Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dbramblett
New Contributor

Created on ‎01-03-2016 06:37 AM

Fortiswitch 124D Layer 3 Routing

I am having some trouble getting a my 124D to route properly.

 

I've finally worked out the necessaries to configure multiple VLAN interfaces, however I don't seem to be able to get it to route non-local traffic to the gateway of last resort. I would have thought there would be somewhere to enter a default gateway for the device itself to use as generally with cisco switches a default route is distinct from the gateway device for the switch itself. I haven't found a CLI command for that on the Fortiswitch up to this point.

 

In brief, I've configured a lab environment behind a FGT-60D, and I've configured VIPs through that FGT to access the devices behind it. I cannot access the 124D. I can access the other devices just fine. One of which is an FGT-60C. I can ping it and get the following output from a sniffer packet.

 

interfaces=[any] filters=[icmp] 11.117604 192.168.1.56 -> 172.16.220.10: icmp: echo request 11.118022 172.16.220.10 -> 192.168.1.56: icmp: echo reply 12.120145 192.168.1.56 -> 172.16.220.10: icmp: echo request 12.120346 172.16.220.10 -> 192.168.1.56: icmp: echo reply 13.123357 192.168.1.56 -> 172.16.220.10: icmp: echo request 13.123531 172.16.220.10 -> 192.168.1.56: icmp: echo reply 14.125926 192.168.1.56 -> 172.16.220.10: icmp: echo request 14.126106 172.16.220.10 -> 192.168.1.56: icmp: echo reply

My IP address is 192.168.1.56 and the FGT-60C is 172.16.220.10. Echo request and reply are observed as expected.

 

Now the same test on the 124D

 

interfaces=[any] filters=[icmp]

 

5.773885 802.1Q vlan#220 P0 -- 192.168.1.56 -> 172.16.220.13: icmp: echo request 5.773907 192.168.1.56 -> 172.16.220.13: icmp: echo request 10.743699 802.1Q vlan#220 P0 -- 192.168.1.56 -> 172.16.220.13: icmp: echo request 10.743721 192.168.1.56 -> 172.16.220.13: icmp: echo request 15.743698 802.1Q vlan#220 P0 -- 192.168.1.56 -> 172.16.220.13: icmp: echo request 15.743721 192.168.1.56 -> 172.16.220.13: icmp: echo request 20.743699 802.1Q vlan#220 P0 -- 192.168.1.56 -> 172.16.220.13: icmp: echo request 20.743723 192.168.1.56 -> 172.16.220.13: icmp: echo request

The IP address of the 124d is 172.16.220.13 and no echo reply is present. However if I ping the device locally I get the expected output.

 

interfaces=[any] filters=[icmp] 2.703721 802.1Q vlan#220 P0 -- 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.703741 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.703933 172.16.220.13 -> 172.16.220.11: icmp: echo reply 2.703952 802.1Q vlan#220 P0 -- 172.16.220.13 -> 172.16.220.11: icmp: echo reply 2.713732 802.1Q vlan#220 P0 -- 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.713752 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.713898 172.16.220.13 -> 172.16.220.11: icmp: echo reply 2.713917 802.1Q vlan#220 P0 -- 172.16.220.13 -> 172.16.220.11: icmp: echo reply 2.723745 802.1Q vlan#220 P0 -- 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.723761 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.723901 172.16.220.13 -> 172.16.220.11: icmp: echo reply 2.723919 802.1Q vlan#220 P0 -- 172.16.220.13 -> 172.16.220.11: icmp: echo reply 2.733729 802.1Q vlan#220 P0 -- 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.733749 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.733890 172.16.220.13 -> 172.16.220.11: icmp: echo reply 2.733907 802.1Q vlan#220 P0 -- 172.16.220.13 -> 172.16.220.11: icmp: echo reply 2.743741 802.1Q vlan#220 P0 -- 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.743759 172.16.220.11 -> 172.16.220.13: icmp: echo request 2.743897 172.16.220.13 -> 172.16.220.11: icmp: echo reply 2.743917 802.1Q vlan#220 P0 -- 172.16.220.13 -> 172.16.220.11: icmp: echo reply

 

 

Here is the configuration of the interface and static routes.

 

config system interface

    edit "iManagement"         set ip 172.16.220.13 255.255.255.128         set allowaccess ping https ssh         set interface "internal"         set vlanid 220     next

end config router static     edit 1         set blackhole disable         set comment ''         set device "iManagement"         set distance 10         set dst 0.0.0.0 0.0.0.0         set dynamic-gateway disable         set gateway 172.16.220.1         set priority 0         set weight 0     next end

If any one can tell me what I'm missing I would really appreciate it.

 

Thanks in advance.

3598
0 Kudos
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.