Does anyone know if there are plans for the FortiGate to support q-in-q like in a Cisco it would have the following
interface GigabitEthernet0/1 dot1q tunneling ethertype 0x88A8
and then on the sub-interface
interface GigabitEthernet0/1.101 encapsulation dot1Q 101 second-dot1q 244
ip address <some IP>
Thanks in advance.
Kenneth
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Not doable on a FGT, if you have a need for double tag, you need to install a QinQ switch b4 the FGT.
PCNSE
NSE
StrongSwan
Do you think there's a chance to request a NFR (New Feature Request) for this or perhaps you might know if Fortinet has some strong design philosophy not to ever implement it ?
Send one up, worst case denied or maybe if they get a few ( NFRs) they might act upon it.
AFAIK, no modern firewall uses QnQ interfaces outside of a SRX. I would think FTNT would deploy MPLS 1st b4 getting to QnQ but who knows.
But than again Juniper is always light-years ahead in regards to these areas.
;)
PCNSE
NSE
StrongSwan
Yeah it would be nice if people reading this can spread the word to get as many request as possible for this NFR...
I never used QinQ dual-tag on a layer3 interface personally outside of ASR9K but i see this being issues if you wanted to inspect and filter traffic in a layer2 hand-off like from a metroE provider and need to selectively inspect outertag(SPtag) + innerTag(clientTag) for certain traffic
Typically double-tag are terminated at a barrier device and inspection takes places south of that termination on a single tag.
Not even sure if a JuniperSRX could do just that but that could be a feature useful for somebody ;)
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1583 | |
1038 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.