Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amrshawky
New Contributor

Same vlan-ID in defferent Vdom

Hi,

 

my topolgy will be 

 

3 main servers in vlan 10,20,30    >>>  connected to edge switch "1"  >>> FG 1 on port 1

3 backup servers in vlan 10,20,30 >>>  connected to edge switch "2"  >>> FG 1 on port 2

 

2 egde switch "1&2" will connected on 2 ports in Fortigate 

 

how i can make the FW is the getaway to this vlans 

i know that in normal setup i can not create same sub-interface in different physical port in fortigate 

is VDOM can help me in this topolgy ?

 

note that Fortigate is 81E doesnot support 802.3ad .

 

 

 

15 REPLIES 15
Toshi_Esumi
Esteemed Contributor II

I don't know where vdoms come in to your situation as you said on the subject line. But the common setup in your situation is to use a hard-switch (config sys virtual-switch) with FGxxD/E series and bind those two ports into one, so that both ports have exact same set of vlan-tagged interfaces when you configure the vlan sub-interfaces on it.

amrshawky

thanks alot but could you share with an KB that related to this hard-switch (config sys virtual-switch) with FGxxD/E

 

i asked about VDOM if there is help me or not ?

Fortigate 81E doesnot support Aggregated.

Toshi_Esumi
Esteemed Contributor II

For anything new, look for it at the online help first:

https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-networking/Interfaces/Virtual%20Swit...

 

Sounds like nothing to do with vdoms. Hard-switch would solve your problem.

amrshawky

i have attached the needed topology to be more clear.

 

did you mean that vodm will not help . ok tahnks.

 

could i make a virtual-switch between Port1, and Port2  then divided this virtual switch to sub-interfaces?

10.10.10.1/24

10.10.20.1/24

10.10.30.1/24

 

kindly review the attached topology and did you mean the port 1 and 2 in Vswitch and assign all sub-interfaces . right ?

 

 

if i understand right .

 

what is the deference between Virtual switch  in interface level and 802.3ad aggregated ?

 

many thanks in advance

 

Toshi_Esumi
Esteemed Contributor II

"Virtual-Switch" in cli or "hard-switch" in more general term is just FTNT's terminology to refer their own way to put multiple ports into one logical port and a broadcast domain inside of one FGT unit so that all VLAN subinterfaces you create on the logical interface are equally distributed to all member ports. You can't see any of this from outside of the FGT. Each physical port is still just 1Gig trunk port. Nothing to do with standard like 802.3ad aggregation, combine multiple ports and make it to 1Gig x num of ports. And more importantly this is a standard and inter-operable between different vendor equipment.

 

Yes. You just need to configure those vlan 10, 20, 30 subinterfaces on the logical "hard-switch" interface after putting port1 and port2 in it. Then those two ports have the same set of vlans on both. Just like you configure the same set of VLANs on multiple trunk ports on a L2 switch.

amrshawky

great ...

 

the only difference between 803.3ad and V-Switch"Hard-Switch"  are the 802.3ad is standard and bundle the interfaces B.W ? its right ?

 

SO thanks to check the attached configuration and i keep the V-switch interface with no ip and assign sub-interfaces L3-interfaces

 

Toshi_Esumi
Esteemed Contributor II

No, they're two completely different concepts. Those two hard-switch interfaces connect to two different devices, while 802.3ad intfaces connect to the same (at least logically) device.

amrshawky

did you mean in my topology the 802.3ad doesn't help ?

 

connect port1 in FG to SW1 and port2 in FG in SW2 then make port1&2 as aggregated in FG . not help in this toplogy ???

Toshi_Esumi
Esteemed Contributor II

No, you're misunderstanding the concept for the link-aggregation/802.3ad. The other end of two FGT ports need to be connected to one switch (or two switches in one "stacked (Cisco)" or "Virtual Chassis(Juniper)" switch). And you need to configure the aggregation on the switch. Then the link capacity between the FGT and the switch becomes 2Gbps. That's what link-aggregation does, and no help for your situation.