Is that possible to bypass LACP in CheckPoint with...

BlueGrass · ‎2020-05-06

Dear All,

Due to some reasons, we need to have below design:

Both Cisco switches have the LACP group 3 mode active for Port7 and Port8.

And we have two A-A clusters CPs with bridge mode [P1 and P2] trying to scan the LACP traffic.

We just find that both Cisco can not form the LACP now, any advice?

Without the CPs and if both Cisco directly connected [7<->7, 8<->8] the LACP will work back.

SW1:

SW2:

Timothy_Hall · ‎2020-05-06

I don't think this is possible as LACP is negotiated by bridge/switch ports in a point to point fashion; you can't pass LACP generated by a switch port through a second switch/bridge to yet another port on a third switch, at least to my knowledge. You'll need to set up LACP on the Gaia interfaces as well to make this work.

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2

BlueGrass · ‎2020-05-07

Well, I try to set up Bonds on my two CPs.
Let say Bond1 and Bond2 are configured as a bridge.
Bond1 and Bond2 include P1 and P2 respectively.

I can then make the LACP up with failover but only the Master Unit CP1 connected wire, so there is no Load Balancing.

Appreciate it if I can let the slave CP unit line LACP up also.

BlueGrass · ‎2020-05-10

Might I know if CP has command like "set l2forward enable" on Fortigate?

Are you a member of CheckMates?

Is that possible to bypass LACP in CheckPoint with Bridge mode?