Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Technical Note - FAQ - FortiGate and FortiOS Support For 802

    Hochgeladen von

    mstkaraca
    20 Ansichten3 Seiten
    Technical Note _ FAQ_ FortiGate and FortiOS Support for 802

    Originaltitel

    Technical Note _ FAQ_ FortiGate and FortiOS Support for 802

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Technical Note _ FAQ_ FortiGate and FortiOS Support for 802

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    20 Ansichten3 Seiten

    Technical Note - FAQ - FortiGate and FortiOS Support For 802

    Hochgeladen von

    mstkaraca
    Technical Note _ FAQ_ FortiGate and FortiOS Support for 802

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 3

    30.01.2017 TechnicalNote/FAQ:FortiGateandFortiOSsupportfor802.

    3ad(LACPLinkAggregation)

    TechnicalNote/FAQ:FortiGateandFortiOSsupportfor802.3ad(LACP PrintArticle
    LinkAggregation)

    Article

    Description LinkAggregationonaFortiGateunit

    FortiGateunits,runningFortiOSfirmwareversion4.00MR2,4.00
    Components
    MR3and5.0.x

    Whatislinkaggregation?

    Linkaggregation,otherwiseknownastheIEEE802.3adstandard,
    allowsthegroupingofinterfacesintoalargerbandwidth'trunk'.It
    alsoallowsforhighavailability(HA)byautomaticallyredirecting
    trafficfromafailedlinkinatrunktotheremaininglinksinthat
    trunk.

    Arethereothernamesforlinkaggregation?

    LinkaggregationisalsocalledEthernettrunk,NICteaming,port
    teaming,porttrunking,andNICbonding.

    IslinkaggregationsupportedinFortiOSversions4.00MR2,4.00
    MR3and5.0.x?

    Yes,butnotnecessarilyoneveryFortiGatehardwareplatform.

    HowcanIcheckif802.3adissupportedonmyFortiGateunit?

    Createanewinterface(System>Network>Interface)witha
    typeof802.3adAggregate.Ifthisoptiondoesnotappear,then
    linkaggregationisnotsupportedonyourFortiGateunit.

    WhatisLACP?

    LinkAggregationControlProtocolistheLayer2negotiation
    protocolusedbybothendsoftheaggregatedlinkstoestablishthe
    actuallinks.Theotherendofthelinksiscalledthepeer.

    WhendoIneedtouseLACP?

    IfyouarecreatinganaggregatebetweentwoFortiGateunits,you
    canturnLACPoff(lacpmodestatic).IfyourFortiGateunitis
    connectingtoanonFortiGatedevice,youwillneedLACPenabled
    tonegotiatethelinkconnections.

    Whenisitagoodideatouselinkaggregation?

    Linkaggregationmakessense

    ifyouneedtheredundancyofHA,
    ifyouneed1.18Gigofbandwidth,or
    ifyoucan'tjustifythecostof10Gigequipment.

    WhatdevicesarecompatiblewithFortiGateunitlinkaggregation?

    TheFortiGateunitshouldsupportanydevicethatsupportsthe
    802.3adstandard.Atthistime,almostanymediumsizedswitch
    willsupport802.3ad.

    WhatdevicesarenotcompatiblewithFortiGate802.3adlink
    aggregation?

    Before802.3adsomecompaniesaddedtheirownstandardsto
    theirproductsthesegenerallydonotworkwith802.3ad.For
    exampleCiscoPAgP(PortAggregationProtocol),andAdaptec
    Duralinktrunkingwillnotworkwith802.3ad.

    http://kb.fortinet.com/kb/viewContent.do?externalId=11640 1/3
    30.01.2017 TechnicalNote/FAQ:FortiGateandFortiOSsupportfor802.3ad(LACPLinkAggregation)

    HowmanyinterfacescanIaggregateatonceonaFortiGate?

    The802.3adstandardandFortinetallowamaximumofeight
    interfacestobeaggregated.However,atthistimethenumberof
    physicalinterfacesavailableonFortiGateunitsmaylimitthis
    further.Becauseofthehashalgorithmusedtodistributethetraffic
    inthelink,itisrecommendedtouseeither2,4or8physicalports
    intheaggregate.

    CanIsplitthelinksononeendofthetrunkbetweentwodevices,
    Content saytwoFortiGate500xblades?

    No.Atrunkmustterminateononedevice.Theonepossible
    exceptiontothisisifaFortiGateunithasatrunkofsayfourlinks
    thatconnecttotwoNortelboxes(twolinkseach)thatsharean
    MLT(MultiLinkTrunking)link.Thissetuphasnotbeentestedwith
    FortiGatebutistheoreticallypossible.

    CanIaggregateportsofdifferenttypes,forexampleaGigEand
    three10/100ports?

    TheFortiGateunitwillallowyoutoputportswithadifferentspeed
    inanaggregate.AnaggregatebetweentwoFortiGateunitswilllet
    youmixspeeds(LACPisnotused).IfLACPisbeingused(default
    mode),itisuptothepeerifalltheportswillaggregate
    successfully.NonFortinetvendorsmaynotallowmixingofspeeds.

    Whathappenswhenalinkinatrunkfailsandcomesbackup?

    IfLACPisenabled,whenthelinkcarriersignalisdetectedLACP
    startsnegotiationandifsuccessfulthelinkwillbereintegrated.If
    LACPisnotused,theportwillbemarkedasupandcanbeusedby
    thetrunk.

    Arethererestrictionsonconfiguringatrunk?

    TheFortiGateAdministrationGuidechapteroncreatinginterfaces
    liststherestrictionsforcreatingatrunk.Someofitisincluded
    below.

    Aninterfaceisavailableforaggregationonlyif

    itisaphysicalinterface,notaVLANinterface
    itisnotalreadypartofanaggregatedinterface
    itisinthesameVDOMastheaggregatedinterface
    ithasnodefinedIPaddressandisnotconfiguredforDHCP
    orPPPoE
    ithasnoDHCPserverorrelayconfiguredonit
    itdoesnothaveanyVLANsubinterfaces
    itisnotreferencedinanyfirewallpolicy,VIP,IPPoolor
    multicastpolicy
    itisnotanHAheartbeatinterface
    ifitisaFGT5000backplaneinterface,itmustbevisible

    ArethererestrictionsonwhatIcandoonatrunkonceitis
    configured,useVLANsforexample?

    Youcandoalmostanythingonatrunkinterfacethatyoucando
    onaregularinterface,withtheexceptionslistedabove.This
    includesbeingallowedtoconfigureVLANsonthetrunk.

    Whatlogeventsareassociatedwithlinkaggregation?

    Therearecurrentlynologeventsonlyforlinkaggregation.
    However,sinceaggregatedlinksarevirtualinterfaceslogevents
    relatedtoVLANsshouldapply.

    WhatSNMPtrapsareassociatedwithlinkaggregation?

    SNMPreportsthetrunk'sspeedasthenumberofportsmulitplied
    bythespeedofstaticallyconfiguredportsinthetrunk(ifthereare
    three100M/sports,thetrunkhasareportedspeedof300M/s).
    Thereisnospeedreportingfordynamicallyconfiguredports.There
    http://kb.fortinet.com/kb/viewContent.do?externalId=11640 2/3
    30.01.2017 TechnicalNote/FAQ:FortiGateandFortiOSsupportfor802.3ad(LACPLinkAggregation)

    iscurrentlynodocumentingstandardforthisfeature.Themethod
    CiscousesissimilartotheFortinetmethodofreportingthis
    feature.Apartfromthetrunkspeed,therearenoSNMPtraps
    particulartolinkaggregation.However,sinceitisavirtual
    interfaceitshouldhavetrapssimilartoVLANs.

    RelatedArticles
    LinkAggregationhowtos
    InitialtroubleshootingstepsforLACP(LinkAggregation802.3ad)onaFortiGate

    LastModifiedDate:08152013DocumentID:11640

    http://kb.fortinet.com/kb/viewContent.do?externalId=11640 3/3

    Das könnte Ihnen auch gefallen