← Back to Guides Homepage

Configuring LACP Link Aggregation between Aruba Switch and FortiGate Firewall

In this guide, we will configure a Link Aggregation Group (LAG) using the LACP (802.3ad) protocol between an Aruba 6000 switch and a FortiGate 60E firewall. This setup increases bandwidth and provides redundancy by combining two physical Ethernet cables into a single logical interface.

Step 1: Aruba Switch Configuration

First, we configure the Aruba switch via the console connection. We will set a static management IP and create the LAG interface.

1. Initial Connectivity

Connect to the switch using a USB console cable. Open a terminal (e.g., PuTTY) on COM3 with a speed of 115200. Log in with the default credentials (admin / blank).

2. Set Static Management IP

Assign a static IP to VLAN 1 to manage the switch and test connectivity later. We will use 192.168.10.2 for the switch.

configure terminal
interface vlan 1
 ip address 192.168.10.2/24
 no ip dhcp
 exit

3. Create and Configure LAG Interface

Create the logical LAG interface (LAG 1), enable it, set VLAN 1 as the native trunk, and set the LACP mode to active.

interface lag 1
 no shutdown
 vlan trunk native 1
 lacp mode active
 exit

4. Assign Physical Ports to LAG

Bind physical interfaces 1/1/3 and 1/1/4 to the newly created LAG interface.

interface 1/1/3-1/1/4
 lag 1
 exit
write memory

Step 2: FortiGate Firewall Configuration

Next, we configure the FortiGate side via its web interface. We will create an aggregate interface using ports 6 and 7.

1. Access Web GUI

Connect your laptop to the management port (or an internal port). The default IP is usually 192.168.1.99. Configure your laptop with a static IP in the same subnet (e.g., 192.168.1.123) and navigate to the firewall's IP in a browser.

2. Prepare Physical Interfaces

Go to Network > Interfaces. By default, ports might be part of a "Hardware Switch". Remove ports 6 and 7 from any existing switch configuration so they are available for aggregation.

3. Create Aggregate Interface

Click "Create New Interface" and configure the following settings:

• Name: LAG_Aruba (or similar)
• Type: 802.3ad Aggregate
• Interface Members: Select Port 6 and Port 7
• IP Address: 192.168.10.1 (This will be the gateway for the switch)
• Subnet Mask: 255.255.255.0
• Administrative Access: Enable PING (for testing)

Click OK to save the interface.

Step 3: Verification and Testing

Once both sides are configured, connect two Ethernet cables: one from Aruba port 3 to FortiGate port 6, and another from Aruba port 4 to FortiGate port 7.

1. Verify LAG Status on Switch

On the Aruba switch CLI, verify the LAG status. You should see a speed of 2 Gbps (since we aggregated two 1 Gbps links) and the state as "Up".

show lag 1
show lag brief

2. Connectivity and Redundancy Test

Start a continuous ping from the Aruba switch to the FortiGate's IP address (192.168.10.1).

ping 192.168.10.1 repetitions 999

While the ping is running, physically unplug one of the cables. You should see the pings continue successfully, demonstrating that traffic automatically fails over to the remaining active link.

← Back to Guides Homepage