Skip to main content
ddemland
ddemland
New Member
August 21, 2018
Solved

VLAN and DHCP Not Working

  • August 21, 2018
  • 1 reply
  • 59570 views

I am new to Fortinet but I have a strong Cisco background. We are looking at replacing our Cisco 891W with a Fortigate 60D. I am working in a lab trying to get the device configured. In Cisco I can set the DHCP on the VLAN and all devices being tagged for that VLAN can gets its IP from the VLAN DHCP, this does not seem to work on the 60D. I have attached a screenshot of the interfaces. When the DHCP is configured on the interface I can get an IP on a connected PC but the VLAN tag is not added to the packets. When I configure the DHCP on the VLAN the PC cannot get an IP. I can see the DHCP request from the PC, using WireShark, and the 60D shows the DHCP request on it, but the DHCP packet is not tagged with the VLAN and there is no IP return. Looking at the picture of the interfaces, I have attached, it shows that the Voice VLAN is a subinterface to the internal2 interface. Should the DHCP packet get the VLAN tag added to it since the PC is connected to the internal2 port?

 

I am assuming that the 60D works like Cisco in that it tags all the traffic on internal2 port with the voice VLAN. Have I missed something?

 

Thank You,

 

David

 

    Best answer by Toshi_Esumi

    AP's management IPs are separated from SSIDs. That's why your APs currently get an IP from the DHCP you configured on non-tagged interface as well as the controller. You want to keep it as is while each SSID need to be on different subnets/DHCP servers because they're on different vlan interfaces.

    1 reply

    Alexis_G
    Alexis_G
    New Member
    August 22, 2018

    Hi

    From the excibit i see you have only one configured vlan the voice vlan. But you didnt append the configuration on this interface concerning the DHCP config.

     

    Additionally my opinion is that due this system is in Dev mode I suppose , it would be a good idea

    a. To upgrade from 5.2 (which you are now) to 5.4.x

    b. Delete the virtual switch and use separetly those interfaces.

     

    PS: FGT as layer 3 device can change VLAN tag but cannot  add or delete one, switches do that.

     

     

    sw2090
    SuperUser
    sw2090
    SuperUser
    August 22, 2018

    hm,

     

    did you set up a dhcp server on the vlan interface?

    On your screen I see that internal2 is not connected. As long as the physical interface is not connected and the vlan being a subinterface of this  no vlan packets will reach the FGT here. 

    Also you need to to vlan tagging on your clients or have a switch that can tag the packets between FGT and Clients.

    Terms & ConditionsCookie settingsAccessibility statement