Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TheCourier
New Contributor

Fortigate 7.2.4 - Vlan interface with same IP/subnet of Hardware Switch Interface

Hey,

 

i have a Hardware Switch interface configured with a primary IP and 2 secondaries IPs

 

To that interface i want to add 2 vlans.

 

vlan #1 will use the same primary IP and same first secondary IP that are configured in the mentioned above Hardware Switch interface.

 

vlan #2 will use the same primary IP and same secondary IP that are configured in the mentioned above Hardware Switch interface.

 

I've reached to this design with the understanding there wont be a duplicate IP because the packets are tagged with different vlan ID. 

 

I need to do this design in order to not change the IPs and network configuration of the hosts but still separate them to 2 groups, each one by different vlans and the other third group remain untagged.

 

Trying to fix security of a production environment with a few customers environments in it...

 

Thank you.

2 REPLIES 2
akristof
Staff
Staff

Hello,

Yes, they will be separated by "vlan tag" but you will need to enable subnet-overlap:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enable-subnet-overlap-to-set-IP-addresses-...

Plus you will need to be careful not to allow traffic between vlans or if you will have any incoming traffic (for example VIP), then the routing will be weird. Maybe consider using vrfs

Adrian
TheCourier

I understand this about overlapping subnets but im talking about that the vlan sub-interface IP will be the same as the physical interface that's the vlan's belongs to. Not a different IP with the same prefix as the technical tip you provided is about.

Top Kudoed Authors