Skip to main content
ITadm
ITadm
New Member
March 8, 2019
Solved

Traffic between VLAN and interface

  • March 8, 2019
  • 1 reply
  • 7630 views

Hello, 

 I have some difficulties with sending traffic between an interface and VLAN:

 

Physical interface:   12.155.16.128 / 255.255.255.192

VLAN:                    12.155.16.192 / 255.255.255.192

 

I created IPv4 policies between them, normally with just VLANs it works fine, but not really between an interface and a VLAN. I tried to switch on and off NAT in these policies, but with no luck. 

 

Funny thing is that I have a site-to-site VPN tunnel connected to this location and I can reach hosts on this physical interface and VLAN just fine.

 

Thank you for your help in advance!

    Best answer by Toshi_Esumi

    The PC(?) you're pinging from has a wrong subnet mask, bigger than /26. .202 device shouldn't ask ARP request to .130, which is in the different subnet.

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    March 8, 2019

    How do they show up in the routing table when you do "get router info routing-t all"?  Like below? Then you must have two policies between two interfaces for both directions.

    C       12.155.16.128/26 is directly connected, <INTERFACE_NAME>

    C       12.155.16.192/26 is directly connected, <VLAN_NAME>

    And what is the version of your FortiOS?

     

    ITadm
    ITadmAuthor
    New Member
    March 8, 2019

    I already created policies for both directions, that was actually the first thing I did, beacuse it's what I do when I want to connect VLANs :).

     

    Routing table:

    Routing table for VRF=0
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default
     
    S*      0.0.0.0/0 [10/0] via xx.xx.xxx.xxx, wan
    S       99.15.124.0/24 [10/0] is directly connected, S2S-DDS-DC
    S       10.10.0.0/16 [3/0] is directly connected, RC_DC
    C       10.10.5.64/27 is directly connected, LAN-Group
    C       10.10.5.96/27 is directly connected, LAN-Guest
    C       10.10.5.160/27 is directly connected, lan3
    C       12.155.16.0/27 is directly connected, LAN-Systems
    C       12.155.16.64/26 is directly connected, lan1
    C       12.155.16.128/26 is directly connected, lan2
    C       12.155.16.192/26 is directly connected, LAN-PC
    C       xxx.xxx.xxx.xxx/xx is directly connected, wan
    S       192.168.0.0/16 [3/0] is directly connected, RC_DC

     

    I have the latest FortiOS v6.0.4 build0231 (GA) and I forgot to mention that it's a Fortigate 30E.

    Thanks for your response!

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    March 8, 2019

    Then I don't see any reason they can't communicate each others unless there is a bug. Do sniffing "diag sniffer packet any 'host SRC_OR_DST_IP' 4" first to make sure the packets are incoming but not going out anywhere else. Then run flow debugging (you can find how in the Forum, Cookbooks, KB, and online-help) to see why those are dropping. 

    Terms & ConditionsAccessibility statement