    ha-a (310B-a) # set lacp-speed
    fast
    send LACP message every second
    slow
    send LACP message every 30 seconds
    Slow: 30 LACP
    Fast: 1 LACP
    FortiGate LACP , L4,
    :
    ha-a # config system interface
    ha-a (interface) # edit 310B-a
    ha-a (310B-a) # set algorithm
    L2
    Use layer 2 address for distribution
    L3
    Use layer 3 address for distribution
    L4
    Use layer 4 information for distribution
    L2: 2 ;
    L3: 3 ,
    IP , L2 ;
    L4: TCP,UDP ESP IP ,
    TCP/UDP ESP SPI
    L4

    4.
    ,--, 802.3ad
    ,, port5,port8

    52 12

    : (010)62960376

    ,,,

    :
    ha-a # diagnose netlink aggregate list
    1 name 310B-a
    status up
    algorithm L4

    lacp-mode active

    310B-a :
    ha-a # diagnose netlink aggregate name 310B-a
    LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
    (A|P) - LACP mode is Active or Passive
    (S|F) - LACP speed is Slow or Fast
    (A|I) - Aggregatable or Individual
    (I|O) - Port In sync or Out of sync
    (E|D) - Frame collection is Enabled or Disabled
    (E|D) - Frame distribution is Enabled or Disabled
    status: up
    npu: y
    oid: 2
    ports: 2
    distribution algorithm: L4
    LACP mode: active
    LACP speed: slow
    LACP HA: enable
    aggregator ID: 1
    52 12

    : (010)62960376

    actor key: 9
    actor MAC address: 00:09:0f:88:a0:b7
    partner key: 1
    partner MAC address: 00:0f:e2:d8:25:75
    slave: port5
    status: up
    link failure count: 0
    permanent MAC addr: 00:09:0f:88:a0:b7
    actor state: ASAIEE
    partner state: ASAIEE
    aggregator ID: 1
    slave: port8
    status: up
    link failure count: 0
    permanent MAC addr: 00:09:0f:88:a0:b8
    actor state: ASAIEE
    partner state: ASAIEE
    aggregator ID: 1
    LACP :
    LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
    (A|P) - LACP mode is Active or Passive
    LACP
    (S|F) - LACP speed is Slow or Fast
    LACP ,Slow 30 ,Fast 1
    (A|I) - Aggregatable or Individual

    (I|O) - Port In sync or Out of sync

    (E|D) - Frame collection is Enabled or Disabled

    (E|D) - Frame distribution is Enabled or Disabled

    52 12

    : (010)62960376

    5.
    ,
    ha-a # diagnose netlink aggregate name 310B-a
    LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
    (A|P) - LACP mode is Active or Passive
    (S|F) - LACP speed is Slow or Fast
    (A|I) - Aggregatable or Individual
    (I|O) - Port In sync or Out of sync
    (E|D) - Frame collection is Enabled or Disabled
    (E|D) - Frame distribution is Enabled or Disabled
    status: up
    npu: y
    oid: 2
    ports: 2
    distribution algorithm: L4
    LACP mode: active
    LACP speed: slow
    LACP HA: enable
    aggregator ID: 1
    actor key: 9
    actor MAC address: 00:09:0f:88:a0:b7
    partner key: 1
    partner MAC address: 00:0f:e2:d8:25:75
    slave: port5
    status: down
    link failure count: 1
    permanent MAC addr: 00:09:0f:88:a0:b7
    actor state: ASAIDD Disabled
    partner state: ASIODD Out of sync and disable
    aggregator ID: 2
    slave: port8
    status: up
    link failure count: 0
    permanent MAC addr: 00:09:0f:88:a0:b8
    actor state: ASAIEE
    partner state: ASAIEE
    aggregator ID: 1
    52 12

    : (010)62960376

    Port5 down,aggregator ID 2, Port8


    ,aggregator ID 1, Port8 , Port5
    ,

    6.
    Technical Note : FortiGate and FortiOS support for 802.3ad (LACP - Link Aggregation) - FAQ
    Link Aggregation how tos
    FortiGate-310B and FortiGate-620B LACP (802.3ad aggregate port) configuration
    Initial troubleshooting steps for LACP (Link Aggregation - 802.3ad) on a FortiGate

    52 12

    : (010)62960376

    You might also like