Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ryzen5
New Contributor

Confused on creating vlan for 40F

I have 40F firewall.

I have a setup a lan to wan, when plugged in on interface 1 can get internet and can see the gateway.

 

I removed interface 2 and 3 from the hardware switch and made a new hardware switch with port 2

I added a vlan to port 2

ipaddress is 172.16.0.1

DCHP range 172.16.0.2-172.16.0.62

mask 255.255.255.192

 

when I plug in a test device I get 169.254.0.0 which points to fortilink and I'm not sure why

 

I just need to understand why I'm not getting the 172 when I plug into to port 2

16 REPLIES 16
mahesh_pm
New Contributor II

Hi,
which port binds with VLAN port2 or the hardware switch that you have created with port2. 

 

 

Regards

Mahesh

ryzen5
New Contributor

net.JPG

mahesh_pm
New Contributor II

Hi,

Can you remove port 2 from the hardware switch and try creating the same VLAN on that port?

 

 

Regards

Mahesh

ryzen5
New Contributor

net.JPG

ryzen5
New Contributor

still no change when I plug in test device.  get ip 169.254.194.172

hbac

Hi @ryzen5,

 

What is the VLAN ID? Are you connected directly to port2? Please note that the traffic needs to be tagged with the correct VLAN ID in order for it to work. FortiGate will not respond if the traffic is not tagged with correct VLAN ID. 

 

Regards, 

ryzen5
New Contributor

Plugged directly into port 2 on 40F with test device, WAN port goes to router, and port 1 goes to an unmanaged switch.  Do I need to create a network policy after that?, I thought I should be able to ping a device once the VLAN is created.

 

net.JPG

Toshi_Esumi
Esteemed Contributor III

On the same token with @hbac, I would doubt your test device is not properly configured to accept the VLAN tagged ethernet frames from the 40F on port2 what ever the tag is.


Some suggestions I have on the 40F side are, you can add VLAN ID column in the interface view GUI you posted. And you can move the column around like just next to the Type column. Then don't use VLAN ID=1 because it's reserved. And then when you run sniffing in CLI like "diag sniffer packet lan2" you should see VLAN tagged traffic like below. It's obvious but below are tagged with VLAN ID 201:


0.305291 802.1Q vlan#201 P0
0.559136 802.1Q vlan#201 P0
0.559255 802.1Q vlan#201 P0
0.570233 802.1Q vlan#201 P0
0.582141 802.1Q vlan#201 P0
0.582201 802.1Q vlan#201 P0

 

On the other side, use a vlan capable switch to accept the vlan on a trunk port then span it to a vlan access port so that  you can hook up a simple device like a laptop without any VLAN setting.

Toshi 

Toshi_Esumi
Esteemed Contributor III

You're last post shows you configured VLAN ID 10 properly. So it comes back to the doubt of the test device.

Labels
Top Kudoed Authors