Hello all,
I have a issue configuring LACP between cisco 3850 and fortigate 100D.
We have a smaller swtiches from cisco (SG500) and we were able to configure LACP in no time. Because we needed a bit stronger switches we purchased 3850 and now I applied the config to them (2x stacked switches) but it is not working.
Can you please help?
Creation Process_
Fortigate LACP is created rather simple - new interface -> 802.3ad aggregation and port added.
Cisco config is based on:
https://www.experts-exchange.com/questions/29023420/How-to-configure-etherchannel-with-cisco-switch-to-fortinet-firewall.html
and
http://thuongnguyen.net/fortigate-link-aggregration-802-3ad-lacp-with-cisco-switching/
what I saw is that the command "switchport trunk encapsulation dot1q " is not possible anymore. I am not sure if this is why it is not working.
My Current Configuration
interface Port-channel2
switchport trunk allowed vlan 208
switchport mode trunk
interface TenGigabitEthernet1/0/9
switchport trunk allowed vlan 208
switchport mode trunk
channel-protocol lacp <- This line I added after searching for the solution. Not sure if needed.
channel-group 2 mode active
switch(config-if)#do sh lacp neigh
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 1 neighbors
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Channel group 2 neighbors
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Te1/0/9 SA 255 0x3D
Switch #sh spanning-tree vlan 208
VLAN0208
Spanning tree enabled protocol rstp
Root ID Priority 32976
Address a0f8.49cd.5c00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32976 (priority 32768 sys-id-ext 208)
Address a0f8.49cd.5c00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Po2 Desg FWD 4 128.2316 P2p
switch(config-if)#do sh int port-channel 2
Port-channel2 is up, line protocol is up (connected)
Hardware is EtherChannel, address is a0f8.49cd.5c09 (bia a0f8.49cd.5c09)
MTU 9000 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is
input flow-control is off, output flow-control is unsupported
Members in this channel: Te1/0/9
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2850 packets input, 354456 bytes, 0 no buffer
Received 2850 broadcasts (2683 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 2683 multicast, 0 pause input
0 input packets with dribble condition detected
54751 packets output, 4336270 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
switch#sh vlan id 208
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
208 test active Po2
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
208 enet 100208 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Disabled
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
