l2lag
Link Aggregation allows port redundancy and load balancing in Layer 2 networks. Load balancing is controlled by the hardware, based on source and destination MAC address pairs. The Switching > Link Aggregation page provides information and statistics, and allows configuration of interfaces for aggregation.
Static and Dynamic Link Aggregation are supported. Dynamic Link Aggregation is supported with the use of LACP (IEEE 802.1AX). Ports that are in the same VLAN (same PortShield Group) or are VLAN trunk ports are eligible for link aggregation. Up to four ports can be aggregated in a logical group and there can be four Logical Links (LAGs) configured.
Two main types of usage are enabled by this feature:
• Firewall to Server – This is implemented by enabling Link Aggregation on ports within the same VLAN (same PortShield Group). This configuration allows port redundancy, but does not support load balancing in the appliance-to-Server direction due to a hardware limitation on the appliance.
• Firewall to Switch – This is allowed by enabling Link Aggregation on VLAN trunk ports. Load balancing is automatically performed by the hardware. the appliance supports one load balancing algorithm based on source and destination MAC address pairs.
Similarly to PortShield configuration, you select an interface that represents the aggregated group. This port is called an aggregator. The aggregator port must be assigned a unique key. By default, the aggregator port key is the same as its interface number. Non-aggregator ports can be optionally configured with a key, which can help prevent an erroneous LAG if the switch connections are wired incorrectly.
Ports bond if connected to the same link partner and their keys match. If a key is not configured for a port (if the port is in auto mode), it will bond with an aggregator that is connected to the same link partner. The link partner is discovered via LACP messages. A link partner cannot be discovered for Static link aggregation. In this case, ports aggregate based on keys alone.
Like a PortShield host, the aggregator port cannot be removed from the LAG since it represents the LAG in the system.
Note Once link aggregation has been enabled on VLAN trunk ports, additional VLANs cannot be added or deleted on the LAG.
Note If you need to enable RSTP on the LAG, first enable RSTP on the individual members and then enable link aggregation.
Creating a Logical Link (LAG)
To create a Logical Link (LAG), perform the following steps:
1. On the Switching > Link Aggregation page, click the Add button.
2. In the Add LAG Port window, select the interface from the Aggregator Port drop-down list.
In the Key field, type the key (1-255) that defines the port membership to the LAG group.
4. Use the Member Ports drop-down list to select the member ports to be associated with this LAG group.
5. To exchange LACP protocol messages, check the LACP Enable check box, or ensure the LACP Enable check box is not checked for static LAG.
6. Use the Load Balance Type drop-down list to select the load balancing algorithm for this LAG based on the deployment scenario.
Note The load balancing algorithm cannot be changed during operation of the LAG group.
7. Click OK.
The LAG is added to the Switching > Link Aggregation page, and the Partner column will display the MAC addresses of the link partners after they are physically connected.