Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
siberprime
New Contributor

Trunking the same VLANs on different interfaces.

I want to trunk my vlans under one interface to another interface. The same vlans will be trunked on two different interfaces. There is a connection to Fortigate from my switch in another location. I want to tag the switch in that switch and give IP from these vlans to the devices in my remote location from this second interface. I could not do this. Our device is 30E 6.2.15, thank you in advance for your help.

 

i desired configuration 

Port 1 vlan10,20,30 

Port 2 vlan10,20,30

Building1  switch  access to port 1  

Building2  switch access to port 2  

 

4 REPLIES 4
Toshi_Esumi
Esteemed Contributor III

Why not? By default port1-port3(lan1-lan3) on an 30E are members of "lan" hard-switch interface. When you create those three VLANs on "lan" interface, those are automatically on both ports, which are connected to two different switches.

 

Toshi

siberprime
New Contributor

how can move exiting lans to hardware switch ? is there any know easy way

Toshi_Esumi
Esteemed Contributor III

Does "lan" hard-switch still exist? Maybe only "lan3" is in the member now. Then you just need to put those back in the "lan" hard-switch as members (you must have removed them). But to be able to do that you have to remove/delete all those VLANs you created on each interface individually (as well as all depedencies). Then need to re-create them on "lan".

 

Make sure you remove IPs if you've configured under "lan1" and "lan2" before or after. Those wouldn't work any more once they're in "lan". The untagged interface is "lan" only shared between those member ports, just like those VLANs.

 

Toshi

ede_pfau
SuperUser
SuperUser

Not a nice setup.

Why? Because you won't have any control on the traversing traffic. It will just be switched between buildings.

If you do use VLANs, und thus employ VLAN-capable switches, why not use VLAN-IDs 10,20,30 in building1 and IDs 40,50,60 in building2? Then you'd use 2 standalone ports on the FGT, create policies to allow/restrict inter-VLAN traffic, see throughput etc. Wouldn't that be nicer from a security and management point of view?


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors