Solved: Re: port-channel on cisco ASR1001

Herman2018 · ‎10-02-2024

hi, we have 2x ASR 1001 and created a bridge domain interface 20. Now we need to create port-channel between ASR and fortinet firewall. Can anyone pls help advise whether below config is correct? Thanks in advance.

interface BDI20

description xxxxx

ip address 10.x.x.1 255.255.255.248

int po50

desc xxxx

no ip address

Flavio Miranda · ‎10-02-2024

@Herman2018

Seems to be right to me but you need to test with the Fortinet to be sure. Some devices does not support port-channel mode Active and you may need to adjust. Another config is encapsulation dot1q. Both need to be tested, unless you already have a confirmation from the Fortinet on this.

View solution in original post

M02@rt37 · ‎10-02-2024

Hello @Herman2018

Your configuration is well-structured for creating a port-channel between the ASR 1001 and the Fortinet firewall. Just ensure that you verify compatibility and configurations on both sides, and perform thorough testing once set up. If you have specific requirements or need to adjust settings based on your network design, feel free to share those for more tailored advice!

Note: Verify that LACP settings on the Fortinet firewall are compatible with your ASR configuration. Sometimes, different vendors may have unique defaults or requirements...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Flavio Miranda · ‎10-02-2024

@Herman2018

Seems to be right to me but you need to test with the Fortinet to be sure. Some devices does not support port-channel mode Active and you may need to adjust. Another config is encapsulation dot1q. Both need to be tested, unless you already have a confirmation from the Fortinet on this.

M02@rt37 · ‎10-02-2024

Hello @Herman2018

Your configuration is well-structured for creating a port-channel between the ASR 1001 and the Fortinet firewall. Just ensure that you verify compatibility and configurations on both sides, and perform thorough testing once set up. If you have specific requirements or need to adjust settings based on your network design, feel free to share those for more tailored advice!

Note: Verify that LACP settings on the Fortinet firewall are compatible with your ASR configuration. Sometimes, different vendors may have unique defaults or requirements...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎10-02-2024

Bridge with forti? I dont get what you want here' and why you use PO?

What you need it make bridge between g0/0/1 and g0/0/2 if FW is in l2 mode.

This make traffic enter to FW inspect and then egress from other interface.

MHM

Herman2018 · ‎10-02-2024

hi @MHM Cisco World & @paul driver ,

MHM Cisco World · ‎10-02-2024

I never try before' but hope it work as you want

Goodluck

MHM

M02@rt37 · ‎10-02-2024

Hello @Herman2018

Just a note: ensure the MTU on both sides (ASR and Fortinet) matches. A mismatch in MTU can cause issues, particularly with services like LACP...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

paul driver · ‎10-02-2024

hello
for what reason are you bringing - surley you would have l3 between the asrs and the fortinets?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎10-02-2024

he need bridge to make HA work
instead of using SW he use bridge between two routers

but the codes he shared I dont think so it correct

but let him check and update us

MHM

paul driver · ‎10-02-2024

hello
What are you bridging and why?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul