Hey,
i have a Hardware Switch interface configured with a primary IP and 2 secondaries IPs
To that interface i want to add 2 vlans.
vlan #1 will use the same primary IP and same first secondary IP that are configured in the mentioned above Hardware Switch interface.
vlan #2 will use the same primary IP and same secondary IP that are configured in the mentioned above Hardware Switch interface.
I've reached to this design with the understanding there wont be a duplicate IP because the packets are tagged with different vlan ID.
I need to do this design in order to not change the IPs and network configuration of the hosts but still separate them to 2 groups, each one by different vlans and the other third group remain untagged.
Trying to fix security of a production environment with a few customers environments in it...
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Yes, they will be separated by "vlan tag" but you will need to enable subnet-overlap:
Plus you will need to be careful not to allow traffic between vlans or if you will have any incoming traffic (for example VIP), then the routing will be weird. Maybe consider using vrfs
I understand this about overlapping subnets but im talking about that the vlan sub-interface IP will be the same as the physical interface that's the vlan's belongs to. Not a different IP with the same prefix as the technical tip you provided is about.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.