I'm really struggling here. I've got a pair of Fortigate 1801F firewalls in Active/Passive HA (with Split VDOM) that I'm trying to connect to a Nexus 9504 w/ (2) N9K-X97160YC-EX line cards and I can't get the aggregates online, not reliably anyway.
po11: FG1 port39 (40Gbe) -> Eth1/51 FG1 port40 (40Gbe) -> Eth2/51 po12: FG2 port39 (40Gbe) -> Eth1/52 FG2 port40 (40Gbe) -> Eth2/52 "show port-channel summary" returns this:
11 Po11(SD) Eth LACP Eth1/51(s) Eth2/51(s) 12 Po12(SU) Eth LACP Eth1/52(s) Eth2/52(P) No matter what I do, I can't get more than one port online, it's not always one belonging to the active unit (in the example above, po12 is the standby), and nothing changes during a failover unless I manually bounce the links.
It's worth mentioning I have 10Gbe ports setup for WAN and there are no issues with the aggregates on those.
Cisco Config:
interface port-channel11 description Fortigate 1801F 1 LAN switchport switchport mode trunk spanning-tree port type edge trunk speed 40000 no negotiate auto interface Ethernet1/51 description Fortigate 1801F 1 LAN switchport switchport mode trunk spanning-tree port type edge trunk speed 40000 no negotiate auto channel-group 11 mode active no shutdown interface Ethernet2/51 description Fortigate 1801F 1 LAN switchport switchport mode trunk spanning-tree port type edge trunk speed 40000 no negotiate auto channel-group 11 mode active no shutdown interface port-channel12 description Fortigate 1801F 2 LAN switchport switchport mode trunk spanning-tree port type edge trunk speed 40000 no negotiate auto interface Ethernet1/52 description Fortigate 1801F 2 LAN switchport switchport mode trunk spanning-tree port type edge trunk speed 40000 no negotiate auto channel-group 12 mode active no shutdown interface Ethernet2/52 description Fortigate 1801F 2 LAN switchport switchport mode trunk spanning-tree port type edge trunk speed 40000 no negotiate auto channel-group 12 mode active no shutdown Fortigate Config:
edit "port39" set vdom "FG-traffic" set type physical set mediatype sr4 set role lan set snmp-index 43 set forward-error-correction disable set speed 40000full next edit "port40" set vdom "FG-traffic" set type physical set mediatype sr4 set role lan set snmp-index 44 set forward-error-correction disable set speed 40000full next edit "LAN Agg" set vdom "FG-traffic" set allowaccess ping set type aggregate set member "port39" "port40" set alias "LAN" set device-identification enable set lldp-reception enable set lldp-transmission enable set role lan set snmp-index 48 next Any suggestions on next steps here?
No comments:
Post a Comment