Fortigate 7 修改 802.3ad Aggregate LACP 鏈路聚合協定模式

Fortigate 防火牆的 802.3ad Aggregate LACP 鏈路聚合有時候需要配合後端設備進行模式的調整，但是 GUI 僅提供 LACP 主動模式，如果需要 LACP 被動模式或者靜態聚合模式，則需要進入 CLI 進行調整，請依本文說明操作。

環境：

Fortigate 101F，韌體 v7.2.11，聚合名稱：LAN-LAG。

登入 CLI 後開始操作：

檢查 LACP 設定：

FG101F # diagnose netlink aggregate name "LAN-LAG"

LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)

(A|P) - LACP mode is Active or Passive

(S|F) - LACP speed is Slow or Fast

(A|I) - Aggregatable or Individual

(I|O) - Port In sync or Out of sync

(E|D) - Frame collection is Enabled or Disabled

(E|D) - Frame distribution is Enabled or Disabled

status: down

npu: y

flush: n

asic helper: y

oid: 81

ports: 2

link-up-delay: 50ms

min-links: 1

ha: master

distribution algorithm: L4

LACP mode: active

LACP speed: slow

LACP HA: enable

aggregator ID: 1

actor key: 17

actor MAC address: e0:23:ff:xx:xx:xx

partner key: 1

partner MAC address: 00:00:00:00:00:00

member: port11

  index: 0

  link status: up

  link failure count: 0

  permanent MAC addr: e0:23:ff:xx:xx:xx

  LACP state: negotiating

  actor state: ASAODD

  actor port number/key/priority: 1 17 255

  partner state: ASIODD

  partner port number/key/priority: 1 1 255

  partner system: 65472 00:00:00:00:00:00

  aggregator ID: 2

  speed/duplex: 1000 1

  RX state: DEFAULTED 5

  MUX state: WAITING 2

member: port12

  index: 1

  link status: up

  link failure count: 0

  permanent MAC addr: e0:23:ff:xx:xx:xx

  LACP state: negotiating

  actor state: ASAIDD

  actor port number/key/priority: 2 17 255

  partner state: ASIODD

  partner port number/key/priority: 1 1 255

  partner system: 65472 00:00:00:00:00:00

  aggregator ID: 1

  speed/duplex: 1000 1

  RX state: DEFAULTED 5

  MUX state: ATTACHED 3

進入設定系統介面

FG101F # config system interface

編輯 LAN-LAG 介面埠

FG101F (interface) # edit LAN-LAG

顯示 LACP 設定

FG101F (LAN-LAG) # show full | grep lacp

        set lacp-mode active

        set lacp-ha-secondary enable

        set lacp-speed slow

顯示 LACP 模式指令

FG101F (LAN-LAG) # set lacp-mode ?

static     Use static aggregation, do not send and ignore any LACP messages.

passive    Passively use LACP to negotiate 802.3ad aggregation.

active     Actively use LACP to negotiate 802.3ad aggregation.

設定為靜態模式

FG101F (LAN-LAG) # set lacp-mode static

設定為被動模式

FG101F (LAN-LAG) # set lacp-mode passive

設定為主動模式

FG101F (LAN-LAG) # set lacp-mode active

結束設定

FG101F (LAN-LAG) # end

透過以上設定就可以完成 Fortigate 802.3ad Aggregate LACP 鏈路聚合協定模式的變更。