Hi,
I am new to Fortigate 200D.
I have port 13 connecting to Port 2 on ISP Adva switch.
However ports 13/14 are members of external interface.
Interface Name - external Type - Hardware Switch Physical Interface Members Port 13, Port 14
edit "external" set vdom "root" set ip x.x.x.138 255.255.255.248 set type hard-switch set description "Internet Access" set snmp-index 24
Is this an aggregate layer 3 port on FortGate and a routed port on Adva ?
If I was to connect Adva Port 2 directly to a switch should this be configured a as trunk port or routed port?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
No. They are hard-switch ports sharing all subinterfaces, like VLANs on them. If an aggregated ports, you would see just "set type physical" on each interface.
So same ethernet frames are duplicated between those ports when the FGT sends something out to the subinterfaces on it.
There is no particular definition of external or internal ports in FGTs. You're just calling them for ISP connections or LANs.
Also there is no particular definition of trunk ports in FGTs either. It's up to uses if you make it just big collection of non-tagged interfaces on one hard-switch, or - this is more common - put multiple VLAN subinterfaces in addition to non-tagged through those ports in a hard-switch. It's just act as ports like regular VLAN capable switches. So if a VLAN10 is configured and a vlan-tagged frame with vlan-id 10 comes in one port of the hard-switch, it would be switched to the other port, means if it knows on which port the destination MAC address exists, it would forward only on that port. If a broadcast packet on the VLAN it would be forwarded to all other ports other than incoming port. Everything is controlled by a chip/hardware. That's why it's called as hard-switch. That's it.
Just be aware, FGT doesn't have concept of SVI or native VLAN. You can't define an internal VLAN then connect it to non-tagged ports randomly. All VLANs have to be bound to one of parent interfaces, and can't be bound to muitiple of them. That's why hard- or soft-switch interfaces are needed to let the same VLAN spread to multiple ports.
Think about old Cisco, Juniper, and other routers, which are NOT L2/L3 switch-routers and those subinterfaces, like Gigabit-ethernet0/0.10. It works in a similar way.
Thanks for response
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.