Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
longtran_cntt
New Contributor

Created on ‎10-14-2020 08:25 PM

How to connect between FG200E and Cisco3850-Cisco2960?

Hi all,

 

I'm practicing network, so my question maybe very dump or basic, but I hope you can share your knowledge to help me to improve my skills. I'm very appreciate it. I have a FG200E and switch Cisco 3850, Cisco 2960. I've already configured:

[ul]The VLAN on FG200E (image)The VLAN and trunk on Cisco 3850 (image)The VLAN and trunk/access on Cisco 2960 (image)[/ul]

The connection topology is FG200E (p18) => (TenGi 1/1/4) Cisco 3850 (TenGi1/1/1) => (Gi 0/50) Cisco 2960 (Gi 0/1) => PC. Now when I connect PC to port g0/1 on Cisco 2960, it can not receive IP from DHCP as configured on FG200E. What thing I should do more to make it work? I mean: connection between FG200E to Cisco 3850 and to Cisco 2960.

[ol]Do I need to create static route/ policy route on FG200E to allow traffic from FG200E to Cisco 3850?Do I need to create IPv4 Policy on FG200E to allow traffic from FG200E to Cisco 3850?[/ol]

Network Topology

 

VLAN configuration on FG200E

 

VLAN on 3850

 

Trunk on 3850

 

VLAN on 2960

Trunk on 2960

Preview file
15 KB
Preview file
15 KB
Preview file
15 KB
3609
0 Kudos
4 REPLIES 4
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-14-2020 09:19 PM

Based on only what you showed, nothing seems to be obviously wrong. So what I can suggest is to sniff packet at vlan 10 at the 200E to see if it's receiving DHCP requests from the PC. If not, something is wrong on either or both Cisco SWs. But if it's showing up, and the FGT is not sending out a reply to the PC, something is wrong on the FGT. My guess is the former.

2643
0 Kudos
lobstercreed
Valued Contributor
In response to Toshi_Esumi

Created on ‎10-17-2020 07:11 AM

I definitely second what Toshi said.  Never hesitate to fire up a packet capture. 

 

Also, a common way to double-check your trunking would be to run show mac address-table vlan 10 on the 2960 to see if the MAC address of the FGT is reaching the 2960 and also run that command on the 3850 to see if the MAC address of the PC is reaching the 3850.  Either one not happening points to something incorrect in your config, though I don't see what it would be at the moment.

2643
0 Kudos
mauromosc
New Contributor

Created on ‎10-20-2020 02:55 AM

Hello, longtran.cntt,

 

Have you tried to run a packet capture on your FortiGate to check if it receives the DHCP Discover from the workstation? If doesn't receive this packet, review your L2 configuration. If does receive, run a debug:

 

diagnose debug application dhcps -1

diag debug enable

 

Good luck.

Mauro.

 

 

2643
0 Kudos
longtran_cntt
New Contributor
In response to mauromosc

Created on ‎10-20-2020 09:59 AM

Hi all,

 

Thank you for your reply. I've found the solution.

 

The current interface I set for the port 18 is 802ad Aggregate, but I do not setup a LAG on the core switch. After changed it to a normal LAN role interface, it worked.

 

 

2643
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.