Skip to main content
Phinestra200
Phinestra200
New Member
February 13, 2018
Question

How to setup Hardware Switch with multiple VLANs for PC and ip Phone flows- 90D POE

  • February 13, 2018
  • 2 replies
  • 13499 views

Hi, first of all, sorry for this long Post :)

i'm quite new in the world of Fortinet, i already performed some actions, but this is my first time to configure fortigate to act like a router/Firewall and User access at the same time for data an toip purpose. i have a 90D POE fortigate and i would like to use it for a small business agence ( just few users) and interconnect it to the head quater through VPN. VPN is UP and i can connect for management. status : ------ WAN1 connected to ISP WAN2 disable. Hardware Switch 1 : Internal 1 and Internal 2 Hardware Switch 2: Internal 3 to Internal 10 then Port A to D ( port A,B,C and D are POE ports) VDOM enable :  3 VDOMs on the Hardware Switch 1, there is no VLAN configured. we won't use it for the moment. on the Hardware Switch 2 ( IP address of VLAN 20 (/24) with DCHP enable) there is interface VLAN 10, attached to VDOM 1 there is interface VLAN 20, attached to VDOM 1 there is interface VLAN 30, attached to VDOM 2 ( VDOM 2 it use for Toip purpose) with dhcp relay enable ( IPBX) So all the 3 Vlans are known in the Hardware switch finally. the Need : i want that user, once connected, with their IP phone (one port connected to the Forti and another to PC), get 1 IP address dynamically (vlan 20) dedicated to data flow and 1 IP address (vlan 30) for phone or if a user is connect directly on an internal port for data flow only he get IP address of VLAN 20. this current configuration doesn't work as expected. and i think i do not understand how to make it work :( how can i make it work? do i misconfigurated something?  somebody i'd already face to this ? THanks in advance for your help. Regards, Phi.

2 replies

dmcquade
dmcquade
New Member
February 14, 2018

It sounds like your VoIP DHCP addresses are assigned from a device separate from the Fortigate. For this you need to add 2 commands to the VLAN 30 interface:

set dhcp-relay-service enable

set dhcp-relay-ip <ip address of DHCP server>

 

If you have multiple DHCP servers servicing the subnet, separate them with a space.

 

If you want the Fortigate to serve as a DHCP server, configure the DHCP server within the VLAN interface config.

 

HTH

d

Phinestra200
Phinestra200Author
New Member
February 16, 2018

Hi,

it seems i've partially solved my problem :)

*

the hardware switch was in the root vdom :

 

so all the trafic from vlan 20 (data) to I nternet or another Vdom was going first through the root.

so it seems you should pay attention to where you put your hardware switch.

and it seems that DHCP should be manage in this configuration by the Hardware switch only if you have to use a dhcp relay.

 

i'm not sure if everything is clear for you :) but HTH anyone.

 

Phi.

 

sw2090
SuperUser
sw2090
SuperUser
February 22, 2018

Hm this does work with one vdom though.

 

That's what we have here. One root vdom on FGT. Then Interfaces configured and several vlan interfaces added.

Then all we need to do is to tag the vlans on the port of the hardware switches behind the fgt port the vlans we want are on into the vlan (mostly untagged because few clients would do taging on their own) and have all vlans tagged on the port that is connected to FGT. Since FGT sends packets on a vlan interface always tagged with that vlan id this works fine here.

Terms & ConditionsAccessibility statement