Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ryzen5
New Contributor

Created on ‎11-10-2023 10:36 PM

Confused on creating vlan for 40F

I have 40F firewall.

I have a setup a lan to wan, when plugged in on interface 1 can get internet and can see the gateway.

 

I removed interface 2 and 3 from the hardware switch and made a new hardware switch with port 2

I added a vlan to port 2

ipaddress is 172.16.0.1

DCHP range 172.16.0.2-172.16.0.62

mask 255.255.255.192

 

when I plug in a test device I get 169.254.0.0 which points to fortilink and I'm not sure why

 

I just need to understand why I'm not getting the 172 when I plug into to port 2

Labels:
2228
0 Kudos
16 REPLIES 16
mahesh_pm
New Contributor III

Created on ‎11-10-2023 10:55 PM

Hi,
which port binds with VLAN port2 or the hardware switch that you have created with port2. 

 

 

Regards

Mahesh

Cheers,
Cheers,
1438
0 Kudos
ryzen5
New Contributor

Created on ‎11-10-2023 11:08 PM

net.JPG

1429
0 Kudos
mahesh_pm
New Contributor III

Created on ‎11-10-2023 11:16 PM

Hi,

Can you remove port 2 from the hardware switch and try creating the same VLAN on that port?

 

 

Regards

Mahesh

Cheers,
Cheers,
1422
ryzen5
New Contributor

Created on ‎11-10-2023 11:36 PM

net.JPG

1418
0 Kudos
ryzen5
New Contributor

Created on ‎11-10-2023 11:37 PM

still no change when I plug in test device.  get ip 169.254.194.172

1417
0 Kudos
hbac
Staff
Staff
In response to ryzen5

Created on ‎11-11-2023 07:26 AM

Hi @ryzen5,

 

What is the VLAN ID? Are you connected directly to port2? Please note that the traffic needs to be tagged with the correct VLAN ID in order for it to work. FortiGate will not respond if the traffic is not tagged with correct VLAN ID. 

 

Regards, 

1382
ryzen5
New Contributor

Created on ‎11-11-2023 09:51 AM

Plugged directly into port 2 on 40F with test device, WAN port goes to router, and port 1 goes to an unmanaged switch.  Do I need to create a network policy after that?, I thought I should be able to ping a device once the VLAN is created.

 

net.JPG

1347
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎11-11-2023 09:58 AM Edited on ‎11-11-2023 09:59 AM

On the same token with @hbac, I would doubt your test device is not properly configured to accept the VLAN tagged ethernet frames from the 40F on port2 what ever the tag is.


Some suggestions I have on the 40F side are, you can add VLAN ID column in the interface view GUI you posted. And you can move the column around like just next to the Type column. Then don't use VLAN ID=1 because it's reserved. And then when you run sniffing in CLI like "diag sniffer packet lan2" you should see VLAN tagged traffic like below. It's obvious but below are tagged with VLAN ID 201:


0.305291 802.1Q vlan#201 P0
0.559136 802.1Q vlan#201 P0
0.559255 802.1Q vlan#201 P0
0.570233 802.1Q vlan#201 P0
0.582141 802.1Q vlan#201 P0
0.582201 802.1Q vlan#201 P0

 

On the other side, use a vlan capable switch to accept the vlan on a trunk port then span it to a vlan access port so that  you can hook up a simple device like a laptop without any VLAN setting.

Toshi 

1346
Toshi_Esumi
SuperUser
SuperUser

Created on ‎11-11-2023 10:03 AM

You're last post shows you configured VLAN ID 10 properly. So it comes back to the doubt of the test device.

1344
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.