Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
timothyd
New Contributor II

WDS across vLANS not working

I am having problems getting WDS to work across VLANs. PCs within the same VLAN can use WDS with no problem, but when I try to use WDS across VLANs, I get the following error:

```

304 11.304373 {WDS.IP} {CLIENT.IP} TFTP 64 Error Code, Code: Illegal TFTP Operation, Message: Access violation.

```

I've tried the following while troubleshooting:

  • Disabling the firewall on the WDS server.
  • Confirmed that WDS is set to reply to ALL clients.
  • Creating a policy that allows ALL traffic from the troubled VLAN to the WDS server.
  • Move the VM between VLANS (works while in the same VLAN as the WDS server, but does not when I move it back).

None of this changed the behaviour. I keep getting the same error.

 

I have the correct DHCP options:

  • Next bootstrap server {WDS.IP.ADDRESS}
  • DHCP Option 66 : String : {WDS.IP.ADDRESS}
  • Set the filename with the following command:
    set filename "smsboot\\x64\\wdsmgfw.efi"

No matter what I do, I keep getting the same message and problem.

 

Has anyone been able to get WDS to work across VLANs?

 

I'm running FortiOS v6.2

Timothy
Timothy
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello Timothy,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Thimothy,

 

We are still looking for a solution.

We will come back to you as soon as we get one.

 

Regards,

Anthony-Fortinet Community Team.
aionescu
Staff
Staff

Hi @timothyd ,

 

If it works in the same VLAN, it means the same broadcast domain.

While replicating the issue please run the following commands:

diagnose debug flow  filter addr x.x.x.x (where x.x.x.x is the IP address of the server)

diagnose debug flow trace start 100

diagnose debug enable

This will show us how traffic is handled.

Labels
Top Kudoed Authors