Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to configure port aggregation

0

0

Article ID: KB12222 KB Last Updated: 25 Mar 2020Version: 7.0
Summary:

In order to bundle multiple physical ports together, port aggregation can be used.
This way, the bandwidth of multiple links can be combined into one virtual aggregate interface. This feature is available in ISG series and NetScreen-5000 series firewalls.

Symptoms:

In ISG and NetScreen-5000 Series firewalls, combine the bandwidth of multiple links into one virtual aggregate interface.

Solution:

Port aggregation can be used to bundle multiple physical interfaces together into one virtual aggregate interface. This aggregate interface can be used as if it is a physical interface. For example, the aggregate interface can be assigned an IP address and sub-interfaces can be created for it.

Here is an example on how to bundle two physical interfaces into one aggregate interface on the CLI:

-> set int agg1 zone Untrust
-> set interface ethernet1/1 aggregate aggregate1
-> set interface ethernet1/2 aggregate aggregate1

-> get int agg1
Interface aggregate1:
  description aggregate1
  number 45, if_info 360360, if_index 0, mode route
  link down, phy-link down/auto
  Aggregate port has 2 members: ethernet1/1; ethernet1/2;
  vsys Root, zone Untrust, vr trust-vr
  dhcp client disabled
  .....



This implementation can also be achieved via the WebUI as follows:
1. Under Network -> Interfaces , on top right Tab choose "Aggregate IF" and click New.


2. Under edit for interface ethernet1/1, choose "aggregate1" under the option "As a member of."


3. Similarly do the same for ethernet1/2.


4. Now in Interfaces list, click edit for aggregate1 interface and choose the zone for it. You can additionally configure the IP address and other options.

In the Firewall/IPSec VPN product range, the ISG and NetScreen-5000 Series firewalls support port aggregation. Other Netscreen devices like SSG series do not support port aggregation.

On the NetScreen-5000 Series devices it is only possible to aggregate ports that are connected to the same ASIC device. This means that it is only possible to aggregate, for example, these ports: ethernet 2/1 with 2/2, 2/3 with2/4, 2/5 with 2/6, and 2/7 with 2/8. 10G bps interfaces cannot be aggregated, because they use only one interface port per ASIC device.

Note: None of the Netscreen devices are LACP/802.3ad compliant. For more information, refer to KB14751 - Are ScreenOS devices 802.3ad compliant?.
 

Modification History:
2020-03-25: â€‹Added reference to 802.3ad/LCAP.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search