Hey everyone,
I have two fortiswitch 224D running 7.2.2 firmware that i want to configure standalone.
Switch 1 uses ports 23/24 for WAN and is connected to switch 2 with fiber.
My workstation is connected to switch 1 using mgmt port.
I created the vlans i need and also created a trunk using the fiber ports however, i seem not to be able to communicate with switch 2.
Since i am obviously doing something wrong but don't know what, could someone point me in the right direction ?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You have to configure a valid GW on the static route configurations on the switch being part of this subnet 172.16.0.x. The gateway device should be able to route the traffic from the switch to the PC you are using to access it.
As I understood you have connected the two switches with two fiber links and you are trying to setup a Link Aggregation on those 2 links. Did you pass the needed VLAN on the trunk interface?
You can try to setup two IPs on both Switches on the same subnet and VLAN, make sure it's allowed on the trunk and try to ping from one switch to another.
Thank you for your reply. You are correct, that is what i am trying.
I want to connect switch one to my router and connect switch 2 to switch 1 using fiber.
I have 3 VLANS and assigned an ip address to VLAN1 (on both switches. last octed .240 and .241) and can ping .241 from .240
What connectivity between switches is not working? You should have L2 connectivity across the trunk. That is endpoints on SW2 in VLANX should be able to communicate to endpoints on SW1 in VLANX.
Are you struggling to communicate with SW2's L3 management IP address?
Due to illness i was unable to reply.
The situation is now like this:
Switch 2:
- Connected to the network on port 24 (uplink)
- Endpoint device on port 1 (dhcp)
- Fiber on port 28 to switch 3
Switch 3:
- Fiber to Switch 2 on port 28
- Endpoint on port 1 (dhcp)
On both switches port 28 is added to a trunk
Both switches have the same VLAN setup on the same ports (1,10,18 where 10 is native)
VLAN 1 has a static ip address:
Traffic is forwarded from switch 2 to switch 3 and also returning. So Endpoint devices have internet and network access.
I can connect to both switches now through the network when i set my network adapter to the same subnet as VLAN1, else not.
I do have configured a static route on both switches to the gateway
At this point i am not sure what the problem could be. As far i i understand it, i should be perfectly able to connect to the switch from any VLAN. Not only the MGMT port or when using the same subnet ?
I was doing some tests and found out that on the route the Device should be set as Internal
You can also check if the route is being applied by running this command
# get router info routing-table all
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, A - Babel,
> - selected route, * - FIB route, ^ - HW install failed
S>* 0.0.0.0/0 [10/0] via 10.5.32.1, internal
C>* 10.5.32.0/23 is directly connected, internal
C>* 127.0.0.0/8 is directly connected, lo
A simple ping from the GW to the switch management VLAN verifies that the mgmt VLAN spanning is done between the switches and the GW, than is a matter of routing and security policies. If you have used the VLAN1 just make sure that the Gateway is routing this traffic and the static route configured in the switches are correct.
If you want to create a dedicated management interface tied to a VLAN you have to create an internal interface and setup the IP. (default is on VLAN 1).
Created on 03-17-2023 03:17 AM Edited on 03-17-2023 03:18 AM
This is what my configuration of Switch 3 looks like. Gateway is 172.16.0.240 which is switch 2
You have to span VLAN 1 (mgmt) to the L3 device you have in the network and set the IP of that L3 devices (router/firewall/L3switch) as gateway on both of this switches.
In your current configuration you are adding switch 2 as the next hop and I don't think that switch 2 is routing these packets anywhere.
Sorry for the late reaction.
I have made some changes as you suggested and it is pretty much working. Only thing is that i still can not connect to the management vlan from a different vlan.
So what i want to achieve is this:
I do have a management VLAN (VLAN1) that is used to manage servers and network devices.
Admins are allowed to use that VLAN and access the webinterface. Users are not allowed to use that vlan or connect to the webinterface of the switch.
I (as an admin) want to be able to connect to the switch using VLAN3 from whatever VLAN i am on.
That is how it works on the current unify gear.
At this point i can only connect to the fortiswitch web interface when i use a local IP of 172.16.0.x
So at this point i am not sure where to add what to achieve what i want.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.