Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MG1
New Contributor II

Vlan routing

HI all,

as per diagram,the three sites are configured with BGP and all is working properly.

All the networks are received trough BGP from both FGTs and from Cisco R1.

Now the problem is when i configure Vlan in FGT.

As per diagram,vlans configured trough cisco router as L3 device are working properly,buuut the Vlan I configured on SITE-C FGT (Vlan 50)the network is published trough BGP to all the sites,but the PC4 is only able to ping his GW but any site.

I don't understand if is a bug or something not configured properly.Wireshark only give "no response found" for ping request.

Either PC4 can't be pinged from any other site.

Basically,all network is working proiperly,only vlans configured in FGT are not working.

Thanks in advance!diagram.jpg

1 Solution
MG1
New Contributor II

After struggling for a solution,i removed FGT SITE-C and configured entirely again and issue solved!

Thanks all for support!

View solution in original post

7 REPLIES 7
Muhammad_Haiqal

Thank you for the diagram. May i know, PC4 gateway is on Site-C-SW1 or Site-C Fortigate? Basically PC4 need to reach Fortigate VLAN50 IP address 1st. In your case, im afraid, there are VLAN misconfiguration on the Site-C-SW1.

Here is my idea to check connectivity:
On Site-C-SW1, configure VLAN50 IP address.
From this SW1, ping to VLAN50 of Fortigate. 
This is to verify connectivity between switch and Fortigate.

Then, From PC4, ping to Site-C-SW1, then Site-C Fortigate.
You may have some finding if the issue related to Fortigate or Switch configuration.

Hope that helps.

haiqal
MG1
New Contributor II

Hi Muhammad,thanks for reply.

Vlan 50 GW is on SITE-C FGT and Is reachable from PC4.

172.4.1.0/24 Is correctly anounced trough BGP as well.

Regards 

Muhammad_Haiqal

Hi MG1,
Thank you for your respond. 
On site-C fortigate, please verify if the routing table is correct. This fortigate can handle how to send out the traffic, however does not have control on how the traffic coming back.

Example:
Site-C fortigate already sent traffic to SiteB-R1. Now traffic will be handle by this SiteB-R1.
In real life, you can consider, parcel has been sent to Fedex(SiteB-R1). Now depend to Fedex how to handle the route.


This KB might be helpful:

 

 

haiqal
MG1
New Contributor II

HI Muhammad,

thanks again for your reply.

SITE-C FGT is configured correctly,e.g. SITE-C FGT port 3 has no vlan configured and his network 172.3.1.1/24 can be reached by other 2 sites.

The problem is when i configured a FGT port with Vlan ,for this i don't know if is some kind of FGT VM limitation,bug or something wrong configured.

Thanks in advance.

Debbie_FTNT

Hey MG1,

you could narrow down where the break in connection occurs with traceroute command; that would let you know how many hops the traffic goes through before failing.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
MG1
New Contributor II

Hi Debbie,thanks for your reply.

Any trace with destination PC4 stops at his BGP gateway and same for PC4 to other sites. Weird thing is that only happens when i configure vlans on FGT,if i i connect PC4 straight to port 4,works with no issues.

I'm missing something but don't get what.All the BGP routes are correctly sent/received on all the neighbours.

MG1
New Contributor II

After struggling for a solution,i removed FGT SITE-C and configured entirely again and issue solved!

Thanks all for support!