Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CSPSPB
New Contributor

Created on ‎07-25-2022 09:58 AM

VLANs on FortiGate 40F

Hello. I have to create several VLANs on my FortiGate 40F. Using the Fortigate's UI. I've created VLANs via Interfaces and attached them to `lan` Hardware Switch. Also created policies for both VLANs. If my laptop's Ethernet card is assigned an address within `lan` range (192.168.0.xxx) there's Internet access. If I try an address within `VLAN` range (e.g. 10.1.1.xxx), there's none. Check the pix:001.png002.png003.png004.pngWhat am I doing wrong? Thanks in advance.

Labels:
5490
0 Kudos
5 REPLIES 5
Toshi_Esumi
SuperUser
SuperUser

Created on ‎07-25-2022 10:52 AM

I'm assuming you're not using a switch to hook up your laptop. Then make sure you set the VLAN tagging on your laptop like below:
https://www.startech.com/en-us/faq/networking-vlan-tagging
Then check "get sys arp" to see if the laptop's MAC address is there. You can try pinging it from the 40F as well.
My guess is your NIC is not tagging.

 

Toshi

5479
JonasV
New Contributor III

Created on ‎07-25-2022 11:11 AM

Agree with @Toshi_Esumi . VLANs created under your ‘lan’ will require that traffic is tagged with that VLAN ID. Your ‘lan’ works, as this is the default (untagged) VLAN. 
If you are to connect a non managed Fortiswitch, make sure that the uplink port of the switch also tagges the VLAN IDs. 

Kind regards
Kind regards
5477
CSPSPB
New Contributor

Created on ‎07-25-2022 11:14 PM

Thanks @Toshi_Esumi @JonasV . There are two unmanaged Switches connected to Fortigate LAN ports. As far as I understand the customer, they'd like to manually assign IP addresses to network devices onsite and thus, depending on the address, put each of them to a certain VLAN. So it's not just about my laptop - smart TVs, network media players etc. are expected. The unmanaged switches are third-party, not Fortinet, but I'll check their tagging capabilities.

5469
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to CSPSPB

Created on ‎07-25-2022 11:37 PM

If those are decent switches, they should support trunk and access ports so that each device doesn't have to be tagged when access ports are configured. So you should test with your laptop connected to those VLAN access ports.

 

Toshi

5466
sw2090
SuperUser
SuperUser
In response to CSPSPB

Created on ‎07-26-2022 04:33 AM

well since an unmanaged switch cannot do vlan tagging on its ports your client devices will have to the tagging because as said above incoming packets have to have to correct vlan tag or they will not match any source interface on your FGT.

I would recommend using managed switches since many devices in the IoT and Smart Devices Sector do not support vlan tagging themselfes. Even many NICs built into PCs don't support that (unfortunately) at least in windows. It works with every supported nic in linux because the linux kernel supports it ;)

Managed Switches make life much easier here. They can tag the port into a vlan so if you connect a device to that port on that switch all traffic will be in that vlan (i.e. "untagged" on switches - means all traffic will be tagged in that vlan by the switch.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
5455
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.