VLAN Trunk on Link Aggregation (bond) Interface

On a Firebox M370 Fireware v12.6.2B631387 we have two Link Aggregation interfaces both with type VLAN and both with two physical members each. These are VLAN Trunks going to our Core LAN Switches. These makes the link to our switches at approximately 2Gbps. At any point in the network we notice though that the download speeds are being limited to 10Mbps. No problem with the upload as it can reach the subscribed upload bandwidth. We are certain that the download speeds of our four External links can go over 10Mbps as these are premium internet subscriptions.

Has anyone experience the same issue before I open a support case?



  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    I'd suggest checking that the LAG mode is set to the same thing on both the switch and the firewall.

    Firebox supports the following modes:

    Dynamic (802.3ad)
    All physical interfaces that are members of the link aggregation interface can be active. The physical interface used for traffic between any source and destination is determined through the use of Link Aggregation Control Protocol (LACP). LACP is the protocol used when the link aggregation group (LAG) runs in 802.3ad mode. LACP refers to the negotiation and interaction process between LAG peers. The peer device must also support LACP. For more information, see the Link Aggregation Control Protocol (LACP) section in this topic.

    All physical interfaces that are members of the link aggregation interface can be active. The same physical interface is always used for traffic between a given source and destination based on source/destination MAC address and source/destination IP address. This mode provides load balancing and fault tolerance.

    In this mode, at most only one member interface in the link aggregation group is active at a time. The other member interfaces in the link aggregation group become active only if the active interface fails. This mode provides fault tolerance for connections to network switches that do not support link aggregation.

    If modes don't match, they'll usually fail back to active/backup, which is the slowest.


    -James Carson
    WatchGuard Customer Support

Sign In to comment.