Link aggregation (IEEE 802.3ad) enables you to bind two or more physical interfaces together to form an aggregated (combined) link. This new link has the bandwidth of all the links combined. If a link in the group fails, traffic is transferred automatically to the remaining interfaces with the only noticeable effect being a reduced bandwidth.
This is similar to redundant interfaces with the major difference being that a redundant interface group only uses one link at a time, where an aggregate link group uses the total bandwidth of the functioning links in the group, up to eight (or more).
Support of the IEEE standard 802.3ad for link aggregation is available on some models. An interface is available to be an aggregate interface if:
- it is a physical interface, not a VLAN interface or subinterface
- it is not already part of an aggregate or redundant interface
- it is in the same VDOM as the aggregated interface. Aggregate ports cannot span multiple VDOMs.
- it does not have an IP address and is not configured for DHCP or PPPoE l it is not referenced in any security policy, VIP, IP Pool or multicast policy l it is not an HA heartbeat interface
- it is not one of the FortiGate-5000 series backplane interfaces
Some models of FortiGate units do not support aggregate interfaces. In this case, the aggregate option is not an option in the web-based manager or CLI. As well, you cannot create aggregate interfaces from the interfaces in a switch port.
To see if a port is being used or has other dependencies, use the following diagnose command:
diagnose sys checkused system.interface.name <interface_name>
When an interface is included in an aggregate interface, it is not listed on the System > Network > Interface page. Interfaces will still appear in the CLI, although configuration for those interfaces will not take affect. You cannot configure the interface individually and it is not available for inclusion in security policies, VIPs, IP pools, or routing.
This example creates an aggregate interface on a FortiGate-3810A using ports 4-6 with an internal IP address of 10.13.101.100, as well as the administrative access to HTTPS and SSH.
To create an aggregate interface – web-based manager
1. Go to System > Network > Interface and select Create New.
2. Enter the Name as Aggregate.
3. For the Type, select 802.3ad Aggregate.
If this option does not appear, your FortiGate unit does not support aggregate interfaces.
4. In the Available Interfaces list, select port 4, 5 and 6 and move it to the Selected Interfaces list.
5. Select the Addressing Mode of Manual.
6. Enter the IP address for the port of 10.13.101.100/24.
7. For Administrative Access select HTTPS and SSH.
8. Select OK.
To create aggregate interface – CLI
config system interface edit Aggregate
set type aggregate
set member port4 port5 port6 set vdom root
set ip 172.20.120.100/24 set allowaccess https ssh
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos