LAG interface status signals to peer device
FortiGate can signal LAG (link aggregate group) interface status to the peer device. If the number of available links in the LAG on the FortiGate falls below the configured minimum number of links (min-links
), the LAG interface goes down on both the FortiGate and the peer device.
When the minimum number of links is satisfied again, the LAG interface automatically resumes operation on both the FortiGate and the peer device. While the LAG interface is down, interface members are in the Link Aggregation Control Protocol (LACP) MUX state of Waiting.
Example
In this example, the LAG interface is configured on FGT_A and peered with FGT_B.
To verify the configuration:
-
On FGT_A, check the minimum number of links for the LAG interface named test_agg1.
In the following example,
set min-links 1
indicates that a minimum of one alive interface member is required to keep the LAG interface up.# show config system interface edit "test_agg1" set vdom "vdom1" set ip 11.1.1.1 255.255.255.0 set allowaccess ping https set type aggregate set member "port7" "port8" "port9" set device-identification enable set lldp-transmission enable set role lan set snmp-index 41 set min-links 1 next end
-
Change the status of port9 to down.
Config system interface edit port9 set status down end
-
On FGT_A, test the LAG interface named test_agg1.
The status is up for test_agg1 interface because two interface members (port7 and port8) are up, and only one interface member (port9) is down.
# diagnose netlink aggregate name test_agg1 LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D) (A|P) - LACP mode is Active or Passive (S|F) - LACP speed is Slow or Fast (A|I) - Aggregatable or Individual (I|O) - Port In sync or Out of sync (E|D) - Frame collection is Enabled or Disabled (E|D) - Frame distribution is Enabled or Disabled status: up npu: y flush: n asic helper: y oid: 72 ports: 3 link-up-delay: 50ms min-links: 1 ha: master distribution algorithm: L4 LACP mode: active LACP speed: slow LACP HA: enable aggregator ID: 1 actor key: 17 actor MAC address: d4:76:a0:01:e0:44 partner key: 17 partner MAC address: d4:76:a0:01:e8:1e member: port7 index: 0 link status: up link failure count: 1 permanent MAC addr: d4:76:a0:01:e0:44 LACP state: established actor state: ASAIEE actor port number/key/priority: 1 17 255 partner state: ASAIEE partner port number/key/priority: 1 17 255 partner system: 1 d4:76:a0:01:e8:1e aggregator ID: 1 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4 member: port8 index: 1 link status: up link failure count: 2 permanent MAC addr: d4:76:a0:01:e0:45 LACP state: established actor state: ASAIEE actor port number/key/priority: 2 17 255 partner state: ASAIEE partner port number/key/priority: 2 17 255 partner system: 1 d4:76:a0:01:e8:1e aggregator ID: 1 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: COLLECTING_DISTRIBUTING 4 member: port9 index: 2 link status: down link failure count: 0 permanent MAC addr: d4:76:a0:01:e0:46
-
On FGT_A, change the minimum number of links to 3.
config system interface edit "test_agg1" set vdom "vdom1" set ip 11.1.1.1 255.255.255.0 set allowaccess ping https set type aggregate set member "port7" "port8" "port9" set device-identification enable set lldp-transmission enable set role lan set snmp-index 41 set min-links 3 next end
-
On FGT_A, check the LAG interface named test_agg1:
The status is down for test_agg1 interface because only two of the three required interface members are up. Interface members port7 and port8 are up, but interface member port9 is down.
# diagnose netlink aggregate name agg1 LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D) (A|P) - LACP mode is Active or Passive (S|F) - LACP speed is Slow or Fast (A|I) - Aggregatable or Individual (I|O) - Port In sync or Out of sync (E|D) - Frame collection is Enabled or Disabled (E|D) - Frame distribution is Enabled or Disabled status: down npu: y flush: n asic helper: y oid: 230 ports: 3 link-up-delay: 50ms min-links: 3 ha: master distribution algorithm: L4 LACP mode: active LACP speed: slow LACP HA: enable aggregator ID: 1 actor key: 17 actor MAC address: e8:1c:ba:b3:d0:df partner key: 17 partner MAC address: e8:1c:ba:df:a0:ba member: port7 index: 0 link status: up link failure count: 1 permanent MAC addr: e8:1c:ba:b3:d0:df LACP state: negotiating actor state: ASAODD actor port number/key/priority: 1 17 255 partner state: ASAIDD partner port number/key/priority: 1 17 255 partner system: 61440 e8:1c:ba:df:a0:ba aggregator ID: 1 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: WAITING 2 member: port8 index: 1 link status: up link failure count: 1 permanent MAC addr: e8:1c:ba:b3:d0:e0 LACP state: negotiating actor state: ASAODD actor port number/key/priority: 2 17 255 partner state: ASAIDD partner port number/key/priority: 65 17 255 partner system: 61440 e8:1c:ba:df:a0:ba aggregator ID: 1 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: WAITING 2 member: port9 index: 2 link status: down link failure count: 0 permanent MAC addr: e8:1c:ba:b3:d0:ed
-
On the peer FortiGate (FGT_B), check the LAG interface status.
The status is down for test_agg2 interface due to FortiGate's ability to signal LAG interface status to the peer device. While interface members port7 and port8 are up, interface member port9 is down.
# diagnose netlink aggregate name test-agg2 LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D) (A|P) - LACP mode is Active or Passive (S|F) - LACP speed is Slow or Fast (A|I) - Aggregatable or Individual (I|O) - Port In sync or Out of sync (E|D) - Frame collection is Enabled or Disabled (E|D) - Frame distribution is Enabled or Disabled status: down npu: y flush: n asic helper: y oid: 72 ports: 3 link-up-delay: 50ms min-links: 1 ha: master distribution algorithm: L4 LACP mode: active LACP speed: slow LACP HA: enable aggregator ID: 1 actor key: 17 actor MAC address: d4:76:a0:01:e8:1e partner key: 17 partner MAC address: d4:76:a0:01:e0:44 member: port7 index: 0 link status: up link failure count: 1 permanent MAC addr: d4:76:a0:01:e8:1e LACP state: negotiating actor state: ASAIDD actor port number/key/priority: 1 17 255 partner state: ASAODD partner port number/key/priority: 1 17 255 partner system: 44237 d4:76:a0:01:e0:44 aggregator ID: 1 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: ATTACHED 3 member: port8 index: 1 link status: up link failure count: 1 permanent MAC addr: d4:76:a0:01:e8:1f LACP state: negotiating actor state: ASAIDD actor port number/key/priority: 2 17 255 partner state: ASAODD partner port number/key/priority: 2 17 255 partner system: 44237 d4:76:a0:01:e0:44 aggregator ID: 1 speed/duplex: 1000 1 RX state: CURRENT 6 MUX state: ATTACHED 3 member: port9 index: 2 link status: down link failure count: 0 permanent MAC addr: d4:76:a0:01:e8:20