interco vlans on same physical interface

Forum|Forum|5 years ago
November 2, 2020
1 reply
3399 views

Hello,

I've a Fortigate 200E with several interco vlans configured on the same interface.

Supposing that there are traffic exchanges between these vlans in both directions (coming in/going out).

eg. Port8 (trunk) = int_vlan10, int_vlan20, int_vlan100,...

traffic from int_vlan10 goes in/out to int_vlan20 on port8 (same interface)

I wonder if it will work. Does the anti-spoofing principle will block the traffic?

Regards.

lobstercreed

New Member

As you should be able to see from the CLI or GUI, each VLAN is its own interface regardless of what physical interface is underneath, so the traffic is *not* coming and going from the same interface and thus would not fail the RPF check.

You'll just need to make sure you have a firewall policy allowing said traffic. You also may want to set up zones and place the VLAN interfaces in the appropriate zones so that if VLAN changes are made later you can easily implement them from a policy perspective.

fatAuthor

Visitor III

one more question:

Usually, I configure a separate interface in L3 mode with IP address for ospf connection.

But in case of no more available port, I'd like to add the ospf interco as interface vlan to an existed trunk link. So the ospf routing mixes with other vlan traffic.

Do you think it will work?

Are there any impacts on the FW policy or performance?

Thank you very much.

lobstercreed

New Member

Perhaps a more experienced engineer could answer this definitively on a technical level, but it absolutely will work. I have done the same thing with no issues that I know of.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded