Hi,
Sorry if this is FAQ, but I couldn't find any information and example.
I have a problem with adding a one VLAN to two different ports.
Consider this scenario:
(check attached file please)
"SW-1" <------->Agg-1 > "WAF" < Agg-2 <-------> "SW-2"
** Both switches are in the access layer. They aggregate SRVs` NICs. WAF is on the edge of DMZ.
I have 2 ports on SW-1 that belong to VLAN 100 and also on SW-2, two ports, one of them belongs to VLAN 100, and the other one belongs to VLAN 200.
configuration:
edit "vlan-100"
set ip 192.168.100.1/24
set allowaccess https ping
set vlanid 100
set interface agg-1
config secondaryip
end
edit "vlan-200"
set ip 192.168.200.1/24
set allowaccess ping
set vlanid 200
set interface agg-2
config secondaryip
end
Based on Fortiweb administration guide v5.9.0, we can add same VLAN id to a different port. (page 176). I wanted to add VLAN 100 to agg-2. But I couldn`t do that. I realize that the NAME field must be different. but what about IP address? Fortiweb didn`t accept the same IP address of VLAN 100! Actually didn`t accept any IP addresses on VLAN 100`s range.
What can I do? what IP address should I use? Is this scenario correct?
I will be grateful if anyone can help me.
Best regards,
ALI
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.