Multiple VLANs between 3 sites

Question

I have 3 office with a number of different VLANs to make life simple lets say the following

Office A

VLAN 191

192.168.1.0/24

VLAN 10

10.10.10.0/24

Office B

VLAN 192

192.168.2.0/24

10.10.11.0/24

Office C

VLAN 193

192.168.3.0/24

10.10.12.0/24

All offices are directly linked with layer-2 500M links from the local telco. (IE Office A-B, Office A-C, and Office B-C). Forming a triangle as it were.

If I have the same VLAN in multiple offices than I get a loop (the 10 network which is for phones used to be one streched VLAN) but of course the loop takes you down, so it didn't cover all 3 lines.

All Internet goes through Office A. I currently have a link between all offices and then route all VLANs over that link. But the end result of course is that everything becomes a giant mess. All routing is done using OSPF which works rather nicely.

But I don't see how I can easy keep VLAN 192.168.x.x separate from the 10.10.x.x VLANs. I really want the "DATA" vlan 192 to be able to talk, and the VOICE vlans 10 to be able to talk, but very limited communication between them. But they both ultimately must connect between all offices and even out to the internet.

sw2090 · Answer

looks rather easy as there is no overlaps ;)

Just create static routes for the vlans on the fortigates so traffic can be routed between the vlans of the offices.

Then create the policies to allow the traffic you want to allow.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded