Assign Slave Ports to link aggregation on USG 500 Flex in V5.35(ABUJ.0)

stephan
stephan Posts: 31  Freshman Member
First Anniversary 10 Comments Friend Collector
edited March 2023 in Security

Hello dear Community,

We are facing an "issue" trying to set-up our USG500 Flex on Firnware V5.35(ABUJ.0) with link-aggregation.



The second chapter of this post (802.1ad) corresponds pretty much exactly to what we want to set-up.

Unfortunately when trying to set-up the Slave Ports my choices are very different from all the guides I find.
My "port" choices:


Also in the running-config the ports are all assigned.

interface-name ge1 sfp
interface-name ge2 wan1
interface-name ge3 wan2
interface-name ge4 lan1
interface-name ge5 lan2
interface-name ge6 dmz
interface-name ge7 opt
interface-name ge8 reserved

My question is how can I set up the ports to be selectable as slaves for the LAG as in the following given example:

Thank you in advance for your time.

All Replies

  • Ian31
    Ian31 Posts: 165  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 2023

    Hi,

    Here what I did to add port 6 & port 7 to an internal LAG interface,

    1. Select not used interface as member interface for LAG. And setup its IP address to 0.0.0.0/0.0.0.0

    Also, I rename the interface to ge6 & ge7 for easy to remember the mapped port #.

    2. Bind only one port to each member interface

    3. Create LAG interface and add the member interfaces.

    4. Create VLAN interface on top of the LAG interface.

  • stephan
    stephan Posts: 31  Freshman Member
    First Anniversary 10 Comments Friend Collector

    Hello Lan31, I very much appreciate your effort to help me here.

    I tried today the complete setup as described unfortunately i can't reach the desired result.

    Here are the details i can provide from my side:

    I set up the four ports of my lag as follows. Note before that i tried to have them in diefferent „Zones“ like DMZ. The result was the same:

    The LAG is configured in the following way on the firewall side:

    The switch is also set to handle LACP on the LAG:

    Finally on the LAG i also setup a VLAN:

    Now the issue i have in that form of setup, is that i can only ping the VLAN interface when GE7 which is on the original lan1 assignement is plugged in. Over none of the other links (GE4/5/6) I am able to ping the VLAN interface. The lag is clearly up though and i can’t be a negotiation thing as it doesn‘t work even with only one wire except for GE7.

    Any idea where i went wrong?

  • stephan
    stephan Posts: 31  Freshman Member
    First Anniversary 10 Comments Friend Collector

    For everybodies information. With the screenshots provided before and after a full reboot and reset of the configuration I am glad to say that it is now functionnal. Thank you for the help @lan31

Security Highlight