Problem as move configuration from D-LINK Switch

marcin_iwa · ‎10-24-2024

Hi, I have a small problem.

I have new switch FortiSwitch 148F as standalone mode.

Now i have D-LINK 1510-52 switch and have problem with move my existing configuration to FortiSwitch.

Describy my infrastructure:

I have room with ISP Router connected to my port (17) in D-LINK. On D-LINK i have setup on this port VLAN 10 Untaged, VLAN 10 Native. Vlan is in Hybrid Mode.

On Port 48 on the same switch is connect to second switch (FortiSwitch 148F) in the next room. In the next Switch is my Firewall connect to port 47. Port 48 on DLINK is market as tagged vlan 10 and native vlan 1.

On Second FortiSwitch to which is connected Firewall is set Native VLAN 10 and Allewd VLAN 10.

This configuration work correct.

Now i plan replace old D-LINK switch on FOrtiSwitch 148F. I moved all configuration but i have problem with correct setup port 17 from D-link to port 47 on new FortiSwitch.

FortiSwitch not allow traffic from my ISP router.

How can i setup this configuration for port in FortiSwitch ?

Now i try setup port 47 on FortiSwitch (in this port will by ISP router):

Native VLAN 10, Allowed VLAN 10

Exacly i have this setting on my existing FortiSwitch on second room and communicate with D-LINK and works ok.

I can't see substitute Hybrid mode in FortiSwitch ?

johnathan · ‎10-24-2024

It should be working; I am not quite sure what is special about 'Hybrid' on the DLINK side.
Are you able to see the MAC Address of the ISP device? You can check with 'get system arp'

"Never trust a computer you can't throw out a window."

marcin_iwa · ‎10-24-2024

Hi, ARP nothing show.

192.168.1.200 - this is my laptop when i connect to managment port direct.

Currently to swich is connected more than 20 PCs.

I checked in my other FortiSwitch whem full works and also has only two entries.

ebilcari · ‎10-24-2024

If the switch is just spanning VLANs you will not get any details in the ARP table. Check the MAC table and verify if it sees both the FGT and the ISP MAC addresses on VLAN 10, Monitor> Forwarding Table.

Having a hybrid port with the ISP router doesn't seem normal (this is common when an IP Phone is connected). Usually the traffic should come with or without a VLAN tag.

You can also try by connecting a PC directly in the ISP router and check if there is connectivity.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

marcin_iwa · ‎10-24-2024

I found the cause of the problem.

Configuration begin work when i disable Spanning Tree on port 48 on the new switch.

I don't understend why this is problem. Switch is connected to other switch only one port (48 - 48)

On second switch Spanning Tree is enabled on this port.

My current configuration:

ISP ->

FortiSwitchA (Port 47 Native VLAN 10 / Allowed VLAN 10) ->

PC on this switch on VLAN 1 ->

Port 48 (Native VLAN 1 / Allowed VLAN 5,10,15,30) ->

FortiSwitchB (Port 48 Native VLAN 1 / Allowed VLAN 5,10,15,20,30) ->

Firewall WAN (Port 45 Native VLAN 10 / Allowed VLAN 10) ->

Firewall LAN (Port 45 Native VLAN 1) ->

Anothers devices on the switch

I must through ISP from switch A to B because Router from ISP is in second flor than Firewall.

What could be the reason for this behavior Spanning Tree ?

I show logs but nothing alerst and wornings on Spanning Tree.

Problem as move configuration from D-LINK Switch

Nominate a Forum Post for Knowledge Article Creation