I have come across this question quite a bit lately, and thought it may be helpful to post a quick how to. In this post we'll take a look at a port configuration on a Cisco switch, and configure the FortiGate accordingly. You can choose to configure this on any model switch, I am only using Cisco as reference due to it being the most commonly understood from a configuration standpoint.
Assumptions
FortiOS Versions: This is tested in FortiOS 6.0 and above
The interface in question is not a part of a virtual switch (hardware or software)
With the boring stuff out of the way, let's get into the fun stuff.
The scenario
Based on the configuration snippet below, we want to support both tagged and an untagged vlan from the FortiGate:
!
interface GigabitEthernet0/1
switchport mode trunk
switchport trunk native vlan 3
switchport trunk allowed vlan 3-4
!
Here's how we configure that on a FortiGate:
VLAN3:
Here's what this looks like in CLI:
config system interface
edit "internal6"
set vdom "root"
set ip 10.0.3.2 255.255.255.0
set allowaccess ping https ssh http fabric
set type physical
set alias "VLAN3 - untagged"
set device-identification enable
set lldp-transmission enable
set role lan
set snmp-index 12
next
end
It's pretty much configured like a standard interface - because it is.
VLAN 4:
In Network > Interaces Click on "Create New > Interface"
Note the differences, this is a "VLAN" interface, and it's "tied" to "internal6". Here's how it looks in CLI:
config system interface
edit "vl_4_lan"
set vdom "root"
set ip 10.0.4.2 255.255.255.0
set allowaccess ping https ssh http fabric
set alias "VLAN 4"
set device-identification enable
set role lan
set snmp-index 14
set interface "internal6"
set vlanid 4
next
end
You can continue to add VLANs using the same method as needed.
Simply put the FortiGate doesn't really care what VLAN your "native/untagged" VLAN is, it will just assume that any packets that don't have a 802.1Q(VLAN) tag associated with them that it will be on that subnet.
That's all there is to it, thank you for reading, I hope this helps.
Comentarios