Hey everyone,
I have an issue with a set up I'm trying to roll out on a 100D appliance. I have 4 vlan subinterfaces configured under one physical port (port5) and a Cisco Catalyst 2960 gig port trunking to port5. Vlanforwarding is enabled on every subinterface, as well as the physical port itself.
When I assign any vlan to another switchport, say 2 on fa0/1, and plug myself into the switchport, DHCP completes, and I can ping every gateway IP on every vlan subinterface on the Fortigate. But, I cannot ping from the management IP on the Cisco to the Management vlan on the fortigate (not the MGMT interface, just another vlan I set up). I get the debug output: encapsulation failed, which points to an ARP entry not being in the switch's ARP table for the fortigate, and sure enough, that's the case.
It's just a simple config on the switchport:
switchport mode trunk
switchport trunk native vlan 1 (yes I know, don't leave that, this is just for testing)
switchport trunk allowed vlan all
Any ideas?
@catgifs I'm having a very similar issue, did you ever resolve? Thanx
I think the switchport may be configured incorrectly, or there is a problem with the ARP table on the Cisco switch and the FortiGate appliance itself.
Try pinging the FortiGate appliance's management IP address from another device on the same network. Also, try connecting a laptop directly to the FortiGate appliance's management interface and pinging the management VLAN.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.