Hi all,
I configured out of the box a 148F layer 2 fortiswitch and connected it to a Cisco 2960X layer 2 switch. From the Fortiswitch I can ping anywhere in the LAN, but if connect my computer or IP phone to the switch - nothing.
The computer and phone are on separate ports and in the correct vlan. The ports connecting the two switches are up and no errors. The switch has a L3 interface and it can ping its default gateway and as mention anywhere on the LAN. I just cant figure out why I'm not able to get anything on the computer and phone.
I'm new to Fortinet and have experience only with Cisco switches.
Thank you.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Is it possible you have native LAN mis-match?
Hello tolinrome,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
If I got it right your connecting the FSW after a Cisco SW in an existing network. Is the link between the switches configured to pass tagged VLAN and configured as trunk on the Cisco SW? Does the native VLAN matches on both switches?
The VLAN that is assigned to the port should exist as VLAN on both switches and marked as tagged/allowed on the link between them.
In order to check VLAN spanning you need to check if the MAC addresses are seen on both switches first so you have L2 connectivity than you start troubleshooting L3.
# diagnose switch mac-address list | grep -i mac
The term Trunk in FSW is used for link aggregation, not to be confused with Cisco terminology.
Correct, the FSW is last in line, connected (link aggregation\trunk) to the Cisco switch. The link between the switches is configured to pass the vlans and has the correct native vlan. On the Cisco side the allowed vlans match. I can even ping (L3) the vlan interface from the cisco switch to the FSW.
So just to avoid the confusion, you have configured a link aggregation between the switches (more than one physical port) and configured it to pass more than one VLAN.
Is the management interface using native VLAN (what you ping) or passing as a tagged? What if you check the MAC addresses from one switch to the other, do they get propagated?
The Management interface is using the data vlan id and is also going across the link aggregation port to the Cisco switch. I just noticed from looking at your screenshot that I have nothing configured under the port trunks settings, should I?
I was trying to explain the difference between the naming of different vendors. If you have only one physical port connecting the switches you don't need to configure a trunk in FSW.
Just set a native VLAN and the allowed VLAN that you need on the uplink port. From Cisco side you have to configure the interface as trunk mode (switchport mode trunk) set the native VLAN and allow the VLANs that you need to pass.
This is an example, port2 is connected a host that is part of VLAN 532 and port1 as the uplink (Cisco trunk):
Your explanation was spot on< thank you. I have everything setup pretty much just as you do, just different vlans.
Cisco Trunk port:
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 1,15,16,501,995
switchport trunk native vlan 995
switchport mode trunk
FSW
Port #1 is my desktop and port 44 is the uplink to the Cisco Switch
Is it possible you have native LAN mis-match?
I see, usually another VLAN is used as access for the end hosts (port 1). In this case I suppose you have to use VLAN 15,16 or 501. It doesn't have to be the native VLAN.
If not created yet you also need to create the VLANs (15,16,501) on FSW from GUI:
Switch> VLAN [+ Add VLAN]
As I remember Cisco is very strict on trunk building. You have already used the same native VLAN (995) on both nodes, I suppose it will expect also to allow the same VLAN on both sides.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.