Skip to main content
Devious_Duck
Devious_Duck
New Member
March 9, 2018
Question

FortiSwitch VLAN & Trunking limitations - Why can't they work like Cisco's :)

  • March 9, 2018
  • 1 reply
  • 17943 views

All,

Greetings!  I have been beating my head against a wall for a week to attempt to do something that I can do on a Cisco(shhhh) in ten minutes. But I am trying to save the company $$$$ and make life as unbearable on myself as I possibly can. HEY!!!!! I'm at least half way there.

 

So..... I'll cut to the chase.  Seems as if you want full vlan routing functionality with FortiSwitches they need to be controlled by Fortigate Firewall.... 1. Is this a correct assumption on my part?

 

Here is what I am trying to do.

 

Medium size corporate & manufacturing campus

2 vlans

1 default

10 wireless

 

Mix of Cisco, HP, Netgear, & FortiSwitches 224B & 224D os 1.0.1 (forti were originally just used for wifi). 

 

I want to install a fortiswitch in the same capacity as I would my Cisco. Namely, trunk port 24 and allow vlan10 ONLY on ports 1-4 and vlan1 on remaining ports.

 

So I have tried tagging & untagging ports, but to no success. The wireless is on a seperate subnet and wifi ap's ARE controlled by the Fortigate FW. 

 

However, VLAN10 traffic is not making it to Ports 1-4 to allow the AP to communicate back to FW.

 

So it seems I am missing the trunking portion or whatever terminology Fortinet uses.... OR.... this is a function that needs a Fortigate that controls the switches to accomplish.

 

Hopefully I expressed that somewhat clearly. :(

Thanks in advance for any advice.

 

A little more back story on how the wifi was originally set up. 

The Fortiswitches were configured on the 104 subnet as are the AP's 

A port was tagged on the main network switch for each location, that was connected to the tagged port on the Fortiswitch which then had the AP's plugged in.

 

So you had 2 24 port switches in a cabinet. Fortiswitch only had 1 port used as uplink and as little as 1 port to an AP. This was done because of the POE capability I assume.

 

So I am trying to more efficiently use these switches, but I am just not able to get the functionality that I need out of them at this time.

[&o]

    1 reply

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    March 9, 2018

    hi,

    and welcome to the forums.

     

    I don't quite understand your problem. You state that the APs are controlled by a Fortigate. Wireless and Switch controller are both included in FortiOS, down to the smallest model. So, why don't you just configure the FSWs from your FGT?

    Devious_Duck
    Devious_DuckAuthor
    New Member
    March 9, 2018

    Thanks for the reply Ede.

     

    Again, all of this may be based on my ignorance of how Fortinet devices work together. Our Firewall has no option that I can find for switch control. It has wifi control.

     

    Firewall is Fortinet 300D - Firmware is 5.2.2, build 642 (GA) - HA status is standalone, Operation mode is NAT

    Switch is Fortiswitch 224B running os  1.0.1

     

    I read a post that said under Switch & Wifi Controller  ---- but I do not have that option.

     

     

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    March 9, 2018

    Check under System > Config > Features, enable "WiFi & Switch Controller".

    That was the easy part.

     

    FortiOS v5.2 does support managing FortiSwitches from the FGT GUI. But...only D series models are supported. Frankly, the B series is a bit outdated. The current switch series is the E series.

     

    On another note: please do yourself a favor and upgrade to latest v5.2 soon - v5.2.13. There are some severe security holes fixed along that way. Or check out v5.4 (read first: 'What's new in FortiOS v5.4').

    All of that on support.fortinet.com and docs.fortinet.com.

    Terms & ConditionsAccessibility statement