| Description | This article describes how to create a loopback interface for FortiSwitch CLI and make sure communication between both loopback interfaces on FortiGate and FortiSwitch works. |
| Scope | FortiGate v7.0.x and higher. |
| Solution |
There will be a situation where communication between the loopback interface of FortiGate to FortiSwitch is necessary.
Step 1: Create a loopback interface on FortiGate and FortiSwitch. Loopback interface on FortiGate. In the below example, the loopback interface name is testloopback, and the IP address: 192.10.10.1/32.
Refer to the below article to create a loopback interface on FortiGate GUI: Technical Tip: How to create loopback interface from GUI
Step 2: Create a loopback interface as the below steps on a FortiSwitch: Loopback
In the below example, choose the FortiSwitch loopback interface as 192.168.200.10/32.
config system interface edit loopback set ip 192.168.200.10 255.255.255.255 end
Note: The above command can only be run directly on the FortiSwitch or via SSH from the FortiGate. This command would not work if using the managed switch command in the FortiGate:
config switch-controller managed-switch edit S108FFTV21025xxx config system interface command parse error before 'system'
Step 3: Once the interfaces are created, it is necessary to create a static route for the loopback address of the FortiSwitch via the FortiLink interface with the FortiSwitch IP address as the gateway as the loopback interface does not have any VLAN ID to attach.
In the below example, 10.255.1.2 is the switch IP where the loopback interface is configured.
Step 4: Make sure firewall policies are in place to pass traffic between the interfaces, and disable NAT.
Try to ping the FortiSwitch loopback interface by sourcing from the loopback interface FortiGate source 192.10.10.1 destination 192.168.200.10/32 on the FortiSwitch.
From FortiSwitch:
S148EN5919-----4 # execute ping 192.10.10.1 --- 192.10.10.1 ping statistics --- |
