Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 6
Registered: ‎04-07-2014
Accepted Solution

static lag with Check Point's bond interfaces

Hello,

Anybody here using Check Point's bond interfaces with static lag on ICX6610 (L2, v0.8)? I can't get it working with two cables attached to the lag at the same time.

 

Check Point version is R77.10 (running on Gaia). Bond is configured as Active/Backup and contains two physical interfaces (the primary interface on Check Point's bond corresponds to the primary port configured in the lag).

 

Here is the config:

 

!
lag "DMZ" static id 3
ports ethernet 1/1/1 ethernet 2/1/1
primary-port 1/1/1
deploy
!
vlan 2 name DMZ by port
untagged ethe 1/1/1 ethe 1/1/10 ethe 2/1/1
!
lag "INTERNAL" static id 4
ports ethernet 1/1/2 ethernet 2/1/2
primary-port 1/1/2
deploy
!
vlan 3 name INTERNAL by port
untagged ethe 1/1/2 ethe 1/1/20 ethe 2/1/2
!

 

Ports 'ethe 1/1/10' and 'ethe 1/1/20' are PCs plugged into relevant VLANs and pinging each other.

 

The issue is that it only works with one cable attached to the lag (either primary or secondary). If I connect both cables at the same time PCs can't ping each other anymore.

 

I can't figure out what's wrong.. the lag seems OK and from the Check Point side both ports are up but no pings are getting through.

 

=== LAG "DMZ" ID 3 (static Deployed) ===
LAG Configuration:
Ports: e 1/1/1 e 2/1/1
Port Count: 2
Primary Port: 1/1/1
Trunk Type: hash-based
Deployment: HW Trunk ID 3
Port Link State Dupl Speed Trunk Tag Pvid Pri MAC Name
1/1/1 Up Forward Full 1G 3 No 2 0 cc4e.2416.f624
2/1/1 Up Forward Full 1G 3 No 2 0 cc4e.2416.f624

 

Any hints would be greatly appreciated.

 

Thank you.

Frequent Contributor
Posts: 144
Registered: ‎11-07-2013

Re: static lag with Check Point's bond interfaces

Hi Nov1ce,

   Using Ckeck Point speak, change the firewalls to Load Sharing (Active/Active), as Active backup is used for connecting the firewall to different switches for fail over, while you have the 6610's setup for LACP (active/active).

 

You may want to have a look at https://sc1.checkpoint.com/documents/R76/CP_R76_VSX_AdminGuide/34249.htm for an overview from the checkpoint side.

 

Thanks

Michael.

Thanks
Michael
Occasional Contributor
Posts: 6
Registered: ‎04-07-2014

Re: static lag with Check Point's bond interfaces

Many thanks Michael!

 

Yes, Load Sharing (Active/Active) works without any issues. So the only reason why it Active/Backup doesn't work is because we're terminating both legs at the same switch?

 

Thank you.

Frequent Contributor
Posts: 144
Registered: ‎11-07-2013

Re: static lag with Check Point's bond interfaces

Yep, that is correct.

 

Thanks

Michael.

Thanks
Michael

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook