Hello,
I am having problems and I need your urgent support.
I have a VLAN Switch (ID 0) and a Software Switch (With several interfaces on each)
VLAN Switch (ID 0): 192.168.33.0/24
Software Switch: 192.168.32.0/24
I have created the rules to allow traffic between the two but do not want to allow traffic.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
For urgent support, please open a TAC support case and call the support line.
Your description does not tell us:
- what product you are referring to? Is there a FortiGate involved?
- how are they connected to the FortiGate? (I guess the software switch is set up on FortiGate)
- have you decided if you want to allow thet raffic or not? If not, simply remove the rules.
All in Fortigate 100F
I have port 3,4,5,6 configured in VLAN SWICH (ID 0) and I have port 10 and 11 configured in Software Switch.
VLAN Switch (ID 0): 192.168.33.0/24
Software Switch: 192.168.32.0/24
How do I do so that they can exchange traffic?
I have created the rule to allow traffic between the two but it does not want to pass.
You need to see where the bottleneck is.
Check routing:
get router info routing table detail 192.168.33.x
get router info routing table detail 192.168.32.y
check if both hosts are reachable:
exec ping-options source 192.168.33.1 (IP of switch)
exec ping 192.168.33.x
exec ping-options source 192.168.32.1 (IP of Soft switch)
exec ping 192.168.32.x
Check that the packets reach the correct interfaces:
diag sniffer packet any "host so.ur.ce.IP and host de.sti.nat.ion" 4 0
The default settings are correct and nothing else is needed except the IPv4 policy between the 2 switches. Here is the setup:
Test PC: 10.147.3.220
Sever (destination): 10.106.21.6
C:\Users\fortinet>ping 10.106.0.220 (fail)
C:\Users\fortinet>ping 10.106.1.26 (fail)
C:\Users\fortinet>ping 10.147.0.220 (gateway = ok)
Pinging 10.147.0.220 with 32 bytes of data:
Reply from 10.147.0.220: bytes=32 time<1ms TTL=255
Added ipv4 policy Software switch to VLAN switch, now traffic passes:
C:\Users\fortinet>ping 10.106.0.220
Pinging 10.106.0.220 with 32 bytes of data:
Reply from 10.106.0.220: bytes=32 time=1ms TTL=255
C:\Users\fortinet>ping 10.106.1.26
Pinging 10.106.1.26 with 32 bytes of data:
Reply from 10.106.1.26: bytes=32 time=1ms TTL=254
For the return to work you also need a policy from VLAN switch to Software switch.
Otherwise, the ping can't pass in reverse direction:
C:\Users\Server> ping 10.147.3.220 (fail)
C:\Users\Server> ping 10.147.0.220 (fail)
Hi jcvm
Please provide more detail about your config.
In the meantime, please see this and let me know if it helps you http://docs.fortinet.com/document/fortigate/6.2.10/cookbook/277799/software-switch
Just in case you're referring to a config on fortigate, check this out: https://youtu.be/5NXzxk__5z8
I have changed all the configuration and created two groups with Software SW interfaces.
With this and the corresponding firewall rules, the problem was corrected.
Apparently both VLANs SW to Software SW not working despite properly configured firewall rules.
I'm just curious but why you originally used vlan ID/tag 0 on the hardswitch vlan subinterface? For Fortigate vlan_id=0 is still a tagged inteface, not a native vlan because it doesn't have the concept. And you can set IP/subnet on the parent hardswitch non-tagged interface.
Toshi
that was precisely the problem.
All of this was caused because I originally used the VLAN SW that comes by default with VLAN ID 0.
In the end it was tagged despite being 0. This was the problem with everything.
I just tried to test it because it was already VLAN SW by default and I don't know why I thought it was native.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.