Juniper SRX – How do I configure LACP (802.3ad) ?

IEEE 802.3ad (LACP) is a technology that provides a method of aggregating multiple Ethernet links into a single logical channel.

Configuration

To configure LACP the following commands are used. This example aggregates the interfaces fe-0/0/3 and fe-0/0/4 into a logical interface named ‘ae1’. This logical interface is then configured as an access port and assigned to vlan ‘vlan-trust’.

set chassis aggregated-devices ethernet device-count 2
set interfaces fe-0/0/3 fastether-options 802.3ad ae1
set interfaces fe-0/0/4 fastether-options 802.3ad ae1
set interfaces ae1 unit 0 family ethernet-switching port-mode access
set interfaces ae1 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces ae1 aggregated-ether-options lacp active

Once configured and commited the running configuration (for your new aggregated interfaces) will look like this,

chassis {
    aggregated-devices {
        ethernet {
            device-count 2;
        }
    }

interfaces {
!
    fe-0/0/3 {
        fastether-options {
            802.3ad ae1;
        }
    }
    fe-0/0/4 {
        fastether-options {
            802.3ad ae1;
        }
    }
    ae1 {
         aggregated-ether-options {
            lacp {
                active;
            }
        }
        unit 0 {
            family ethernet-switching {
                port-mode access;
                vlan {
                    members vlan-trust;
                }
            }
        }
    }

Testing

To confirm that the interface is up run the following command,

root@srx# run show interfaces terse | match ae1
fe-0/0/3.0              up    up   aenet    --> ae1.0
fe-0/0/4.0              up    up   aenet    --> ae1.0
ae1                     up    up
ae1.0                   up    up   eth-switch

If you then need to show further information on your aggregated interface you can run the command,

root@srx# run show interfaces ae1 extensive
Physical interface: ae1, Enabled, Physical link is Up
  Interface index: 148, SNMP ifIndex: 542, Generation: 151
  Link-level type: Ethernet, MTU: 1514, Speed: 200mbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled,
  Minimum links needed: 1, Minimum bandwidth needed: 0
  Device flags   : Present Running
  Interface flags: SNMP-Traps Internal: 0x0
  Current address: 28:c0:da:d9:7f:41, Hardware address: 28:c0:da:d9:7f:41
  Last flapped   : 2013-01-12 19:51:39 UTC (00:28:59 ago)
  Statistics last cleared: Never
  Traffic statistics:
   Input  bytes  :            157369210                    0 bps
.....(output omitted)
Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial