Lagging between Fortinet and Extreme SSA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-29-2015 04:32 PM
We currently have a pair of Fortinet 1500D the have the internal port(s) connected to a C3 stack. I would like to take it off the stack and connect it to the SSA-T1068 at the top of the network for our central office. Last night I attempted to do so while upgrading some other switches. Let's say I was not very successful. Has anyone else encountered problems with Fortinet/Extreme interoperability? I am new to Extreme and any assistance would be very helpful.
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-11-2016 04:59 PM
Thanks for keeping the Community informed as you go. Good stuff!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-04-2016 02:21 PM
I am going to contact GTAC and get a case opened. I'll post the outcome here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-30-2015 03:08 PM
I still have a 1000A and an SSA laying around.. I'm going to try this..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-30-2015 03:01 PM
I double checked the ports status in the stack that the Fortinets are connected to. It did not form a Dynamic Lag as previously thought, even though dynamic lagging is on in the stack. The port type shows as "access" as the other lags are "interswitch". This is coming from Oneveiw.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-29-2015 09:15 PM
If you are saying that the other end of the LAG attaches to two separate devices, in that event you'll get two separate LAGs rather than an EXOS "Multi-LAG" which is not supported on the S-Series. However, here I've already seen that singleportlag is disabled and only two ports are in use for this LAG.
"
If this is what you are referring to here regarding "two devices", then if it worked as a Dynamic LAG to a SecureStack standalone or stack then it should work to a SSA as well. However, I am not familiar with how such a cluster would support a Dynamic LAG in a connection to another Fortinet or to a third-party peer device such as a SecureStack or S-Series.
If Spanning Tree remains enabled on the LAG aggregator and underlying ports, then yes, it should kick in to stop any detected loop regardless of whether or not one or more LAGs have formed - as long as BPDUs aren't being filtered within the path of the data loop.
"
code:
" We have a pair of 1500D's in an active cluster. I was taking one cable from each and connecting it to the SSA.
If this is what you are referring to here regarding "two devices", then if it worked as a Dynamic LAG to a SecureStack standalone or stack then it should work to a SSA as well. However, I am not familiar with how such a cluster would support a Dynamic LAG in a connection to another Fortinet or to a third-party peer device such as a SecureStack or S-Series.
If Spanning Tree remains enabled on the LAG aggregator and underlying ports, then yes, it should kick in to stop any detected loop regardless of whether or not one or more LAGs have formed - as long as BPDUs aren't being filtered within the path of the data loop.
