Configuring Link Aggregation

Aggregated ports provide increased performance through load balancing when connected to a switch that supports aggregation, and provide redundancy when connected to a switch or server that supports aggregation.

Link Aggregation allows port redundancy and load balancing in Layer 2 networks. Load balancing is controlled by the hardware, based on source and destination MAC address pairs. The Switching > Link Aggregation page provides information and statistics, and allows configuration of interfaces for aggregation.

Static and Dynamic Link Aggregation are supported. Dynamic Link Aggregation is supported with the use of LACP (IEEE 802.1AX). Ports that are in the same VLAN (same PortShield Group) or are VLAN trunk ports are eligible for link aggregation. Up to four ports can be aggregated in a logical group and there can be four Logical Links (LAGs) configured.

Two main types of usage are enabled by this feature:

•	Firewall to Server – This is implemented by enabling Link Aggregation on ports within the same VLAN (same PortShield Group). This configuration allows port redundancy, but does not support load balancing in the Firewall-to-Server direction because of a hardware limitation.

•	Firewall to Switch – This is allowed by enabling Link Aggregation on VLAN trunk ports. Load balancing is automatically done by the hardware. The Firewall supports one load balancing algorithm based on source and destination MAC address pairs.

The diagram shows LAGs to a server and to a switch.

Similarly to PortShield configuration, you select an interface that represents the aggregated group. This port is called an aggregator. The aggregator port must be assigned a unique key. By default, the aggregator port key is the same as its interface number. Non-aggregator ports can be optionally configured with a key that can help prevent an erroneous LAG if the switch connections are wired incorrectly.

Ports bond together if connected to the same link partner and their keys match. If there is no key configured for a port (if the port is in auto mode), it bonds with an aggregator that is connected to the same link partner. The link partner is discovered through LACP messages. A link partner cannot be discovered for Static link aggregation. In this case, ports aggregate based on keys alone.

Like a PortShield host, the aggregator port cannot be removed from the LAG because it represents the LAG in the system.

NOTE: After link aggregation has been enabled on VLAN trunk ports, additional VLANs cannot be added or deleted on the LAG.

NOTE: If you need to enable RSTP on the LAG, first enable RSTP on the individual members and then enable link aggregation.