- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Create Link Aggregation (802.3ad)
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Create Link Aggregation (802.3ad)
Hi Forum,
I want to create a new Interface on my 240D using Link Aggregation.
The Fortigate want's me to assign an IP-Address to the Interface. But why? "Normal" Ports are just assigned to my default Network and this is want I wan't to do withe the new Link aggregation Interface, too.
I think I have a problem in understanding how the fortigate is using link aggregation interfaces. The manual wasn't very helpful. Maybe one of you can explain to me how to aggregate pysical Ports and add them to my network.
Thank you and best regards,
Kai
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
as the FGT in "Routing/NAT" mode is a router it expects non-identical networks at each port. So, like with any other physical port, you assign an address to a LACP port.
As LACP is on Layer 2 it doesn't really need IP addresses on each end. The ultimate use of a port will be to connect the FGT to a network. For that, it needs an IP address.
Try creating other ports, i.e. VLAN ports. You can't get away with NOT assigning an address to it.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
agreed here's what we do ( tag over LAG bundle )
config system interface edit "etherLAG01 set vdom "root" set type aggregate set member "port1" "port2" set snmp-index 413 next edit "LAN012" set vdom "root"
set type vlan set ip 10.1.12.1 255.255.255.0 set allowaccess ping https ssh set snmp-index 672 set interface "etherLAG01" set vlanid 12 next edit "LAN013" set vdom "root"
set type vlan set ip 10.1.13.1 255.255.255.0 set allowaccess ping https ssh set snmp-index 673 set interface "etherLAG01" set vlanid 13 next end
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is how we put multiple vlans on an aggregate interface on a 1500D under multi-vdom environment. May not apply to your environment though.
config system interface
edit "CISCO-MPLS" set vdom "root" set vlanforward enable set type aggregate set member "port3" "port4" set snmp-index 50 next edit "port3" set vdom "root" set type physical set snmp-index 5 set speed 1000full next edit "port4" set vdom "root" set type physical set snmp-index 6 set speed 1000full next
edit "v3004aaaa" set vdom "aaaa" set ip x.x.x.x 255.255.255.252 set allowaccess ping https ssh capwap set vlanforward enable set snmp-index 102 set interface "CISCOPath" set vlanid 3004 next edit "v3005bbbb" set vdom "bbbb" set ip x.x.x.x 255.255.255.252 set allowaccess ping https ssh set vlanforward enable set snmp-index 82 set interface "CISCO-MPLS" set vlanid 3005 next <and many more vlans> end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ede_pfau wrote:as the FGT in "Routing/NAT" mode is a router it expects non-identical networks at each port. So, like with any other physical port, you assign an address to a LACP port.
As LACP is on Layer 2 it doesn't really need IP addresses on each end. The ultimate use of a port will be to connect the FGT to a network. For that, it needs an IP address.
Try creating other ports, i.e. VLAN ports. You can't get away with NOT assigning an address to it.
In the Web-GUI interface IP-address field the string "0.0.0.0/0" is a place-holder for "no ip address". If you want to remove an IP address from an interface, simply enter this string.
Any interface with "0.0.0.0/0" in the GUI as the IP-address will have no IP address assigned. (CLI config is clearer this way, you won't see any "set ip-address ..." in the CLI).
JPM
JPM
Related Posts
- FortiGate/FortiSwitch VLANs 356 Views
- LAG FortiSwitch to Fortiswitch 561 Views
- Setting up FortiAP 431F with FortiSwitch... 437 Views
- Fortigate Network Setup/Design Question 535 Views
- Unable to create Aggregate Interface 3280 Views
Labels
-
FortiGate
6,511 -
FortiClient
1,300 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiGateCloud
87 -
FortiSIEM
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.