Showing results for 
Search instead for 
Did you mean: 


For design considerations I am considering enabling LACP between our core switches and McAfee firewalls.

From what I understand, (notefrom the Sidewinder 8_30 Admin Guide)

Before you enable an Aggregate group on the firewall, make sure your connected switches are properly

configured andsegmented. Switches with dynamic LACP enabled might place all LACP trafficin the

default VLAN. Thiscan create a traffic loop in your network. To avoid this problem, configureyour

switch for static LACP (Aggregate) groupsthat are assigned to different segmented VLANs.

Is dynamic LACP available and not encouraged because of this possible loop? Or is dynamic not supported and perhaps on a road map for futurerelease of McAfee firewalls?

Advantages over static configuration

Source: Wikipedia

*The Wikipedia source is from, so am I correct toassume the following statements are applicable to our McAfee SidewinderFirewalls?

Static LACP Failover occurs automatically: When a link fails and there is (for example) a mediaconverter between the devices, a peer system will not perceive any connectivity problems. With static link aggregation the peer would continue sending traffic down the link causing the connection to fail.

Dynamic configuration: The device can confirm that the configuration at the other end can handle linkaggregation. With Static link aggregation a cabling or configuration mistakecould go undetected and cause undesirable network behavior.

3 Replies
Level 13
Report Inappropriate Content
Message 2 of 4



I had to do some research on my own about the differences between static and dynamic LACP.

>Is dynamic LACP available and not encouraged because of this possible loop? Or is dynamic not supported and perhaps

>on a road map for futurerelease of McAfee firewalls?

I see no indication that dynamic LACP will not work with Firewall Enterprise, the warning only seems to indicate that a misconfiguration of the switch along with the use of dynamic LACP could possibly cause a loop.

In fact, I have LACP with 10g links setup in my lab right now and I am fairly certain that it is dynamic LACP as the ports in the group communicate with each other in order to determine if they are up or not.

Hope this helps.




Thank you Matt (mtuma) this does help.

Should I have any design concerns for HA (Active/Active) of Firewall Enterprise coordinating with LACP?


Message was edited by: sidewind-rr on 7/9/13 10:28:24 AM CDT
Level 13
Report Inappropriate Content
Message 4 of 4


I see no indication of any restrictions with regards to HA. When there are problems with using two features together (like HA and LACP), we typically document that in the product guide, as well as preventing you from configuring it in the GUI.


You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community