New Member

Question

VLANS are not functioning in my lap

Forum|Forum|2 years ago
May 9, 2024
6 replies
4475 views

I Have WAN and LAN port.

But I am trying to create vlans under the lan port, see the pictures

The LAN(port2) network is working fine on my vm's. It works also through dhcp server relay.

The ip adresses of my 2 vlans created under the LAN(port2) are not working in my vm's. and they cannot reach my Vm's.

I also created firewall policy from the VLANs to the WAN port, but that doesnt work either

I Am using Hyper-v Environment.

Any Suggestions please?

Schermafbeelding 2024-05-09 201518.png

AEK

SuperUser

Port2 is connected to which kind of device?

If it is L2 switch or server or anything else, the port of that device must be configured as trunk allowing VLANs 10 & 16.

AEK

NuurAuthor

New Member

Hi AEK,

Its connected to a internal virtual Ethernet from Hyper-V
I will try to configure the trunk, but I dont know if that is possible in the virtual Ethernet

ozkanaltas

Valued Contributor III

Hello @Nuur ,

You need to create trunk interface on Hyper-V for port2.

https://learn.microsoft.com/en-us/powershell/module/hyper-v/set-vmnetworkadaptervlan?view=windowsserver2022-ps

And also you need to create every vlan on Hyper-V for vm machines.

NuurAuthor

New Member

Hi @ozkanaltas

I will try to follow the instructions in the link.

I will let you know.

Thanks

NuurAuthor

New Member

Hi @ozkanaltas,

I am new to the Fortigate. Iam now facing issues that my VM Licence has expired.

normally I do factory reset, then I import the configuration which I backed-up.

But now I cant get passed the License window. I will look for a solution for this.

But for my VLAN Issues

Which interface should be trunked? The physical LAN port on fortigate of vlan16.

Schermafbeelding 2024-05-11 095649.png Schermafbeelding 2024-05-11 075823.png

AEK

SuperUser

Hi Nuur

The screenshot shows that you created VLANs 10 and 16 on FG's port2, so it seems from FG side you did it well.

Now you need to create the same from HyperV side, I mean create tagged VLANs on your HV port and propagate them to your VMs. I can't help on HV since I'm not experienced with it, but I'm pretty sure this doc can help:

https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/configure-virtual-local-areal-networks-for-hyper-v

AEK

OceanMiller

New Member

I created two VLANs under the LAN port and assigned them specific IP addresses. While the main LAN network continues to operate seamlessly with my VMs, the VMs associated with the VLANs are not receiving the expected IP addresses and are unable to communicate with each other or the WAN. Interestingly, despite configuring part worn tyres uxbridge firewall policies to facilitate traffic from the VLANs to the WAN port.

sw2090

SuperUser

Accoardng to your screenshots on FortiGate Side you alreaday created a trunk on Port2 (LAN) which has the two Vlans and port2 itself. This means traffic that hits the FGT and has a vid of one of the two vlans will be hitting that vlan interface any other traffic will match based on destination ip and routing.

This also means that behind the port2 every hop between Port2 and your vms musst carry along those vids in both direction (which is what on switches you usually call a vlan-trunk). This makes sure that vlan tagged traffic can reach your vms.

This also includes that (as it is the last hop before your vms) HyperV also has to do that.

Alas I cannot say much about HyperV hence we only use vmware here.

ceed

New Member

bonjour, il faudra configurer le vswitch pour les vlan

exemple : commande powershell : set-vmnetworkadaptervlan -vmname <vmforti> -trunk -allowedvlanidlist 1-100 -nativevlanid 0

AEK

SuperUser

Here is the full man page.

https://learn.microsoft.com/en-us/powershell/module/hyper-v/set-vmnetworkadaptervlan?view=windowsserver2025-ps

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded