LACP 802.3ad & sub-interfases

Pavel An Posted 27 Apr 2023 19:32

Hi,
In the NGFW description, there is support for LACP, but is it possible to create sub-interfaces (802.1q VLAN ID) in it?

Faisal Piliang has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Hi,
configure terminal
inter range gigabitEthernet 1/0/23-24
channel-group 1 mode active
channel-protocol lacp
#on newer IOS you dont need following CMD
#switchport trunk encapsulation dot1q
switchport mode trunk
Thanks
Is this answer helpful?
RegiBoy Lv5Posted 28 Apr 2023 15:18
  
Yes, it is possible to create sub-interfaces with 802.1q VLAN ID on Sangfor NGFW and configure LACP on them. Here are the general steps to create a sub-interface with VLAN ID and configure LACP:

1.Log in to the Sangfor NGFW web console and navigate to the "Interfaces" page.
2.Click on the physical interface you want to create the sub-interface on.
3.In the "Sub Interface" tab, click "Add" to create a new sub-interface.
4.In the sub-interface configuration, specify the VLAN ID in the "VLAN ID" field.
5.Configure the LACP settings by clicking on the "LACP" tab in the sub-interface configuration.
6.Enable LACP by selecting "Active" or "Passive" mode, and configure the LACP priority, if desired.
7.Save the sub-interface configuration and apply the changes.
Faisal Piliang Posted 29 Apr 2023 00:01
  
Hi,
configure terminal
inter range gigabitEthernet 1/0/23-24
channel-group 1 mode active
channel-protocol lacp
#on newer IOS you dont need following CMD
#switchport trunk encapsulation dot1q
switchport mode trunk
Thanks
Zonger Lv4Posted 29 Apr 2023 04:53
  
The ability to create sub-interfaces (802.1q VLAN ID) on a Next-Generation Firewall (NGFW) depends on the specific firewall and its capabilities. While support for LACP (Link Aggregation Control Protocol) is often included in NGFWs, the ability to create sub-interfaces may not be available on all models or brands.

If you need to create VLANs on your NGFW, you should check the documentation or contact the vendor to confirm if the firewall supports sub-interfaces and how to configure them. In general, to configure sub-interfaces on an NGFW that supports them, you would typically do the following:

Configure the physical interface with the VLAN tagging protocol (802.1q) and assign a VLAN ID to it.

Create a sub-interface for each VLAN, specifying the VLAN ID and any additional configuration options, such as IP address and subnet mask.

Configure the appropriate firewall rules for each VLAN and sub-interface, to control traffic flow between them and the rest of the network.

Again, the specific steps and options may vary depending on the NGFW you are using, so it's important to consult the documentation or vendor support for guidance.
faysalji Lv3Posted 02 May 2023 18:09
  
Yes, it is possible to create sub-interfaces with 802.1q VLAN ID on an NGFW (Next-Generation Firewall) that supports LACP (Link Aggregation Control Protocol). Sub-interfaces are virtual interfaces created on a physical interface of a device, and they allow you to divide a physical interface into multiple logical interfaces.

To configure sub-interfaces on an NGFW, you would typically follow these steps:

Configure the physical interface with LACP. This involves connecting the physical interface to one or more other interfaces using LACP to create a logical link aggregation group.

Create the sub-interface. Specify the parent physical interface and the VLAN ID for the sub-interface.

Configure the sub-interface with the appropriate IP address, subnet mask, and other relevant network parameters.

Here's an example configuration for a sub-interface with VLAN ID 10 on a physical interface called eth0 that is already configured with LACP:

interface eth0
  lacp mode active
  lacp timer fast

interface eth0.10
  vlan-id 10
  ip address 192.168.1.1/24
  description VLAN 10
In this example, the "interface eth0" command configures the physical interface with LACP in active mode with fast timers. The "interface eth0.10" command creates the sub-interface with VLAN ID 10 and assigns it an IP address of 192.168.1.1/24. The "description" command is optional and can be used to provide a description for the sub-interface.

Note that the exact configuration syntax may vary depending on the NGFW vendor and model.
Farina Ahmed Lv5Posted 02 May 2023 18:19
  
Link Aggregation Control Protocol is an IEEE standard defined in IEEE 802.3ad.

Yes we can create sub interfaces into it and also can do intervlan routing if required.
CLELUQMAN Lv3Posted 03 May 2023 12:36
  
yes u can create sub-interfaces (802.1q VLAN ID) on the physical interfaces. you can separate traffic from different VLANs, and apply policies or configurations to each VLAN as needed.
Pat Lv4Posted 04 May 2023 11:21
  
Yes, it is possible to create sub-interfaces with 802.1q VLAN IDs on Sangfor NGAF's Next-Generation Firewall (NGFW) that supports LACP.

To create a sub-interface with a VLAN ID, you first need to configure the physical interface with the IP address, subnet mask, and other parameters required for the parent interface. Then, you can create sub-interfaces on that physical interface with specific VLAN IDs.

The exact steps for creating sub-interfaces with VLAN IDs may vary depending on the specific version of Sangfor NGAF and the interface configuration you want to use. However, in general, you can follow these steps:

Log in to the Sangfor NGAF management interface and navigate to the interface configuration page.

Select the physical interface you want to configure, and click the "Edit" or "Configure" button.

In the interface configuration page, look for an option to create sub-interfaces or VLAN interfaces. This may be labeled differently depending on the NGFW model or firmware version, but it is typically found under the "Advanced" or "VLAN" settings.

Create a new sub-interface by specifying the VLAN ID you want to use, along with any additional configuration parameters, such as the IP address, subnet mask, and default gateway.

Repeat the above steps for each additional VLAN ID and sub-interface you want to create.

Once you have created the sub-interfaces with VLAN IDs, you can configure LACP on each of them if needed, as well as any other firewall policies or routing rules that are required for your network configuration.
Bojie186 Lv1Posted 04 May 2023 11:28
  
By creating sub-interfaces with VLAN IDs, you can logically divide a physical interface into multiple virtual interfaces, each with its own unique VLAN ID. This allows you to isolate network traffic based on different VLANs and implement different security policies for each VLAN.
letlet Lv1Posted 04 May 2023 11:40
  
There is a possiblility to create sub-interfaces with 802.1q VLAN IDs on Sangfor NGAF that supports LACP

I Can Help:

Change

Moderator on This Board

1
129
3

Started Topics

Followers

Follow

18
8
0

Started Topics

Followers

Follow

Board Leaders