Created on 01-09-2025 08:53 AM Edited on 01-13-2025 06:22 AM By Jean-Philippe_P
Description | This article explains how to allow the traffic for Extreme Networks fabric to allow their adjacency to successfully establish over a Virtual Wire Pair. |
Scope | FortiGate. |
Solution |
By default, a Virtual Wire Pair does not allow layer 2 traffic which is used between 2 Extreme Networks switches when they are building adjacency using ISIS.
Example capture before enabling l2forward on the interfaces configured in the Virtual Wire Pair:
Example topology:
Note that if the ISIS traffic is over a VLAN it is required to enable the option Wildcard VLAN when creating the Virtual Wire Pair to allow the VLAN through or manually create each VLAN on the interfaces and create a policy for each VLAN.
config system virtual-wire-pair
edit "ExtremeTraffic"
set member "port10" "port11"
set wildcard-vlan enable
next
end
The following settings are used to enable layer 2 forwarding for the 2 interfaces used in the Virtual Wire Pair. In this example, port10 and port11 were used. It is also recommended to allow jumbo frames by increasing the MTU on the interfaces used as the 802.1AH used by the Extreme Switches will exceed the default 1500 MTU.
config system interface
edit port10
set l2forward enable
set mtu-override enable
set mtu 9216
next
edit port11
set l2forward enable
set mtu-override enable
set mtu 9216
next
end
Once those settings are configured the adjacency will come up between the Extreme Switches and a firewall policy can be configured to allow the traffic between the interfaces.
config firewall policy
edit 1 set name "VWP-Policy" set srcintf "port10" "port11" set dstintf "port10" "port11" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" next end Note: 802.1AH UTM Inspection support was added in v7.4.5+, v7.6.1+.
Related article:
Technical Tip: Creating a virtual wire pair |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.