Description
This article describes how to route traffic coming from VXLAN to other VLANs or interfaces.
Scope
FortiGate.
Solution
To configure VXLAN, see the article below under 'Related Articles'.
Note: This article describes how to configure native VXLAN without encryption.
In order to allow Traffic from VXLAN to reach destinations that do not belong to the VXLAN range, follow the steps below:
- Assign an IP address in the switch interface:
The VXLAN configuration requires a switch interface as below:
config system switch-interface
edit "name"
set vdom "root"
set member "vxlan-int" "port"
next
end
The switch interface will be created:
edit "name"
set vdom "root"
set type switch
set snmp-index 34
next
The switch interface should be further configured:
config system interface
edit "name"
set vdom "root"
set ip <IP from the range of vxlan>
set allowaccess ping
set vlanforward enable
set type switch
end
After, firewall policies should be created to allow traffic from the switch interface to the interface or the VLAN to reach. NAT should be enabled where it is needed.
Note: The command 'edit name' is not used to make references. It is best practice to simply provide a unique identity for the named object.
Related articles
Technical Tip: How to configure native VXLAN without encryption.
