LACP between PaloAlto and ExOS, and then VLAN

  • 8 July 2016
  • 7 replies
  • 421 views

Userlevel 1
We have:
- PaloAlto PA-500 (firewall/router)
- Extreme X350-48 ver.12.6.2.10

For now we have individual cable for each vlan. like this picture



But we need more vlans, more than physical ports on PaloAlto, for that I try configure something like this.



On PaloAlto I already configure Aggregate group and create subinterfaces for each vlan. And now stuck on ExOS.
Start reading conceptbook and find that i need LAG, then LACP and then ... i'm lost.

My questions:
1) Is possible this configuration between these two devices?
2) How to configure LAG, LACP and attach vlans on it? (it's on X350)

I'm completely newbie in LAG, LACP terminology. Welcome to correct me!
What additional information may help me on this?

7 replies

Userlevel 3
enable sharing port grouping port_list {algorithm [address-based {L2 | L3 | L3_L4
| custom} | port-based }]} {lacp | health-check}

Enables the switch to configure port link aggregation, or load sharing. By using link aggregation, you
use multiple ports as a single logical port. Link aggregation also provides redundancy because traffic is
redistributed to the remaining ports in the LAG if one port in the group goes down. LACP allows the
system to dynamically configure the LAGs.

The port-based keyword was added to the command to support the creation of port-based load
sharing groups.

For more details you can lookup EXOS User Guide or the Command Reference Guide
http://extremenetworks.com/support/documentation/
Userlevel 4
Consider a LACP LAG as one physical link, so all vlans should be tagged on both sides of one physical link.
Userlevel 7
On EXOS, a link aggregation group (LAG) is also called "port sharing". You configure a group of ports to use sharing (see the command mentioned by Olaf above). The LAG is then referenced by the master port.
enable sharing 23 grouping 23-25 algorithm address-based L3_L4 lacp configure vlan VLAN0011 add ports 23 tagged configure vlan VLAN0012 add ports 23 tagged configure vlan VLAN0013 add ports 23 tagged configure vlan VLAN0014 add ports 23 tagged [/code]LACP is a standard protocol to negotiate a LAG between two devices, and to detect link problems. It should be used whenever possible. If you do not use the LACP keyword above, the port sharing (LAG) uses a static configuration. The load sharing algorithm may be left at the default setting, but I'd recommend using L3_L4.

You can use the commands "show lacp" and "show sharing" to check LAG and LACP , and "show port information detail" to check e.g. VLAN status on the LAG.

A few commands, e.g. "disable port" and "enable port", still work on the physical ports, not the LAG. Most other commands pertain to the LAG after its creation.

Br,
Erik
Userlevel 4
On EXOS, a link aggregation group (LAG) is also called "port sharing". You configure a group of ports to use sharing (see the command mentioned by Olaf above). The LAG is then referenced by the master port.
enable sharing 23 grouping 23-25 algorithm address-based L3_L4 lacp configure vlan VLAN0011 add ports 23 tagged configure vlan VLAN0012 add ports 23 tagged configure vlan VLAN0013 add ports 23 tagged configure vlan VLAN0014 add ports 23 tagged [/code]LACP is a standard protocol to negotiate a LAG between two devices, and to detect link problems. It should be used whenever possible. If you do not use the LACP keyword above, the port sharing (LAG) uses a static configuration. The load sharing algorithm may be left at the default setting, but I'd recommend using L3_L4.

You can use the commands "show lacp" and "show sharing" to check LAG and LACP , and "show port information detail" to check e.g. VLAN status on the LAG.

A few commands, e.g. "disable port" and "enable port", still work on the physical ports, not the LAG. Most other commands pertain to the LAG after its creation.

Br,
Erik
why EXOS is so similar to DLink Cli?
Userlevel 4
Just to add a little extra to Erik's comment, once the "sharing" is established the root port (The one listed after the word "sharing" is where you apply all other LACP-related settings for that LAG. Adding a tag'd vlan as he shows next essentially adds it to the share, affecting all members. You do not need (or want) to add the vlan's individually to each port.
Userlevel 1
Excuse my long silence.
I can confirm - lacp is working between ExOS and PaloAlto.
Thanks for replies.
Userlevel 5
Kindly notice that there is a software defect on LACP.
https://gtacknowledge.extremenetworks.com/articles/Solution/Port-from-the-backup-node-of-the-stack-n...

Reply