Home

Initial Troubleshooting Steps for LACP on FortiGate

This article offers troubleshooting instructions for addressing LACP (Link Aggregation Control Protocol) problems on a FortiGate device.

When troubleshooting Link Aggregation Control Protocol (LACP) issues on a FortiGate device, it’s essential to follow a systematic approach to identify and resolve the problem. Below are detailed steps and commands that can be utilized during the troubleshooting process.

1. Verify LACP Configuration

The first step in troubleshooting LACP is to ensure that the configuration is correct on both ends of the link aggregation. This includes checking the settings on both the FortiGate device and the connected switch.

  • Command: show system interface

    • This command displays all interfaces configured on the FortiGate, including those participating in LACP. Look for interfaces that are part of an aggregate group.

  • Command: show switch interface

    • Use this command to verify if the switch ports are correctly configured for LACP. Ensure they are set to “active” mode if using dynamic LACP.

2. Check Interface Status

Next, check the status of each individual interface that is part of the LACP group.

  • Command: get system interface physical
    • This command provides information about each physical interface’s status (up/down). Ensure that all member interfaces are up and operational.

3. Review Aggregation Group Status

To get detailed information about the aggregation group itself, use:

  • Command: get system link-aggregation
    • This command shows details about link aggregation groups, including their operational status and which member interfaces are active or inactive.

4. Examine Logs for Errors

Logs can provide insight into any errors or misconfigurations related to LACP.

  • Command: diagnose debug enable
  • Command: diagnose debug application lacpd -1
    • These commands enable debugging for LACP and display real-time logs related to LACP operations. Look for any error messages or warnings that could indicate problems with negotiation or configuration mismatches.

5. Check VLAN Configuration

If VLANs are involved, ensure that they are correctly configured across both devices:

  • Command: show vlan
    • Verify that VLANs used by the aggregated links match on both ends of the connection.

6. Validate MTU Settings

Mismatch in Maximum Transmission Unit (MTU) settings can also cause issues with link aggregation:

  • Command: get system interface | grep mtu
    • Check MTU settings on both FortiGate and connected switches to ensure consistency.

7. Test Connectivity

Finally, test connectivity through the aggregated link:

  • Command: execute ping
    • Use this command to check if you can reach a destination IP address over the aggregated link.

If after following these steps you still encounter issues with LACP, consider reviewing vendor documentation or reaching out to support for further assistance.

Authoritative Sources Used:

  • Fortinet Documentation
  • IEEE Standards Association
  • Cisco Technical Documentation