| Description | This article describes how to translate one VLAN tag to another VLAN tag. (For example, VLAN 2010 to 10.) |
| Scope | FortiSwitch 6.4.x and later versions. |
| Solution |
Sometimes, it is necessary to change the tag of the VLAN received and forward it to its destination with a different tag. Both of the end clients must share the same network.
In this example, traffic will be generated by two VM machines having the IP addresses 10.1.10.100 and 10.1.10.101 in 255.255.255.0. The VM will send the traffic tagged with VLAN 2010 as shown in the setup above. In this example, the FortiGate interface has the IP 10.1.10.1/24. FortiGate does not have PVLAN 2010 and will receive packets tagged with VLAN 10 only. The goal of this setup is to change the VLAN tag from 2010 to 10 to prevent packet discarding from occurring on the FortiGate interface.
Configuration on FortiSwitch.
config switch interface edit "port23" set native-vlan 200 set allowed-vlans 10,2010 next end config switch interface edit "port11" set allowed-vlans 10,2010 next end config switch acl ingress edit 1 set group 2 set ingress-interface "port11" config classifier set vlan-id 2010 end config action set count enable set outer-vlan-tag 10 end next edit 2 set group 2 set ingress-interface "port23" config classifier set vlan-id 10 end config action set count enable set outer-vlan-tag 2010 end next end
See Configuring an ACL policy in the administration guide for ACL commands. |
