Cisco fortigate lacp. interface eth 1/48(for keep alive) .
Cisco fortigate lacp Interfaces still appear in the CLI although configuration This setup has 2 x Fortigate 100Ds (FG1, FG2) and 2 x Cisco 2960X switches (SW1, SW2) will be added as expansion because Fortigates ran out of free switch ports. This is because interfaces on passive device are not active and fortigate uses a virtual mac address that is managed by active member. Created aggrate interface port3 & port 4. by HaiNguyen -IT | 06/01/2023 | Lượt xem: 6986. The LACP link comes up but the VLAN communication does not work. The RV320 has 4 sub-interfaces tagged with their respective VLANs: - x. Here is the configuration on the Fortigate: oh here is the LACP diags on the Cisco, not sure how to do the same for Fortigate SW1#sh lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode. Cisco Switch . After checking this new issue, looks like nothing on the Cisco 3750 switch can talk to the FortiGate firewall 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. NOTE: Clear lacp counters to get accurate statistics I am setting up a 2 ethernet trunk between a Cisco switch and Fortinet 100E firewall. 6, I've currently got 2 1G ports linked in a LACP aggregate team to a Cisco switch. Apart from the trunk speed If you configure LACP on FortiGate you have to consider a point. We have two firewall and we have 4 leaves (2 per site) in the topology. 1 (vlan10), x. On switch 2 both ports come up fine (P/P) but on switch 1 I get (P/s) Hi, As you are creating layer 3 LACP on Fortigate which is untagged, you should configure "switchport mode access" at Cisco side. Learn how to configure Link Aggregation Control Protocol (LACP) on FortiGate and Cisco switches in this video tutorial. So far the below is working (i can ping from Cisco 192. I also show how to configure LACP on a UniFi switch. For some reason, the Cisco switches are showing the WAN2 ports on 4 of the pairs as not sending LACP traffic. Since the FortiGate is in HA the same config will get synced with Here is the full configuration road map at FortiGate FW and cisco switch. edit "LAN" set vdom "root" set allowaccess ping set type aggregate set member "port2" "port3" set role lan set snmp-index 12 set lacp-mode static Cisco Switch interface Ethernet0/2 switchport trunk encapsulation En este lab realizamos una configuración de LACP (Link Aggregation), entre un FortiGate físico y un Switch Cisco. I currently have etherchannel configured to 2x 10g ports. 3ad aggregate connected to Cisco 3850 switches. Each device is connected with LACP on 2 Nexus in VPC (3524-10GX). It's slower to failover though as the standby then needs to start up its LACP negotiation, the recommended design is a LAG per FG The cluster includes two FortiGate-5000 chassis. CatOS on the Supervisor Engine and Cisco IOS Software on the MSFC (Hybrid): a CatOS image can be used as the system software to run the Supervisor Engine on Catalyst 6500/6000 switches. at that time connectity lost between fortigate firewall and cisco switches Hello teams, we have a cluster of Fortigate. FortiGate Site: FGT1 (LACP-CORE) # show config system interface edit "LACP-CORE" set vdom "root" set type aggregate set I'm trying to create a LAG between a virtual fortigate appliance and two 3650 cisco switches. If you do the setup as your design, oh here is the LACP diags on the Cisco, not sure how to do the same for Fortigate SW1#sh lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode. It might re-establish a new LACP neighboring with FG2 when FG1 goes down in your set up. 2 HA active/passive configured as follows in over 10 physical locations: Fortinet WAN1 and WAN2 ports in 802. 2. It didn't load share! Hello, I would like to know if some of you have a recommendation for a configuration between a Cisco switch port-channel and a Fortigate Agg FortiOS5 On my Cisco configuration I' ve used this for the physical interfaces channel-group 1 mode active switchport nonegotiate On the Fortigate I have edit " Agg1" set vdom " root" set type aggregate set Hi guys, i have an extrange issue with some port channels on my cisco 9300 series (stack with 4 members). To support We've connected my customer's 1500D cluster cross-wise to a HPE switch stack, using 2x 2port LACP trunks. I am having issues with an LACP port channel coming up on the Fortigate VM and Cisco switch in GNS3. So i need to connect a FW in each site. Config onFortigate. I have Fortigate 200E and 100D pairs running 5. It is also enough to unplug one cable from the LACP for there to be a failure. The LACP interface configured directly with an IP address (no vlans) and is linked to a number of address and policy elements. The 2 lines in a LACP trunk terminate on 2 different chassis in the stack. Kiểm tra cấu hình. edit "LAN" set vdom "root" set allowaccess ping set type aggregate set member "port2" "port3" set role lan set snmp-index 12 set lacp-mode static . I also show how to configure LACP on a UniFi switc We have a Cisco 6807-XL that has four 1gb fiber connections to a Fortigate firewall that is not coming up. Difference Between CatOS and Cisco IOS System Software. feature lacp. LACP is a standard protocol (802. In contrast I´ve applied this topology using only one Fortigate and the redundancy is obtained (check the second topology). So each chassis has two LACP groups. Initial troubleshooting steps for LACP (Link Aggregation - 802. conf t. The LACP link comes up but This instruction describes the configuration of a LACP Port-Channel between FortiSwitch and Cisco managed by a FortiGate As you are creating layer 3 LACP on Fortigate which is untagged, you should configure "switchport mode access" at Cisco side. HA with 802. I noticed that etherchannel haves different aggregator ID on Fortigate and act as secondary aggregator also on Cisco (6509E). LACP fortigate - Cisco switch I have configured LACP link (2 port) on Cisco 3560 and FG310B, everything seem be fine, but when I put traffic on this LACP link, traffic just rided on one physical link, when I shutdown one port of LACP, traffic switch to another. 0 set allowaccess ping set type aggregate set member "port2" "port3" set device-identification enable Hello, I would like to know if some of you have a recommendation for a configuration between a Cisco switch port-channel and a Fortigate Agg FortiOS5 On my Cisco configuration I' ve used this for the physical interfaces channel-group 1 mode active switchport nonegotiate On the Fortigate I have edit " Agg1" set vdom " root" set type aggregate set Hello, I would like to know if some of you have a recommendation for a configuration between a Cisco switch port-channel and a Fortigate Agg FortiOS5 On my Cisco configuration I' ve used this for the physical interfaces channel-group 1 mode active switchport nonegotiate On the Fortigate I have edit " Agg1" set vdom " root" set type aggregate set 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. My configuration works correctly singularly however, when i try and aggregate the ports, i get the following LACP Gi0/1(P) EDGE1# Number of channel-groups in use: 1 Number of aggregators: 1 FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. 1 onwards, lacp-ha-slave has been replaced with lacp-ha-secondary. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast oh here is the LACP diags on the Cisco, not sure how to do the same for Fortigate SW1#sh lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode. On the other side, they are connected with LACP on 1 Catalyst C4500. 3ad standard and enables Cisco switches to manage Ethernet channels between switches that conform to the standard. This works so far except for LACP. But I do not get the aggregation online. We have a smaller swtiches from cisco (SG500) and we were able to configure LACP in no time. Para pasar tráfico de multiples VLANs, y pr 1st nice layout diagram , a picture says a thousand words What I would do and have done this in the setup you provided, enable ospf on all layer3 interfaces of the 3750 config t router ospf 10 network 0. Hello everyone! I have seen some forums about that, but im not clear about de topology when i have 2 FW in active/standby. I am working with support and Cisco support, but I wanted to ask if others have gotten this working. Set to Active LACP to actively use LACP to negotiate 802. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast Both the physical interfaces and the aggregate interface are showing as up on the Fortigate but the Cisco side is showing the etherchannel and physical ports as not connected. Connec For the mode, select Static, LACP Active, LACP Passive, or Fortinet Trunk. 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. Channel group 1 neighbors. This joint solution streamlines traffic to supported FortiGate appliances and assigns security policies on command for data center workloads. Note: For version 7. In some heavy network traffic days ( three times in six months ) Both of two LACP links to Cisco NX gets blocked. I have a port channel (4 interfaces) betwenn a Cisco and a Fortinet D500 (firewall) and the issues is this: when i have the four interfaces connected working fine with the port channel up and i unplug one of the interfaces to test the resiliency and connecti this Hi, As you are creating layer 3 LACP on Fortigate which is untagged, you should configure "switchport mode access" at Cisco side. LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key has anyone build a setup where you can transport LACP transparent over a FortiGate? Our Setup is that the FortiGate will be installed between two Cisco devices which have configured LACP. Configuring FortiGate LAN extension the GUI 7. 1 (default), x. When we force the mode ON on both sides of the port-channel it works and we have connectivity but as soon as we change the mode to LACP (channel-group 1 mode active) it doe Hi Everyone, We have two nexus 9K switches need to connect to FORTIGATE Firewall (HA-Active and standby). 4. LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key Fortigate and Cisco switch LACP not working Hi! I am testing topology where fortigate connected to switch. You have to have two GigE connections go in both FG1 and FT2 to do regular LACP. 10. LACP facilitates the Note: By default, when an LACP channel is configured, the LACP channel mode is passive. Simple misunderstanding that caught me up too: So on the Fortinet side, you need to specify a the matching native/untagged ("Native") VLAN for the LACP LAG/Channel for your Layer3 interface. Each node in FG Cluster configured with their own ether channel. It's a pretty basic LACP config on the Cisco side that I have done with other Cisco switches and Palo Alto firewalls and never had an issue with before. Add the required ports to the Included list. I am new to Cisco nexus switch and as of now i have simple question for connection with layer 2 uplink (firewall): our Scenario is we have two c9000 series and we have two fortigate. This way, one switch could fail without forcing the FGT to fail over, just reducing bandwidth. Solved: Hi I have a Cisco Nexus 7000 dual homed to a pair of Hello, We have a Fortigate 1100 connected to a Cisco NX-3548 with 2 LACP links for WAN internet access . Do you have the available interfaces on the FortiGate to configure as second LACP Group? 1 to Cisco, 1 to Aruba? Even if you had to pull away some of your redundant interfaces to create a second LACP Group for the duration of the migration. There are 2 sites, but connected directly by a pair of fibers. Scope FortiGate in HA. We have almost 30 plus VLANs configured in new switches. R 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. I connect it to a Cisco switch and test. From the admin desk In this video I show you how I configure LACP on a FortiGate 60E. 1): I would recommend against changing the native VLAN as doing otherwise can hit a number of Cisco LACP bugs that result in LACP PDUs being tagged LACP fortigate - Cisco switch I have configured LACP link (2 port) on Cisco 3560 and FG310B, everything seem be fine, but when I put traffic on this LACP link, traffic just rided on one physical link, when I shutdown one port of LACP, traffic switch to another. The FortiSwitch unit supports LACP in active and passive modes. It's a For the mode, select Static, LACP Active, LACP Passive, or Fortinet Trunk. Both nodes set as passive will not work and having static it's Hi, I am trying to setup a LAG between a Fortigate 1200D cluster and a two Cisco Nexus switches. EDGE1 EDGE2 \ / \ / \ / Fortigate . But when custoemer reboot firewall device one of cisco port went to supspend state after reset this port will be in Present mode. The aggregate link is comprised of the primary's de 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. The method Cisco uses is similar to the Fortinet method of reporting this feature. diag netlink interface list to-Cisco. Then when FG1 goes down the SW1 can failover the 2Gig to FG2. I am thinking that LACP flapping occurs. The stack acts just like one single switch, even for LACP trunks. Trying to get a trunk built between a Cisco Catalyst switch and a Forigate 100F using two 10G links in an LCAP link-aggregation configuration. Topology is as below: (VLAN A, B) FG1 <== HA1 Port (Trunks VLANs A, B) ==> FG2 (VLAN A, B) Hosts on FG1's switch ports are able to access to hosts on FG2's switch ports. It didn't load share! How to Setup Link #Aggregation LACP on #FortiGate #Firewall v7. In this mode, no control messages are sent, and received control messages are ignored. If I want connect new nexus switches to fortigates, do i need to use access port or trunk port. Tiếp theo ta tiến hành bước kiểm tra. there is no clear information available on how to do this. On the Nexus, we have ESX servers, 3 on side A, 2 on side B, connected on etherchannel with vpc. Set to Passive LACP to passively use LACP to negotiate 802. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast Như vậy là chúng ta đã cấu hình xong LACP trên cả firewall Fortigate và switch Cisco. Don't put the ports of both FortiGate units in one LACP group on the switch. then assigned these port to subinterface. LACP configuration on FortiGate Side: set member "x2" "x1" --> Here it is selected X1, X2 port to be part of LAG. If the optional IPSec VPN between a FortiGate and a Cisco ASA with multiple subnets Remote access FortiGate as dialup client It is not one of the FortiGate-5000 series backplane interfaces. When an interface is included in an aggregate interface, it is not listed on the Network > Interfaces page. FGT100D-HA1 (root) # diag n Learn how to configure Link Aggregation Control Protocol (LACP) on FortiGate and Cisco switches in this video tutorial. In active I'm trying to LACP trunk a pair of Nexus3000 C3064PQ Chassis running 7. FortiGate Aggregate Config. Kết quả trả về Po1 hiển thị SU là đã kết nối link LACP thành công. interface Port-channel 30 switchport access vlan x switchport mode access interface GigabitEthernet1/0/12 switchport trunk allowed vlan x switchport mode access channel-group 30 mode active 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. If your FortiGate unit is connecting to a non-FortiGate device, you will need LACP enabled to negotiate the link connections. interface Port-channel 30 switchport access vlan x switchport mode access interface GigabitEthernet1/0/12 switchport trunk allowed vlan x switchport mode access cha You can not configure LACP on Cisco with 2 different Fortigate devices. 1 (vlan 20), x. 1 (vlan 30) The Cisco core switch has virtual interfaces for each VLAN: Cấu hình LACP giữa Fortigate và Switch Cisco. 2. 20. When it comes to LACP, each unit must have its own LACP bundle on the switch. The FortiGate Connector for Cisco ACI is a device package that contains XML metadata describing Fortinet’s security services and can be easily uploaded to the Cisco APIC controller. Can you please help in this case. 1. I am trying to setup a LACP connection from 2 clustered Fortigate 201F FW to two stacked Cisco 9300x24Y switches via (4) 10 Gb SFP+ direct attach data storage cables as seen below. 0. You should add them to two different groups. Set to Static for static aggregation. Here is an example of one Port: Here, you've told the Cisco LACP/Switchport trunk to transmit VLAN#10 as untagged on that LACP Trunk. during a firmware update, the LACP port to the Cisco switch goes offline for 1 min or longer. Using the CLI: config switch trunk. Kiểm tra trên switch Cisco, ta sử dụng câu lệnh show etherchannel summary. 6. whenever the FortiGate makes a failover, e. Both nodes set as passive will not work and having static it's 以下のようなネットワーク構成を考えます。FortiGate の internal1 と internal2 は内部側のスイッチ(Cisco Catalyst)と物理接続されています。FortiGate とスイッチの間でこの2リンクを使用してリンクアグリゲーション the behavior of LACP in an HA cluster. It didn't load share! By Roel van Wanrooy 13/09/2019 #fortinet, #fortigate, #fortiswitch, #lacp, #port-channel, #cisco configure a LACP Port-Channel between FortiSwitch and Cisco Switch I recently had to configure a LACP port-channel between two FortiSwitches and a stack of two Cisco switches. I'm fairly new to FortiGate and I'm in the process of configuring an 80F to replace a Cisco RV320 router. 3ad aggregate interfaces 'Link aggregation, HA failover performance, and HA mode'. 3ad) - you should not have any issues building those 1:1 links. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast It's not mandatory to match but it should work with both nodes being active (maybe Cisco doesn't like the Fortinet LACP PDU), anyway having one side configured as active does the job fully since it still puts the problematic port immediately down and not cause any packet drops. I swear I've used this same configuration in the past and it worked, but it isn't working now. Solution The scenario is described as follows: An aggregate link (LACP) is configured on both devices acting one as Primary and the other one as Secondary (Active - Passive mode). To create a link aggregation interface in the GUI: Go to It's not mandatory to match but it should work with both nodes being active (maybe Cisco doesn't like the Fortinet LACP PDU), anyway having one side configured as active does the job fully since it still puts the problematic port immediately down and not cause any packet drops. On the Nexus 7000 switches this is enabled by default and so an I port will become suspended. 255. x. I configured both side active -active LACP after that its working perfect . 5 with Cisco Switchmore For LAG control, the FortiSwitch unit supports the industry-standard Link Aggregation Control Protocol (LACP). if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast LACP support on entry-level E-series devices 6. edit <trunk name> set aggregator-mode {bandwidth | count} set description <description_string> set members <ports> Link aggregation uses the standard LACP protocol which (even) Cisco supports. 6(1)SN and Later Releases -Configuring Link Aggregation Control Protocol (LACP) LACP is defined in IEEE 802. If you have multiple VLANs span on FortiGate, you should modify the FortiGate's interface In this video I show you how I configure LACP on a FortiGate 60E. How to Setup Link #Aggregation LACP on #FortiGate #Firewall v7. 3ad aggregation. If you configure LACP on FortiGate you have to consider a point. Link Aggregation Control Protocol (LACP) is now supported on FortiGate and FortiWiFi 90E, 80E, 60E, 50E, and 30E devices. Fortinet-201F-Primary (CORE-UPLINK) # show Hi! I am testing topology where fortigate connected to switch. interface eth 1/48(for keep alive) fortigate uses channel group between all the ports (single channel group oh here is the LACP diags on the Cisco, not sure how to do the same for Fortigate SW1#sh lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode. If you do the setup as your design, FortiGate will detect different switches on the ports, and one of the ports will work and the other will not. Select Create. HA doesn't fail-over L2 protocols like LACP. 0(3)I7(9) with a Fortigate 300D running it's ports in an 802. I have setup the routing policy, Firewall, and aggregate links on the Fortigate. 3ad) Labels: FortiGate; 50096 1 Kudo Suggest New You can have all Fortigate ports going to the same switch LAG, but you need set lacp-ha-slave disable on the standby unit so it doesn't actively try to form LACP while the active unit is also doing LACP. 2 and get replies from the Fortinet 192. 1 The LACP fallback mode is useful if you have a preboot execution I am trying to setup a LAG between a Fortigate 1200D cluster and a two Cisco Nexus switches. If you are creating an aggregate between two FortiGate units, you can turn LACP off (lacp-mode static). These are 10G fiber connections. Our setup looks as following: I know this setup is a little bit uncommon because normally you would connect the fortigates to both switches but because of li I would like to set up my network with LACP protocol between fortigate and cisco switch. 1 255. 3ad aggregate. The FortiGate should just analyze the traffic and should be transparent for the Cisco's. 2 | Fortinet Document Library . We're looking at possible spanning-tree issues, but also best practice guides on the Cisco side for VPC's. 1Q tag SVI or gi x/x/x " end Keep your static route on the cisco pointing Hello all, We have a customer who is trying to create a 2 gig ports Port-Channel with our router and the LACP is not working. As a matter of fact, when you connect Nexus 2ks to 5ks or 7ks active/active should be configured. Mô hình: Yêu cầu: - Cấu hình LACP giữa FGT và switch Cisco - Tạo interface vlan 100 với IP như quy hoạch để làm gateway cho các PC phía dưới (thuộc vlan 100) Trên switch cisco khai LACP: On FortiGate 5. 168. It didn't load share! There is no issue with running LACP as active/active. created policy as per the sub interface, in the policy you can I have a issue configuring LACP between cisco 3850 and fortigate 100D. 255 area 0 passive default no passive " interface connected to FGT 802. On the Nexus switches there is a command lacp suspend-individual (see lacp suspend-individual) within the port-channel interface context that controls what should happen to an "I" port. g. The other way After that both side configure LACP Ether channel. And yes, I admit the 80E is no burner with a max of 4 Gbps, but I've seen a lot of VLANs not utilizing nearly as much bandwidth as physically provided. 0 255. Cat_6509#sh run int ten8/1 Building configuration Current configuration : 156 bytes ! interface TenGigabitEthernet8/1 switchport switchport mode trunk channel-group 42 mode desirable end Cat_6509#sh run int ten9/1 Building configuration If you configure LACP on FortiGate you have to consider a point. LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key LACP fortigate - Cisco switch I have configured LACP link (2 port) on Cisco 3560 and FG310B, everything seem be fine, but when I put traffic on this LACP link, traffic just rided on one physical link, when I shutdown one port of LACP, traffic switch to another. . 1. Our setup looks as following: On the switch we see that the fortigate doesn't send any LACP packets: switch1# show lacp counters. The VPC on the Cisco side fails, saying "vpc port channel mis-config due to vpc links in the 2 switches connected to different partners". 1 Process Ethernet frames with Cisco Security Group Tag and VLAN tag Support port block allocation for NAT64 Support refreshing active sessions for specific protocols and port ranges per VDOM in a specified direction 7. interface Ethernet0/2 switchport trunk encapsulation The LACP conformed from the perspective of IOS cisco is correct: LACP conformed and each link member is grouped without any problem. My config as below: Fortigate: command: show system interface result (For my LACP interface): edit "GNET" set vdom "root" set ip 20. In active/passive active side negotiate and the passive side minimizes transmission of LACP packets (less noise). 30. Cisco ME 1200 Series Carrier Ethernet Access Devices NID Configuration Guide, Cisco IOS 15. 4. We are wanting to migrate to a single 10G link via a different switch with as little disruption as possible. feature inter-vlan . Fortigate Confi: edit "aggregate" set vdom "root" set allowaccess https ssh set type aggregate set member "port1" "port2" set alias "LAG1-2" set snmp-index 12set lacp-speed slow next Cisco side: So your sw1's port-channel(if Cisco) works always 1Gig, not 2Gig. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast Hello, we have LACP with two port on each of two nodes of A-A cluster configured. edit <trunk name> set aggregator-mode {bandwidth | count} set description <description_string> set members <ports> set mode {lacp-active | lacp-passive | static} Trying to get a trunk built between a Cisco Catalyst switch and a Forigate 100F using two 10G links in an LCAP link-aggregation configuration. LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key are you trying to connecting lacp between the 2 6500s in the vss setup or are you connecting to another switch ? If its between the 2 6500s in vss the port-channel needs to have switch virtual link set under it For the mode, select Static, Passive LACP, or Active LACP. Both the physical interfaces and the aggregate interface are showing as up on the Fortigate but the Cisco side is showing the etherchannel and physical ports as not connected. The Cisco Nexus 3000 switch requires four LACP groups, one for each of the FortiController LACP groups. 5 with Cisco Switch Reference: Deploying MCLAG topologies | FortiSwitch 7. Here, you've told the Cisco LACP/Switchport trunk to transmit VLAN#10 as untagged on that LACP Trunk. zecgu bea bdrsb sicbm bwqt nmvx dbn kncpv qhfld jdco vxrro nosghe rkihd pepc grhfepxn