Comware

 Hi all,

I want to connect my HPE 7500 to FORTIGATE 380D with two 1G channel link aggregation.

this is my 7500 Configuration:

#

interface Bridge-Aggregation 1

port link-type trunk

port trunk permit vlan all

link-aggregation mode dynamic

#

interface Ten-GigabitEthernet1/0/28

port link-aggregation group 1

#

interface Ten-GigabitEthernet1/0/29

port link-aggregation group 1

#

 this is my fortigate configuration:

      edit "LinkAgg"
         set vdom "root"
         set ip 192.168.202.1 255.255.255.0
         set allowaccess ping https ssh
         set l2forward enable
         set stpforward enable
         set type aggregate
         set member "port9" "port10" "port11"
         set fortiheartbeat enable
         set role lan
         set snmp-index 15
         set lacp-mode passive
         set lacp-ha-slave disable
     next

I connec to 2 PC on switch and 2 PC on fortigate and i have full visibility with all of them.

I use iperf to verify bandwith between 7500 and FORTIGATE; 2 PC are server and 2 pc are client.

When i start my lab i expeect this:

PC1 (iperf client) to SRV1 (iperf server) = 1G bandwidth

PC2 (iperf client) to SRV2 (iperf server) = 1G bandwidth

How can i have 2 connection 1G?

Thanks

Hello,

Do you have two nic's in two PC's...? Ideally link-agg is used to combine two physical interfaces to 1logical interface, commonly used for uplink / server redundancy. Also, i could see in fortinet config you have mentioned 3 ports part of link-agg.

Please use below link for config guides https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null&docLocale=en_US&docId=emr_na-c05367116

Hi,

thank you for reply.

this is my schema:

             |-----------------|                                        |-----------------|

PC1 --- |                         |                                        |                         | --- SRV1

             |     Fortigate    | ----- LAG x 2 nic's ----  |        7510         |

PC2 --- |                         |                                       |                         | --- SRV2

             |-----------------|                                        |-----------------|

7510 LAG have 2 nic's. 

Fortigate Aggregate Lan have 2 nic's, I attach the wrong file, the rest remain the same.

Iperf from PC1 to SRV1 is about 800 Mbit

Iperf from PC2 to SRV2 is about 50 Mbit

I don't know why!

Thank you

Could you please paste the output of the 

display link-aggregation verbose Bridge-Aggregation 1

CLI Command (run it on the HPE FlexNetwork 7510)?

That's to show us how the HPE FlexNetwork 7510 switch is connected to the peer's LACP as defined on your Fortigate [*] firewall.

[*] Does Fortigate 380D exist or are you referring to Fortigate 3800D? try to be a little bit more precise...

Edit: NIC is a wrong term here...a NIC is a Network Interface Card which could have one or more ports...indeed is a term used when you speak abot Hosts (Servers, Clients, etc.)...when you're referring to Switch(es) and Firewall(s) a more appropriate term is - physical - "Interface" or "Port"...an Interface/Port could also be a logical entity like the case of a LAG (when physical interfaces are aggregated into a logical interface, the LAG Link Aggregation Group or BAGG Bridge Aggregation Group...in switching terminology).

So you're testing one port of Host PC1 to one port of SRV1 (and one port of PC2 to one port of SRV2) via a LAG between two peers: your Fortigate firewall and your HPE FlexNetwork 7510. Have you tested opposite direction (SRVs to PCs)? same results?