Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
3x-t
New Contributor II

Created on ‎12-01-2021 12:17 PM

Trunk VLAN

I have three VLANs on one physical interface... Management (10), Workstations (20), and Servers (30).

on that physical interface, I have Cisco 3750G-12S as distribution switch, and after that client switches.

On distribution switch, on all ports I have the next configuration:
switchport trunk encapsulation dot1q
switchport trunk native vlan 301
switchport trunk allowed vlan 10,20,30
switchport mode trunk'=

 

interface Vlan10
description Management
ip address 192.168.1.2 255.255.255.0
no ip redirects
no ip unreachables

 

interface Vlan20
ip address 192.168.2.2 255.255.255.0
no ip redirects

 

interface Vlan30
ip address 192.168.3.2 255.255.255.0

from the distribution switch, I can ping any gateway on the FortiGate (policy ok, address ok,etc).

On the client switch 2960X-48TD-L

 

interface GigabitEthernet1/0/49
switchport trunk allowed vlan 10,20,30
switchport trunk native vlan 301
switchport mode trunk

 

interface Vlan10
description Management
ip address 192.168.1.3 255.255.255.0
no ip redirects
no ip unreachables
no ip route-cache cef

interface Vlan20
no ip address

interface Vlan30
description Servers
no ip address

From this switch, I can't ping anything besides the Management port.

Two questions:

- Is my configuration ok so that I don't need an IP address for each VLAN (except VLAN 10 - Management) on each switch except on the distribution switch? - If yes, what did I do wrong so that I cant ping other VLANs from the client switch?
- If my DHCP server is on the VLAN 30, can I just make dhcp-relay <IP add of the server> on the VLAN 20, or do I have to move the Server under the same VLAN? I wanted to split Servers from workstations in different VLANs but now I'm not sure if that was a good idea

Thank you in advance!

Labels:
2107
0 Kudos
2 REPLIES 2
kangpaidjo
New Contributor

Created on ‎12-01-2021 03:30 PM

 

vlan.jpg

 

Configure Fortigate

ip address LAN 10.10.7.2/255.255.255.252

static routing 192.168.0.0/16 gateway 10.10.7.1

 

 

Distribution Switch

interface Vlan10
description Management
ip address 192.168.1.2 255.255.255.0
no ip redirects
no ip unreachables

 

interface Vlan20
ip address 192.168.2.2 255.255.255.0
no ip redirects

 

interface Vlan30
ip address 192.168.3.2 255.255.255.0

 

Interface vlan40

description TO_FORTINET

ip address 10.10.7.1 255.255.255.252

 

interface vlan100

description TRUNK

ip address 192.168.99.254 255.255.255.0

 

ip route 0.0.0.0 0.0.0.0 10.10.7.2 10

 

interface gi1/0/24

description TO_SWITCH_CLIENT

switchport trunk native vlan100

switchport mode trunk

 

interface Gi1/0/1

desc TO_FORTIGATE

switchport trunk native vlan 40

switchport mode trunk

 

then copy vlan.dat to the switch client, after copy to client restart your switch

switch Client

 

interface gi1/0/24

desc TO_SWITCH_DISTRIBUTION

switchport trunk native vlan100

switchport mode trunk

 

interface Gi1/0/1

switchport access vlan 10

switchport mode access

 

interface Gi1/0/2

switchport access vlan 20

switchport mode access

 

interface vlan100

desc TRUNK

ip address 192.168.99.253 255.255.255.0

 

 

CMIIW

2048
3x-t
New Contributor II

Created on ‎12-03-2021 05:46 AM

Actually, this was a very simple problem and had nothing with the network. After I installed Windows Server and configured DHCP there, I forgot to activate that scope so there was my scope with "Inactive"...
This took me one whole day to "repair".

Thank you!

2016
0 Kudos
Labels
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.