Hello,
I'm encountering a weird problem: I have 12 separate VLANs, with basic navigation, connected to different types of devices (Unifi and MikroTik). The VLANs are propagated, and for example, on the MikroTik, I see that each VLAN is assigned a different IP from my FortiGate DHCP. However, for some reason, 5 VLANs are able to navigate, but the remaining 7 cannot. Below, I've attached snippets of the configuration. If you have any suggestion, it's welcome.
Zona Audio 01 static 0.0.0.0 0.0.0.0 10.0.201.1 255.255.255.0 up disable vlan disable
Zona Audio 02 static 0.0.0.0 0.0.0.0 10.0.202.1 255.255.255.0 up disable vlan disable
Zona Audio 03 static 0.0.0.0 0.0.0.0 10.0.203.1 255.255.255.0 up disable vlan disable
Zona Audio 04 static 0.0.0.0 0.0.0.0 10.0.204.1 255.255.255.0 up disable vlan disable
Zona Audio 05 static 0.0.0.0 0.0.0.0 10.0.205.1 255.255.255.0 up disable vlan disable
Zona Audio 06 static 0.0.0.0 0.0.0.0 10.0.206.1 255.255.255.0 up disable vlan disable
Zona Audio 07 static 0.0.0.0 0.0.0.0 10.0.207.1 255.255.255.0 up disable vlan disable
Zona Audio 08 static 0.0.0.0 0.0.0.0 10.0.208.1 255.255.255.0 up disable vlan disable
Zona Audio 10 static 0.0.0.0 0.0.0.0 10.0.210.1 255.255.255.0 up disable vlan disable
Zona Audio 11 static 0.0.0.0 0.0.0.0 10.0.211.1 255.255.255.0 up disable vlan disable
Zona Audio 12 static 0.0.0.0 0.0.0.0 10.0.212.1 255.255.255.0 up disable vlan disable
----
edit "Zona Audio 10"
set vdom "root"
set ip 10.0.210.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 33
set interface "internal"
set vlanid 210
next
edit "Zona Audio 02"
set vdom "root"
set ip 10.0.202.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 25
set interface "internal"
set vlanid 202
next
edit "Zona Audio 03"
set vdom "root"
set ip 10.0.203.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 26
set interface "internal"
set vlanid 203
next
edit "Zona Audio 04"
set vdom "root"
set ip 10.0.204.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 27
set interface "internal"
set vlanid 204
next
edit "Zona Audio 06"
set vdom "root"
set ip 10.0.206.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 29
set interface "internal"
set vlanid 206
next
edit "Zona Audio 07"
set vdom "root"
set ip 10.0.207.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 30
set interface "internal"
set vlanid 207
next
edit "Zona Audio 08"
set vdom "root"
set ip 10.0.208.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 31
set interface "internal"
set vlanid 208
next
edit "Zona Audio 11"
set vdom "root"
set ip 10.0.211.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 34
set interface "internal"
set vlanid 211
next
edit "Zona Audio 12"
set vdom "root"
set ip 10.0.212.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 35
set interface "internal"
set vlanid 212
next
edit "Zona Audio 05"
set vdom "root"
set ip 10.0.205.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 28
set interface "internal"
set vlanid 205
next
edit "Zona Audio 01"
set vdom "root"
set ip 10.0.201.1 255.255.255.0
set allowaccess ping
set device-identification enable
set role lan
set snmp-index 19
set interface "internal"
set vlanid 201
next
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
some more config. Feel free to ask anything -----------
edit 44
set name "Navigazione Zona 01"
set uuid 5d28c1e6-946b-51ee-566a-20657ce24297
set srcintf "Zona Audio 01"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 01 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
next
edit 26
set name "Navigazione Zona 02"
set uuid 1f320b94-9034-51ee-e636-0acd6c6e1227
set srcintf "Zona Audio 02"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 02 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments " (Copy of Navigazione Zona 01)"
next
edit 27
set name "Navigazione Zona 03"
set uuid 3a09ab7a-9034-51ee-30bc-78f67507ebd5
set srcintf "Zona Audio 03"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 03 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"
next
edit 28
set name "Navigazione Zona 04"
set uuid 3d49470a-9034-51ee-a6a0-89905b56338a
set srcintf "Zona Audio 04"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 04 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"
next
edit 30
set name "Navigazione Zona 05"
set uuid 88ffaec0-9447-51ee-9b71-1b023a32bd52
set srcintf "Zona Audio 05"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 05 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"
next
edit 29
set name "Navigazione Zona 06"
set uuid 3fbacc70-9034-51ee-7721-c7e900154f25
set srcintf "Zona Audio 06"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 06 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"
next
edit 36
set name "Navigazione Zona 07"
set uuid 4dc8ae4a-9034-51ee-f6b0-55f73ebdfa02
set srcintf "Zona Audio 07"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 07 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"
next
edit 31
set name "Navigazione Zona 08"
set uuid 45052ffe-9034-51ee-23da-60f0920067fc
set srcintf "Zona Audio 08"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 08 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments ""
next
edit 32
set name "Navigazione Zona 10"
set uuid 47322674-9034-51ee-8c43-c6cc4781200f
set srcintf "Zona Audio 10"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 10 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments ""
next
edit 34
set name "Navigazione Zona 11"
set uuid 4ae230fc-9034-51ee-b737-e48bf0d9721a
set srcintf "Zona Audio 11"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 11 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments ""
next
edit 33
set name "Navigazione Zona 12"
set uuid 48e03a60-9034-51ee-21f2-b1214134ae8c
set srcintf "Zona Audio 12"
set dstintf "wan2"
set action accept
set srcaddr "Zona Audio 12 address"
set dstaddr "all"
set schedule "always"
set service "ALL"
set nat enable
set comments " "
next
Hi @Acasy,
What is the issue? 1 VLAN can't reach another VLAN? Is DHCP working correctly?
If 1 VLAN can't access another VLAN, you can run debug flow to see if it's being dropped. Please refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1697 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.