LACP between PaloAlto and ExOS, and then VLAN

  • 0
  • 1
  • Question
  • Updated 8 months ago
  • Answered
  • (Edited)
We have:
- PaloAlto PA-500 (firewall/router)
- Extreme X350-48 ver.

For now we have individual cable for each vlan. like this picture

But we need more vlans, more than physical ports on PaloAlto, for that I try configure something like this.

On PaloAlto I already configure Aggregate group and create subinterfaces for each vlan. And now stuck on ExOS.
Start reading conceptbook and find that i need LAG, then LACP and then ... i'm lost.

My questions:
1) Is possible this configuration between these two devices?
2) How to configure LAG, LACP and attach vlans on it? (it's on X350)

I'm completely newbie in LAG, LACP terminology. Welcome to correct me!
What additional information may help me on this? 
Photo of modris bernands

modris bernands

  • 610 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Hagemann, Olaf

Hagemann, Olaf, Employee

  • 1,306 Points 1k badge 2x thumb
enable sharing port grouping port_list {algorithm [address-based {L2 | L3 | L3_L4
| custom} | port-based }]} {lacp | health-check}

Enables the switch to configure port link aggregation, or load sharing. By using link aggregation, you
use multiple ports as a single logical port. Link aggregation also provides redundancy because traffic is
redistributed to the remaining ports in the LAG if one port in the group goes down. LACP allows the
system to dynamically configure the LAGs.

The port-based keyword was added to the command to support the creation of port-based load
sharing groups.

For more details you can lookup EXOS User Guide or the Command Reference Guide
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,488 Points 2k badge 2x thumb
Consider a LACP LAG as one physical link, so all vlans should be tagged on both sides of one physical link.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
On EXOS, a link aggregation group (LAG) is also called "port sharing". You configure a group of ports to use sharing (see the command mentioned by Olaf above). The LAG is then referenced by the master port.
enable sharing 23 grouping 23-25 algorithm address-based L3_L4 lacp
configure vlan VLAN0011 add ports 23 tagged
configure vlan VLAN0012 add ports 23 tagged
configure vlan VLAN0013 add ports 23 tagged
configure vlan VLAN0014 add ports 23 tagged
LACP is a standard protocol to negotiate a LAG between two devices, and to detect link problems. It should be used whenever possible. If you do not use the LACP keyword above, the port sharing (LAG) uses a static configuration. The load sharing algorithm may be left at the default setting, but I'd recommend using L3_L4.

You can use the commands "show lacp" and "show sharing" to check LAG and LACP , and "show port <PORT> information detail" to check e.g. VLAN status on the LAG.

A few commands, e.g. "disable port" and "enable port", still work on the physical ports, not the LAG. Most other commands pertain to the LAG after its creation.

Photo of Nick Yakimenko

Nick Yakimenko

  • 2,488 Points 2k badge 2x thumb
why EXOS is so similar to DLink Cli?
Photo of Eric Burke

Eric Burke

  • 3,438 Points 3k badge 2x thumb
Just to add a little extra to Erik's comment, once the "sharing" is established the root port (The one listed after the word "sharing" is where you apply all other LACP-related settings for that LAG.  Adding a tag'd vlan as he shows next essentially adds it to the share, affecting all members.  You do not need (or want) to add the vlan's individually to each port.
Photo of modris bernands

modris bernands

  • 610 Points 500 badge 2x thumb
Excuse my long silence.
I can confirm - lacp is working between ExOS and PaloAlto.
Thanks for replies.
Photo of Bin

Bin, Employee

  • 5,374 Points 5k badge 2x thumb