How To Configure LACP on a FortiGate | With Cisco and UniFi Switches

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hey what's up guys this is g here with kb trainings today i'm going to show you how to configure lacp on the photogate so i have in front of me the fortigate 60e this is a device on which i've made a video already i showed you last time how i configured when one went to an older lan port and i also did lacp and i promised that i will come back with a video on lacp so this is it and i have next to me an old uh cisco switch this is a catalyst 3550 and on top of the cisco catalyst i have the qsw21042s it's a switch from qnap i'll be making a video on this as well uh this is a beautiful switch with two 10 gig ports here and it also has four 2.5 gigabit per second interfaces we'll talk about it later but for now i'm just using it to share my internet connection so right now the photigate is connected to the internet if you take a look at here this is the fortigate dashboard we have internet connectivity through when one and i also have this cable here coming to the switch to share internet connection with my computer here so as you can see it's connected to the internet and with me i also have this macbook here sitting for testing this is going to be the device where we're going to make sure that we have internet access with those lacp links that we are going to configure and i have these two cables these are the cables that we're going to use to connect two of these ports one two to the port one 3 on the switch and one of my posts on instagram says that i'm going to configure lacp on a d-link switch as well i have it right next to me but it was just too much uh on too much things on the table so i just uh set the lacp i mean the d-link aside we're just going to do it on the switch and i'm going to show you how to do it on the unified switch that i have in my network rack so first of all what is lacp lacp means link aggregation configuration protocol it's a natural standard that is used to aggregate links inside a bundle we usually usually it's called the lag a bundle or cisco calls it is a channel so you create an ether channel to have multiple links inside the ether channel for many reasons first of all if you want to increase the bandwidth i'd say increase because it doesn't give you a total bandwidth in a single tunnel like a single link but you just have all those multiple links active at the same time let's say we have two devices here we have this one one gigabyte one gigabyte and let's let's assume these one also are one gig one gig when we connect them we don't get a two gigabyte per second link but instead we have two one gigabyte per second that are active at the same time so first of all you do that to get those two connections or two links active or multiple links active at the same time which means that you are going around spanning tree protocol so spanning tree protocol will treat those links as a single link and will not block any of them you know that if you connect those two links if you have spanning tree configured normally you don't have lacp or any link aggregation spanning tree is going to block one of those links to avoid um a loop so that's why we put it in a bundle ethernet and usually with service provider i work for for service providers usually when you have or when we have like appearing connection with another of our peers and if you don't know what peering is i'm talking about it in my ccna course that is available on kevintrains.com you can go from zero to engineer start or boost your career in the it so when we are appearing for example we are moving massive amount of traffic so usually one or 100 gigabit per second will not be sufficient we need 15 of them in a bundle for example so we have a 1.5 terabit per second going to our peers and that's how it's done so we get 15 uh 100 gigabit per second inside the bundle every vendor has a limit like for the cisco catalyst i know the limit is eight um interfaces that you can have in an ether channel but it depends on the model it depends on on the brand and like the d-link the small d-link it was just able to do four interfaces so today i'm going to show you how to configure adcp on the fortigate and i'll also do some i'll show you some command for troubleshooting as well and at the end of our configuration we'll make sure that the macbook will still be connected even if we remove one of the links inside the the lacp and uh the other one will take over and we can remove the second one and see how it's going to react so right now as i said this is our fortigate i just have internet connectivity here and if i go under network interfaces you can see that we we have this four link uh lacp or link aggregation that is already configured we're not going to take a look at that so we have the internal interface with the interface number seven that i'm using here to connect to the gui and we have everything still available except when one that is now being used for internet and if i'm going to show you how to configure it in a gui and we'll also go in the cli i'll do that there as well so if i go in the cli i can do show interface no no show system interface so you can see all the different interfaces that we have here here we have the wayne one that i currently use and we also have the internal this is the ip that i'm currently using and to check lacp or to see if it's there or even exist we can do diagnose netlink aggregate list this will show us the list of link aggregations that we have for now we have the 40 link that comes by default with the device and it's down anyway so we're going to add our own link aggregation here as i told you for cisco it's called ether channel so i can come here and do show ether channel there's no etherchannel available here i can do show ipnfs brief you can see that we have just two vlan interfaces the vlan 1 and the vlan 35 i did this because the vlan 35 is being used for internet connectivity just like i told you between my main computer that i have um here on which i'm i'm doing the recording so this is my computer and i have the vlan one available that's where the macbook is going to connect to i don't have any other interface or anything else configured i just have these two ports here that are down i'll i'll make sure they're up before we continue okay so that's all we have if i do show vlan brief i just have two vlans as i said the villain one where all the ports are except the port 2033 that is in the vlan 35 and that's it all right so let's get started i'm going to configure lacp on the photigate first of all i'll go under new create new and i'm going to create a new interface i'll give it a name of lacp and the alias can still be lacp what is the type of port we are creating so we are creating an ether channel port so i'm going to select ad 802.380 is the code for um lacp what are the members of these port aggregations i'm going to take the number one and number two what is the role it's still a lan what is the ip on it i'm going to give it 10.001 and the subnet mask of slash 24 what else we can ping it and i also need a gstp server because the macbook needs to get a dhcp from the photogate okay that's it's uh nothing else i'm going to click ok so once i do that we have lacp created here this is our lsp interface and if i go in the cli i do the same command list will show me that i now have a new lacp link aggregation this one here the algorithm l4 means that we are using layer 4 information to balance the traffic across the different links that you have if we see l2 here means that we use the source and the destination ip if it's layer 3 we use layer 3 information we use source and destination ip no no did i say ipv4 and if you have layer 4 so we use layer 4 information ip mac address and uh the port number and the mode here is active the status is down um yep and if i do um diagnose aggregate name lacp it's going to give me some information on our lacp link here we can have the mac address of the internal one internal 2 we can see that it's currently down there's not much to see here i'm going to turn it up and we're going to see what happens but before doing that i also need to make sure that cisco is ready for etherchannel so what i'm going to do is go under the configuration mode and grab the interface fast ethernet 0 1 and the fast ethernet zero slash three i'm doing that because those are the two interfaces that are up here so i won't have a hard time removing the the cables okay so i'm grabbing these two these two links nope nfs range okay i forgot range so what i'm going to do is create a channel group channel group number one mode so we have different modes here by the way lacp as i said is universal it's from ieee so you're going to find it in most devices like a lot of vendors are implementing lacp but cisc also has what is called pac-b or php it's one of their own protocol that you can use between cisco devices and for lac for pac-p as you can see if we use auto or desirable that's for pac-p but here we we're going to use lcp so i'm going to use active and active means that your device will be also initiating the connection or initiating the negotiation for lacp you will not just wait if you put it in passive it will wait for the other device to initiate so i will do active here and uh yeah that's it so poor channel number one is created if i do show ip interface brief you can see that i now have the port channel number one it's here and it's up oh i also need to tune on those ports okay i need to do no shots here good all right so now i think i'm ready to connect the [Music] fortigate to the switch so i do port one connected to port 1 on the switch and then we have the port 2 connected to port 2. oh no port 3. you're going to see that both 1 and 2 are now active that's good and if you look at the switch it's blinking right now one and three none of them is blocked both of them are active if we also look at the photigate one and two are blinking and everything is fine i just posted a video on instagram i even put it as a story on youtube explaining why this one is amber instead of of green because we're running at 100 megabit per second uh if you don't follow me on instagram you better do that because i share a lot of things there a lot of behind the scene and things like that all right so quickly this is how you activate link aggregation on unifi switch here i have my main switch once i click on it i go on settings and let's say for example i want to aggregate the port number 21 and number 22. what i'm going to do is click on the port number 21 come down here where it says port profile override and change the operations from switching to aggregate once i do that it's asking me what port i want to aggregate with and i'm going to select the port 22 and as soon as i click apply it's going to bundle the port 21 and 22. this is our macbook that we're going to connect to the switch let me connect it and we should have an ip address over here let's see okay the macbook is connected let's wait for it to grab an ip all right so the macbook has an ip so um we still don't have access to the internet because i haven't configured the firewall policy in the forget yet so what i'm going to do is go under policy and objects and select firewall policy i'm going to create a new policy for lacp for the the link that were created i'm going to name it lacp to internet and um incoming interface is going to be lacp outgoing interface it will be one interface source i'll just take all destination all service all um i think that's it so as soon as i do that and hit okay the macbook should now see the light of the internet so it's running fine now so we're going to test to see if unplugging one of these links will drop the connection so if i unplug the number three on the switch the device doesn't even care the sessions are still going because the other link or the second link is taking over if the session was on here so i'm going to plug it back and i will wait for it to come fully up and then i'm going to disconnect the second one to see if there is any change in the pings that we have here as well so let me unplug the second one here the macbook is still pinging without any problem so the sessions are balanced and if we had many computers here those sessions would be balanced across those different links depending on the algorithm that i showed you it's either taking the layer 2 layer 3 or layer 4 information alright guys thank you so much for watching if you have any question leave it in a comment i'd be glad to respond and if you like the video please like it on youtube and subscribe to the channel for more project like this don't forget to follow me on facebook instagram and twitter take care and bye

Info

Channel: KBTrainings

Views: 17,253

Rating: undefined out of 5

Keywords: lacp, link aggregation configuration protocol, fortigate, fortios, fortinet, fortigate 60e, configuration step by step, ccna, ccnp, ccie, nse, nse1, nse2, nse3, nse4, cisco, pagp, lacp configuration

Id: 9Po54nRgmN4

Channel Id: undefined

Length: 15min 13sec (913 seconds)

Published: Wed Mar 16 2022