HP VPN Firewall Appliances High Availability Configuration Guide
142
When you create an aggregate interface, the firewall automatically creates an aggregation group of the
same type and number as the aggregate interface. For example, when you create interface
Bridge-Aggregation 1, Layer 2 aggregation group 1 is automatically created.
You can assign Layer 2 Ethernet interfaces only to a Layer 2 aggregation group, and Layer 3 Ethernet
interfaces only to a Layer 3 aggregation group.
Removing an aggregate interface also removes the corresponding aggregation group. At the same time,
all member ports leave the aggregation group.
When a Selected port fails, an Unselected port might become a Selected port and forward user traffic.
Aggregation states of member ports in an aggregation group
A member port in an aggregation group can be in either of the following aggregation states:
• Selected—A Selected port can forward user traffic.
• Unselected—An Unselected port cannot forward user traffic.
When a Selected port fails, an Unselected port might become a Selected port and forward user traffic.
Operational key
When aggregating ports, the system automatically assigns each port an operational key based on port
information such as port rate and duplex mode. Any change to this information triggers a recalculation
of the operational key.
In an aggregation group, all selected member ports are assigned the same operational key.
Configuration classes
Every configuration setting on a port might affect its aggregation state. Port configurations include the
following classes:
• Port attribute configurations—Include port rate, duplex mode, and link status (up or down). These
are the most basic port configurations.
• Class-two configurations—A member port can be placed in Selected state only if it has the same
class-two configurations as the aggregate interface. Class-two configurations made on an
aggregate interface are automatically synchronized to all its member ports. These configurations
are retained on the member ports even after the aggregate interface is removed.
Table 8 Class-two configurations
Feature Considerations
VLAN
Permitted VLANs, PVID, link type (trunk, hybrid, or access), and VLAN
tagging mode.
MAC address learning
MAC address learning capability, MAC address learning limit, forwarding
of frames with unknown destination MAC addresses after the MAC address
learning limit is reached.
NOTE:
A
ny class-two confi
g
uration chan
g
e mi
g
ht affect the a
gg
re
g
ation state of link a
gg
re
g
ation member
ports and ongoing traffic. To be sure that you are aware of the risk, the system displays a warning
message every time you attempt to change a class-two configuration setting on a member port.