Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ljustman
New Contributor

Created on ‎08-27-2018 08:53 AM

Help with Setting Up VLANs

Hello,

I work at a school, primarily as a teacher, but handle the tech for the building as well. I am very new to enterprise networking, and I am hitting a brick wall with setting up vlans. This seems like it should be pretty simple from what I have read, but I can't seem to make it work.

 

We have a Fortinet 100E Firewall that goes out to Aruba switch A. Aruba Switch A goes out to Aruba Switch B and two Ubiquiti wireless access points. Aruba Switch B goes out to 5 wireless access points. The goal is to create three wireless networks-- one for staff, one for students, and one for guests.

 

I created the VLAN IDs on the Fortinet and the Aruba switches. I associated a wireless network SSID on the Ubiquiti controller with each vlan ID.

 

I am still not 100% sure on the right combination of tagged/untagged/trunk ports-- but I think I have tried every possible combination. The closest I have gotten to things working as intended is tagging all ports involved on the Arubas. That leaves me with working DHCP handling (in the proper VLAN IP range), but no internet access.

 

Sorry if my terminology doesn't quite make sense... I'm definitely learning all this as I go! If anyone needs clarification, just ask. Thank you in advance for your help.

17206
0 Kudos
10 REPLIES 10
sw2090
SuperUser
SuperUser
In response to ljustman

Created on ‎09-24-2018 11:21 PM

ok so your vlans are working the way you want them to?

Just note the Aruba will tag the packets in the corresponding vlan if you set a vlan id for a wlan there.

The FGT only knows untagged. That is why you have to have vlan interfaces. If echach vlan has it's own interface this being untagged in that vlan does not cause trouble.

 

Hm there was some threads in here recently about routing traffic from specific interfaces/subnets/vlans to specific wan ips. Maybe you can find them. Afair they solved that with policy based routing or something similar. 

If you had two ISP with a WAN interface each it would be easy hence you just in this case need a route and a egress policy.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
915
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.