Extreme Networks

Thomas_Maddox · ‎12-29-2015

We currently have a pair of Fortinet 1500D the have the internal port(s) connected to a C3 stack. I would like to take it off the stack and connect it to the SSA-T1068 at the top of the network for our central office. Last night I attempted to do so while upgrading some other switches. Let's say I was not very successful. Has anyone else encountered problems with Fortinet/Extreme interoperability? I am new to Extreme and any assistance would be very helpful.

Thomas_Maddox · ‎12-29-2015

What is the expected behavior of the SSA when it sees the connections are from two devices? Will spantree block one or both ports?

Paul_Poyant · ‎12-29-2015

Looks like if you issue '

code:

set port lacp port ge.1.5-6 aadminkey 2

' to override the

code:

default, the aadminkey of these two intended underlying ethernet ports should then match that of the intended LAG aggregator ('

code:

set lacp aadminkey lag.0.2 2

'), allowing LAG lag.0.2 to form using underlying ports ge.1.5-6.

That may or may not be the whole story, but it should move things in the right direction.

You could as desired test the SSA with any other Dynamic LAG device. If it works with that test device, then it should work with the Fortinet. Based on my findings above, I surmise that SSA ports ge.1.5-6 are not LAGging with anything now - unless some other local LAG aggregator instance has a

code:

aadminkey value.

Thomas_Maddox · ‎12-29-2015

I do not currently have the Fortinet connected to the SSA because in doing so lots of network problems arise. I also want to clarify the Fortinet setup. We have a oair of 1500D's in an active active cluster. I was taking on cable from each and connecting it to the SSA. The info requested is below.

set lacp aadminkey lag.0.2
set lacp enable
set lacp singleportlag disable
set lacp flowRegeneration disable
set lacp outportAlgorithm dip-sip
set lacp outportLocalPreference none

set port advertise ge.1.5 10t 10tfd 100tx 100txfd bpause 1000tfd
set port advertise ge.1.6 10t 10tfd 100tx 100txfd bpause 1000tfd

set port broadcast ge.1.5 1488100
set port broadcast ge.1.6 1488100

set port discard ge.1.5 none
set port discard ge.1.6 none

set port ingress-filter lag.0.2 disable

set port ingress-filter ge.1.5 disable
set port ingress-filter ge.1.6 disable

set port jumbo disable ge.1.5
set port jumbo disable ge.1.6

set port lacp port ge.1.5 aadminkey 32768
set port lacp port ge.1.6 aadminkey 32768

set port lacp port ge.1.5 padminsyspri 32768
set port lacp port ge.1.6 padminsyspri 32768

set port lacp port ge.1.5 padminsysid 00-00-00-00-00-00
set port lacp port ge.1.6 padminsysid 00-00-00-00-00-00

set port lacp port ge.1.5 padminkey 261
set port lacp port ge.1.6 padminkey 262

set port lacp port ge.1.5 aportpri 32768
set port lacp port ge.1.6 aportpri 32768

et port lacp port ge.1.5 padminport 261
set port lacp port ge.1.6 padminport 262

set port lacp port ge.1.5 padminportpri 32768
set port lacp port ge.1.6 padminportpri 32768

clear port lacp port ge.1.5 aadminstate all
clear port lacp port ge.1.6 aadminstate all

clear port lacp port ge.1.5 padminstate all
clear port lacp port ge.1.6 padminstate all

et port lacp port ge.1.5 enable
set port lacp port ge.1.6 enable

set port oam ge.1.5 status disable
set port oam ge.1.6 status disable

set port oam ge.1.5 mode active
set port oam ge.1.6 mode active

set port oam ge.1.5 loopback-rx ignore
set port oam ge.1.6 loopback-rx ignore

set port oam ge.1.5 notify-retry 1
set port oam ge.1.6 notify-retry 1

set port priority lag.0.2 0

set port priority ge.1.5 0
set port priority ge.1.6 0

set port priority-queue lag.0.2 1 0
set port priority-queue lag.0.2 2 0
set port priority-queue lag.0.2 3 0
set port priority-queue lag.0.2 4 0
set port priority-queue lag.0.2 5 0
set port priority-queue lag.0.2 6 0
set port priority-queue lag.0.2 7 0

et port priority-queue ge.1.5 0 2
set port priority-queue ge.1.5 1 0
set port priority-queue ge.1.5 2 1
set port priority-queue ge.1.5 3 3
set port priority-queue ge.1.5 4 4
set port priority-queue ge.1.5 5 5
set port priority-queue ge.1.5 6 6
set port priority-queue ge.1.5 7 7
set port priority-queue ge.1.6 0 2
set port priority-queue ge.1.6 1 0
set port priority-queue ge.1.6 2 1
set port priority-queue ge.1.6 3 3
set port priority-queue ge.1.6 4 4
set port priority-queue ge.1.6 5 5
set port priority-queue ge.1.6 6 6
set port priority-queue ge.1.6 7

set port tcioverwrite lag.0.2 disable

et port tcioverwrite ge.1.5 disable
set port tcioverwrite ge.1.6 disable

set port trap ge.1.1-48 enable

set port trap lag.0.1-62 disable

set port vlan lag.0.2 11

et port vlan ge.1.5 11
set port vlan ge.1.6 11

Aggregator: lag.0.2
Actor Partner
System Identifier: 00:1f:45:fc:e8:23 00:00:00:00:00:00
System Priority: 32768 32768
Admin Key: 2
Oper Key: 2 2
Attached Ports: None.
Standby Ports: None.

Paul_Poyant · ‎12-29-2015

In short, I agree that an S-Series Dynamic LAG should come up and function when connected. Has this unit been used previously for LAGs? Perhaps peer data learned earlier is being obstructive now.

A bit more background would be helpful; including (1) identification of the ethernet port numbers being used for the LAG, and (2) output of a '

code:

show config all lacp

', '

code:

show config all port

' (for each of these omitting the configs for ports not under discussion), and '

code:

show lacp

'.

You may alternatively consider opening a GTAC Support case to work this issue, then ultimately closing the loop here to report the cause and the resolution.

Thomas_Maddox · ‎12-29-2015

I am pretty sure. What is baffling me is that I can connect it to any port in the stack with no configuration tweaking and it works.

Extreme Networks

Lagging between Fortinet and Extreme SSA

Lagging between Fortinet and Extreme SSA