- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortiswitch Configs and compatibility with Cisco switch.
Hi All,
I am in a testing phase of fortiswitch 224d FPOE. I have following questions if someone can help me out on same, upon successful testing we will plan to buy fortiswitch.
1) I have a VTP domain server Cisco 3750. Is fortiswitch compatible with Cisco switch for VTP ? if yes how do i join VTP domain
2) Is there a provision to provide IP address to Vlan interface for management purpose like we do in Cisco L2 switches.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Amit,
I can't answer question 1 though I can say I have found no evidence on my 124d that it supports VTP. But more importantly VTP is a Cisco Proprietary protocol and I think it would be unlikely that Fortinet would support it given licensing considerations and Fortinet's position as a competitor.
Question 2. Mostly yes. I'm still experimenting but I have been able to get local access to my switch. What I have not been able to do is get remote access outside of the subnet my switch resides in. I have a separate forum post on that. However, here is my config so far on how to enable access to my 124d in standalone mode. (Its worth noting that many Fortigates have a built in switch controller for centralized management of your switching infrastructure as well as a Wireless Controller for their FortiAP series. You can find a supported models list in the Managing FortiSwitch with Fortigate (FortiOS 5.2) document. There may be a more current document floating around out there)
First you can configure a VLAN interface. (iManagement, set interface "internal" associates it with what I assume is a an internal switching fabric. My switch only has internal as an option but I suspect you can divide higher end devices up dynamically into multiple internal "switches")
config system interface edit "internal" set allowaccess ping http ssh set type physical next edit "iManagement" set ip 172.16.220.13 255.255.255.128 set allowaccess ping https ssh set interface "internal" set vlanid 220 next end
Next we need to configure ports. If you want a dedicated Access port do the following two steps. You have to allow the traffic on both internal port/switch as well as the actual physical port. All of the VLAN interfaces hang off of the internal port, anything not allowed there won't be allowed on any VLAN's that hang off of it.
config switch interface
edit "port15"
set native-vlan 220
next
edit "internal"
set allowed-vlans 220
end
A trunk port doesn't work like a Cisco device. You have to specify the VLANs you want to traverse an uplink to another switch. You need to think of it in terms of Tagged and Untagged traffic. It will look like this.
config system interface
edit "port24" set native-vlan 20 set allowed-vlans 220 next end
The corresponding Cisco Trunk port looks like this.
interface GigabitEthernet0/2 switchport trunk native vlan 20 switchport mode trunk end