The goal is to pass vlan 8 and vlan 40 MGMNT without tagging. how i can do it?
The configuration inside internal port 1, but my suggestion is to be able to use vlan 40, similar to native mgmnt ap, and the vlan 8 pass for the trunk as well.
Vlan 8 is currently fconfigured it on the internal VLAN switch for the purpose of connecting the printer so that port 3 is connected.
There is a conflict if I try to add vlan 8 (such as 8021.q) to port 1 and I wish to provide an IP address because vlan 8 is assigned to an internal vlan switch.
how I am able to accomplish it Connect port 1 to meraki, untag vlan 40 MGMT, and pass vlan 8.
maybe the setup it is not correct. The AP dosen´t come up
Meraki ap is now like dhcp
Solved! Go to Solution.
After thinking twice, in case the above solution doesn't suit you then I think you can do with this workaround:
This way your users can communicate with the printer through the same untagged VLAN.
Hi Anatoli
Can you share the following command?
show system interface internal
Hi @AEK
show system interface internal
config system interface
edit "internal"
set vdom "root"
set ip 10.27.8.1 255.255.254.0
set allowaccess ping
set type hard-switch
set stp enable
set role lan
set snmp-index 15
next
Hi @Anatoli,
What do you mean without tagging? tagging is done by the switch and not FortiGate. To allow traffic between VLANs, you need to create firewall policies. It would be easier to put internal1 under the same VLAN switch as internal3 and put everything in the same VLAN if you don't wan to create a firewall policy.
Regards,
hi @
Similar to native vlan . I want to utilise vlan 40 for AP management and vlan 8 for users/ printres when they user connect to the AP get range vlan 8
Hi Anatoli
Tagging VLANs in FortiGate is useful if you want to pass multiple VLANs from a switch to FortiGate via a single link (trunk).
Can you please elaborate more what you want to accomplish?
Why do you need the VLAN to be untagged?
Where do you need it untagged? (at FG hardware switch level? at L2 switch level? ...)
Hi @AEK
The purpose is the Meraki AP and printer works .
The management vlan is often similar to native except that the AP is registered under this mgmn vlan in my case (40).For this reason I need to pass both vlan 8 and vlan 40 .
Iin this instance, I have two devices connected to fortigate ports: a printer connected to port 3 and a Meraki AP connected to port 1, .
If i attemp to put the port 1 like trunk and pass vlan 40 and vlan 8 i have a conflict because i set up the internal 3 for printer in vlan switch with ip .
how i can to put the vlan 8 in two ports ? for the printers works and the ap works .
Hi Anatoli
If I understand well you are connecting devices directly to your firewall and want to put some of these connected devices in the same VLAN, right?
First I don't think this is a good practice, since FortiGate ports are considered expensive comparing with switch ports, so first I'd use an external manageable L2 switch, with a trunk to FortiGate, and connect all needed devices to the switch.
On the other hand if we suppose you don't have a L2 switch, I don't know a way to do this with a FortiGate's hardware switch interface, except if your devices can do VLAN tagging (which is not so sure for a printer), and still this seems not like a good practice.
So if you don't have a L2 switch I think your solution is not to use the same VLAN for printer and user, like you can just plug your printer to some FG port without trying to tag the port. This will still allow users to access the printer but through a firewall policy.
Hope this helps.
After thinking twice, in case the above solution doesn't suit you then I think you can do with this workaround:
This way your users can communicate with the printer through the same untagged VLAN.
Hi @AEK
I apologise for not getting back to you earlier; up until today, I was outside.
My customer has, at least, chosen to install a switch.
I appreciate your input. Thanks for all
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.