VLAN handling and DHCP - FTG 61E with UniFi Switch (no USG)
- April 2, 2020
- 1 reply
- 15161 views
Hi All,
I'm building the test lab for an upcoming network for new project, who require FTG and UniFi. This is my first fresh build in 6 years, and indeed first Fortigate and UniFi experience, so please bear with me as I'm learning the nuances.
Diagram shows a stripped out version of what I'm building. My issue was originally that clients connecting to the WAP do not receive any IP address at all, despite the UniFi SSID specifiying the correct VLAN ID for VLAN OTHER as clients join.
If I remove the VLAN specification from the SSID, the clients can connect, but instead pickup DHCP from the FTG INT1 DHCP range (which I would eventually want to to turn off. If I use a static IP on the client, I still can't ping anything (all interfaces set to allow ping etc. during test build).
I've tried skipping the UnFi switch and creating another test VLAN subinterface on the 61E with DHCP, connected to INT 6. I see the same behavior there - a wired client can only get DHCP from the INT1 range and only if I add the policy. DHCP from the VLAN66 interface is ignored/doesn't work. I did read this might be because the FTG needs an L2 device in front of it to assign the VLAN tag ID though - the VLAN subinterface on the FTG port cannot do this - is that correct?
STP is enabled on the interfaces and subs, NAT disabled on the INT to INT/VLAN policies, and can't think what else I'm doing wrong... seems to me the core issue is my VLANs not talking between interfaces correctly?
Once I can get the VLANS assigning DHCP correctly, I'd like to move the UniFi controller and hardware onto the Management VLAN.
Thanks for any help in advance.
-