Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
longtran_cntt
New Contributor

How to connect between FG200E and Cisco3850-Cisco2960?

Hi all,

 

I'm practicing network, so my question maybe very dump or basic, but I hope you can share your knowledge to help me to improve my skills. I'm very appreciate it. I have a FG200E and switch Cisco 3850, Cisco 2960. I've already configured:

[ul]The VLAN on FG200E (image)The VLAN and trunk on Cisco 3850 (image)The VLAN and trunk/access on Cisco 2960 (image)[/ul]

The connection topology is FG200E (p18) => (TenGi 1/1/4) Cisco 3850 (TenGi1/1/1) => (Gi 0/50) Cisco 2960 (Gi 0/1) => PC. Now when I connect PC to port g0/1 on Cisco 2960, it can not receive IP from DHCP as configured on FG200E. What thing I should do more to make it work? I mean: connection between FG200E to Cisco 3850 and to Cisco 2960.

[ol]Do I need to create static route/ policy route on FG200E to allow traffic from FG200E to Cisco 3850?Do I need to create IPv4 Policy on FG200E to allow traffic from FG200E to Cisco 3850?[/ol]

Network Topology

 

VLAN configuration on FG200E

 

VLAN on 3850

 

Trunk on 3850

 

VLAN on 2960

Trunk on 2960

4 REPLIES 4
Toshi_Esumi
SuperUser
SuperUser

Based on only what you showed, nothing seems to be obviously wrong. So what I can suggest is to sniff packet at vlan 10 at the 200E to see if it's receiving DHCP requests from the PC. If not, something is wrong on either or both Cisco SWs. But if it's showing up, and the FGT is not sending out a reply to the PC, something is wrong on the FGT. My guess is the former.

lobstercreed

I definitely second what Toshi said.  Never hesitate to fire up a packet capture. 

 

Also, a common way to double-check your trunking would be to run show mac address-table vlan 10 on the 2960 to see if the MAC address of the FGT is reaching the 2960 and also run that command on the 3850 to see if the MAC address of the PC is reaching the 3850.  Either one not happening points to something incorrect in your config, though I don't see what it would be at the moment.

mauromosc
New Contributor II

Hello, longtran.cntt,

 

Have you tried to run a packet capture on your FortiGate to check if it receives the DHCP Discover from the workstation? If doesn't receive this packet, review your L2 configuration. If does receive, run a debug:

 

diagnose debug application dhcps -1

diag debug enable

 

Good luck.

Mauro.

 

 

longtran_cntt

Hi all,

 

Thank you for your reply. I've found the solution.

 

The current interface I set for the port 18 is 802ad Aggregate, but I do not setup a LAG on the core switch. After changed it to a normal LAN role interface, it worked.

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors