|
The scope of VLAN which is available on FortiGate is [ 0 - 4094].
When configuring a network or setting up a VLAN interface, it is necessary to be aware that VLAN ID: 1 cannot be configured when creating a new VLAN interface on FortiGate.
- This is a reserved VLAN in Fortios and assigned to all switch ports when Fortiswitch is being managed by FortiGate.
- Non-working scenario and common issue: (When assigning VLAN ID 1 to the VLAN interface).
- FortiGate will be able to see the traffic coming to the interface from the respective VLAN which is using VLAN ID 1 but the return traffic back to the source will have issues and will not work as expected.
Mostly, an RPF will encounter a check failure, meaning it cannot route the traffic back to the source which in this case, is a source IP behind the VLAN which is tagged as VLAN ID 1.
- The RPF error can be seen when running a debug flow filter as per below:
diagnose debug flow filter addr x.x.x.x <----- (x.x.x.x is the source IP behind the VLAN).
diagnose debug flow show iprope enable
diagnose debug flow show function-name enable
diagnose debug flow flow trace start 100
diag de enable
To stop:
diag de disable
|
