Hi all ¡¡
I want to configure 2 stand alone fortiswitches, forming an MCLAG with ICL. Afther that, I want to define 3 VLANS, each one with a layer 3 address. For example:
192.168.1.1/24 Vlan 1
192.168.2.1/24 Vlan 2
192.168.3.1/24 Vlan 3
The fortiswitch will be configured with default route 0.0.0.0 0.0.0.0 192.168.1.2 (firewall) connected to VLAN 1.
Finally, I want these 3 Vlans can route traffic (using the static route configured) but , I don't want these 3 Vlans can route traffic between them witouth previously leave Fortiswitch.
For example, we have a server1 connected to VLAN 1, with IP 192.168.1.200/24 and default gateway 192.168.1.1 that wants to connect with server2 192.168.3.200/24 connected to Vlan 3 with default gateway 192.168.3.1.
The flow traffic that I'm looking for Layer 3 is: SERVER1 --> FORTISWITCH --> ROUTER -->FORTISWITCH-->SERVER2
I have read about offload IP options, but Im not sure wether enable or disable it, the layer 3 of the switch could work this way. Maybe, another option to ge it could be using VRF ...
Thanks ¡¡¡
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can check below links for more information:
Layer-3 interfaces | FortiSwitch 6.4.2 | Fortinet Document Library
Thanks for your help. It's not an usual scenary, I think the best way to achieve this will be using VRFs.
If you want to pass all the traffic for this 3 VLANs through the router, than technically you don't need this L3 interfaces in the switch. You can span the VLANs and have their gateways configured as sub-interface in the router.
This L3 switch, needs to route the traffic to two different routers before it arrives them. I don't want to bypass the traffic troughth it at L2. Thanks in any case, I'm going to do that configuration using VRFs.
Did you finally get this working? I have two Fortiswitches and the L3 Routing portion working with BGP back to Amazon AWS, But I am confused on the mclag portion. I have been unable to get any IP traffic from a host on any of the vlan's to cross the switch over to AWS hosts (layer2 to layer3?). I am looking at this and have not had success. Can you share some pointers?
https://docs.fortinet.com/document/fortiswitch/7.4.3/fortiswitchos-administration-guide/811127/using...
Created on 09-19-2024 11:24 PM Edited on 09-19-2024 11:26 PM
Hi Jroy, I'm going to do that next week. I have not done it before because I was waiting for "advanced licenses" to can work with VRF and I have obtained them this week.
I have another switches with MCLAG created working well, but ayone using dinamic routing protocol. If you want it, I can attach you the configuration from one of these MCLAGs but I'm not sure if it goes to help you. If you have problems, maybe is because you don't have advanced license to work well with advanced configurations.
I have advanced license applied. The BGP is working on the Fortiswitch and I will revisit MCLAG at a later date. I would love to see your settings/configs when you get it completed :)
In the end I didn't do it. My FSW model, doesn't support VRFs. Regards.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.