Network Architecture & Design

Expand all | Collapse all

LACP between PaloAlto and ExOS, and then VLAN

  • 1.  LACP between PaloAlto and ExOS, and then VLAN

    Posted 07-08-2016 06:58
    We have:
    - PaloAlto PA-500 (firewall/router)
    - Extreme X350-48 ver.12.6.2.10

    For now we have individual cable for each vlan. like this picture



    But we need more vlans, more than physical ports on PaloAlto, for that I try configure something like this.



    On PaloAlto I already configure Aggregate group and create subinterfaces for each vlan. And now stuck on ExOS.
    Start reading conceptbook and find that i need LAG, then LACP and then ... i'm lost.

    My questions:
    1) Is possible this configuration between these two devices?
    2) How to configure LAG, LACP and attach vlans on it? (it's on X350)

    I'm completely newbie in LAG, LACP terminology. Welcome to correct me!
    What additional information may help me on this?


  • 2.  RE: LACP between PaloAlto and ExOS, and then VLAN

    This message was posted by a user wishing to remain anonymous
    Posted 07-08-2016 07:11
    enable sharing port grouping port_list {algorithm [address-based {L2 | L3 | L3_L4
    | custom} | port-based }]} {lacp | health-check}

    Enables the switch to configure port link aggregation, or load sharing. By using link aggregation, you
    use multiple ports as a single logical port. Link aggregation also provides redundancy because traffic is
    redistributed to the remaining ports in the LAG if one port in the group goes down. LACP allows the
    system to dynamically configure the LAGs.

    The port-based keyword was added to the command to support the creation of port-based load
    sharing groups.

    For more details you can lookup EXOS User Guide or the Command Reference Guide
    http://extremenetworks.com/support/documentation/



  • 3.  RE: LACP between PaloAlto and ExOS, and then VLAN

    Posted 07-08-2016 08:08
    Consider a LACP LAG as one physical link, so all vlans should be tagged on both sides of one physical link.


  • 4.  RE: LACP between PaloAlto and ExOS, and then VLAN

    Posted 07-08-2016 09:21
    On EXOS, a link aggregation group (LAG) is also called "port sharing". You configure a group of ports to use sharing (see the command mentioned by Olaf above). The LAG is then referenced by the master port.
    enable sharing 23 grouping 23-25 algorithm address-based L3_L4 lacp configure vlan VLAN0011 add ports 23 tagged configure vlan VLAN0012 add ports 23 tagged configure vlan VLAN0013 add ports 23 tagged configure vlan VLAN0014 add ports 23 tagged [/code]LACP is a standard protocol to negotiate a LAG between two devices, and to detect link problems. It should be used whenever possible. If you do not use the LACP keyword above, the port sharing (LAG) uses a static configuration. The load sharing algorithm may be left at the default setting, but I'd recommend using L3_L4.

    You can use the commands "show lacp" and "show sharing" to check LAG and LACP , and "show port information detail" to check e.g. VLAN status on the LAG.

    A few commands, e.g. "disable port" and "enable port", still work on the physical ports, not the LAG. Most other commands pertain to the LAG after its creation.

    Br,
    Erik


  • 5.  RE: LACP between PaloAlto and ExOS, and then VLAN

    Posted 07-08-2016 16:50
    Just to add a little extra to Erik's comment, once the "sharing" is established the root port (The one listed after the word "sharing" is where you apply all other LACP-related settings for that LAG. Adding a tag'd vlan as he shows next essentially adds it to the share, affecting all members. You do not need (or want) to add the vlan's individually to each port.


  • 6.  RE: LACP between PaloAlto and ExOS, and then VLAN

    Posted 07-20-2016 04:17
    Excuse my long silence.
    I can confirm - lacp is working between ExOS and PaloAlto.
    Thanks for replies.



  • 7.  RE: LACP between PaloAlto and ExOS, and then VLAN

    Posted 03-16-2018 21:09


  • 8.  RE: LACP between PaloAlto and ExOS, and then VLAN

    Posted 07-08-2016 09:21
    why EXOS is so similar to DLink Cli?