FortiLink MCLAG - 与第三方设备进行跨堆叠交换机聚合
2025/10/29大约 5 分钟
FortiLink MCLAG - 与第三方设备进行跨堆叠交换机聚合
网络需求
本测试基于上一个章节“FortiLink MCLAG - 堆叠组网 2 Tier 配置举例”进行配置。
网络拓扑
- Cisco SW1 的 Port-Channel 10 为三层接口,IP 地址为 192.168.10.101,我们在 Core-FSW1 和 Core-FSW2 跨交换机配置一个 BOND 10 的聚合接口与其对接,将其划分到 VLAN10 里面。
- Cisco SW2 的 Port-Channel 20 为三层接口,IP 地址为 192.168.20.101,我们在 Access-FSW1 和 Access-FSW2 跨交换机配置一个 BOND 20 的聚合接口与其对接,将其划分到 VLAN20 里面。
配置步骤
Cisco 交换机配置
Cisco SW1 的聚合配置。
! interface port-channel 10 no switchport ip address 192.168.10.101 255.255.255.0 ! ! interface FastEthernet2/0/3 no switchport no ip address channel-group 10 mode active ! interface FastEthernet2/0/4 no switchport no ip address channel-group 10 mode active !Cisco SW2 的聚合配置。
! interface Port-channel20 no switchport ip address 192.168.20.101 255.255.255.0 ! interface FastEthernet2/0/5 no switchport no ip address channel-group 10 mode active ! interface FastEthernet2/0/6 no switchport no ip address channel-group 20 mode active !
FortiGate 配置
配置基于 Core-FSW1 和 Core-FSW2 跨交换机对接的 BOND 10。
进入 FortiSwitch Port 页面的 Trunk 视图模式,配置 Bond10 成员接口的本地 VLAN 为 10(相当于 Access VLAN 10)。
Core-FSW1: config switch trunk edit "Bond10" set mode lacp-active set mclag enable set members "port8" next end config switch interface edit "Bond10" set native-vlan 10 next end Core-FSW2: config switch trunk edit "Bond10" set mode lacp-active set mclag enable set members "port8" next end config switch interface edit "Bond10" set native-vlan 10 next end配置基于 Access-FSW1 和 Access-FSW2 跨交换机对接的 BOND 20。
进入 FortiSwitch Port 页面的 Trunk 视图模式,配置 Bond20 成员接口的本地 VLAN 为 20(相当于 Access VLAN 20)。
Access-FSW1: config switch trunk edit "Bond20" set mode lacp-active set mclag enable set members "port8" next end config switch interface edit "Bond20" set native-vlan 20 next end Access-FSW2: config switch trunk edit "Bond20" set mode lacp-active set mclag enable set members "port8" next end config switch interface edit "Bond20" set native-vlan 20 next end
注意事项
重要
FortiSwitch 的 mclag-icl 堆叠组网中,与 Cisco 交换机聚合口对接时,还必须在 FortiSwitch 的 STP 配置中增加如下配置(set mclag-stp-bpdu single)。
Core-FSW1:
config switch stp settings
set mclag-stp-bpdu single
end
Core-FSW2:
config switch stp settings
set mclag-stp-bpdu single
end
Access-FSW1:
config switch stp settings
set mclag-stp-bpdu single
end
Access-FSW2:
config switch stp settings
set mclag-stp-bpdu single
end结果验证
Cisco-SW1
在思科交换机 Cisco-SW1 上查看聚合状态。
Cisco-SW1#show interfaces port-channel 10 etherchannel Port-channel10 (Primary aggregator) Age of the Port-channel = 0d:00h:35m:49s Logical slot/port = 10/10 Number of ports = 2 HotStandBy port = null Passive port list = Fa2/0/3 Fa2/0/4 Fa2/0/5 Port state = Port-channel L3-Ag Ag-Inuse Protocol = LACP Port security = Disabled Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------- 0 00 Fa2/0/3 Active 0 0 00 Fa2/0/4 Active 0 Time since last port bundled: 0d:00h:28m:41s Fa2/0/4 Cisco-SW1#show interfaces port-channel 10 Port-channel10 is up, line protocol is up (connected) Hardware is EtherChannel, address is 001c.b0c7.9741 (bia 001c.b0c7.9741) Internet address is 192.168.10.101/24 MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Full-duplex, 100Mb/s, link type is auto, media type is unknown input flow-control is off, output flow-control is unsupported Members in this channel: Fa2/0/3 Fa2/0/4 ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:30:09, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 6000 bits/sec, 2 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 4264 packets input, 1406340 bytes, 0 no buffer Received 4264 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 3034 multicast, 0 pause input 0 input packets with dribble condition detected 680 packets output, 100803 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out在思科交换机 Cisco-SW1 上访问 FortiGate 的 VLAN10。
Cisco-SW1#ping 192.168.10.1 repeat 100 Sending 100, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100), round-trip min/avg/max = 1/11/1007 ms
Cisco-SW2
在思科交换机 Cisco-SW2 上查看聚合状态。
Cisco-SW2#show interfaces port-channel 20 etherchannel Port-channel20 (Primary aggregator) Age of the Port-channel = 0d:00h:38m:50s Logical slot/port = 10/20 Number of ports = 1 HotStandBy port = null Passive port list = Fa2/0/6 Port state = Port-channel L3-Ag Ag-Inuse Protocol = LACP Port security = Disabled Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------- 0 00 Fa2/0/6 Active 0 Time since last port bundled: 0d:00h:10m:47s Fa2/0/6 Cisco-SW2#show interfaces port-channel 20 Port-channel20 is up, line protocol is up (connected) Hardware is EtherChannel, address is 001c.b0c7.9744 (bia 001c.b0c7.9744) Internet address is 192.168.20.101/24 MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Full-duplex, 100Mb/s, link type is auto, media type is unknown input flow-control is off, output flow-control is unsupported Members in this channel: Fa2/0/6 ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:10:57, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 729 packets input, 249974 bytes, 0 no buffer Received 729 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 542 multicast, 0 pause input 0 input packets with dribble condition detected 126 packets output, 18528 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out在思科交换机 Cisco-SW2 上访问 FortiGate 的 VLAN20。
Cisco-SW2#ping 192.168.20.1 repeat 100 Sending 100, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (100/100), round-trip min/avg/max = 1/11/1007 ms
注意事项
- 只能是堆叠交换机才可以跨交换机聚合,不同的堆叠交换机组,不支持配置为聚合接口。
- 如果是与 FortiSwith 对接,则是自动 MCLAG 聚合。
- 如果是和第三方设备对接,比如交换机、路由器、友商防火墙、服务器等等对接的话,推荐使用 LACP Active 方式动态聚合。