cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
527
Views
1
Helpful
9
Replies

port-channel on cisco ASR1001

Herman2018
Level 3
Level 3

hi, we have 2x ASR 1001 and created a bridge domain interface 20. Now we need to create port-channel between ASR and fortinet firewall. Can anyone pls help advise whether below config is correct? Thanks in advance.

interface BDI20
 description xxxxx
 ip address 10.x.x.1 255.255.255.248
 
int po50
desc xxxx
no ip address
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2 Accepted Solutions

Accepted Solutions

@Herman2018 

 Seems to be right to me but you need to test with the Fortinet to be sure. Some devices does not support port-channel mode Active and you may need to adjust.  Another config is encapsulation dot1q. Both need to be tested, unless you already have a confirmation from the Fortinet on  this.

View solution in original post

M02@rt37
VIP
VIP

Hello @Herman2018 

Your configuration is well-structured for creating a port-channel between the ASR 1001 and the Fortinet firewall. Just ensure that you verify compatibility and configurations on both sides, and perform thorough testing once set up. If you have specific requirements or need to adjust settings based on your network design, feel free to share those for more tailored advice!

Note: Verify that LACP settings on the Fortinet firewall are compatible with your ASR configuration. Sometimes, different vendors may have unique defaults or requirements...

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

9 Replies 9

@Herman2018 

 Seems to be right to me but you need to test with the Fortinet to be sure. Some devices does not support port-channel mode Active and you may need to adjust.  Another config is encapsulation dot1q. Both need to be tested, unless you already have a confirmation from the Fortinet on  this.

M02@rt37
VIP
VIP

Hello @Herman2018 

Your configuration is well-structured for creating a port-channel between the ASR 1001 and the Fortinet firewall. Just ensure that you verify compatibility and configurations on both sides, and perform thorough testing once set up. If you have specific requirements or need to adjust settings based on your network design, feel free to share those for more tailored advice!

Note: Verify that LACP settings on the Fortinet firewall are compatible with your ASR configuration. Sometimes, different vendors may have unique defaults or requirements...

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Bridge with forti? I dont get what you want here' and why you use PO?

What you need it make bridge between g0/0/1 and g0/0/2 if FW is in l2 mode.

This make traffic enter to FW inspect and then egress from other interface.

MHM

hi @MHM Cisco World & @paul driver , 

 

 

I never try before' but hope it work as you want 

Goodluck 

MHM

Hello @Herman2018 

Just a note: ensure the MTU on both sides (ASR and Fortinet) matches. A mismatch in MTU can cause issues, particularly with services like LACP...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

hello
for what reason are you bringing - surley you would have l3 between the asrs and the fortinets?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

he need bridge to make HA work 
instead of using SW he use bridge between two routers 

but the codes he shared I dont think so it correct 

but let him check and update us 

MHM

hello
What are you bridging and why?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card