Problem with VLAN routing
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-26-2015 09:43 AM
Hi all,
I try to set up a x450-G2-24t with XOS 16.1.1.4 as a router for clients that want to access a specific host at 10.12.0.241 in a /24 net. Clients are in a 172.30.x.x/16 net.
I configured the vlans (vlan tag 100 and vlan tag 10) and enabled ipforwarding globally and for the vlans. what is working so far is pinging the switch ip in the 10.12.0.x lan from the 172.30.x.x switch ip. what also works is pinging the 10.12.0.241 host ip from the 10.12.x.x switch ip.
But when trying to ping the host ip from the 172.30.x.x switch ip i get no answer.
so what did i miss? do i have to add some specific routing?
thankful for any tips!
Peter
I try to set up a x450-G2-24t with XOS 16.1.1.4 as a router for clients that want to access a specific host at 10.12.0.241 in a /24 net. Clients are in a 172.30.x.x/16 net.
I configured the vlans (vlan tag 100 and vlan tag 10) and enabled ipforwarding globally and for the vlans. what is working so far is pinging the switch ip in the 10.12.0.x lan from the 172.30.x.x switch ip. what also works is pinging the 10.12.0.241 host ip from the 10.12.x.x switch ip.
But when trying to ping the host ip from the 172.30.x.x switch ip i get no answer.
so what did i miss? do i have to add some specific routing?
thankful for any tips!
Peter
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-02-2015 12:17 PM
Hi,
Sorry to get back a bit later but finally i got the infos you asked for:
they only have one untagged physical interface running on the forti - i asked to setup vlan interfaces now
the /16 net was already setup so I have to take it as it is 😉
the fortigate acts as a gateway
now im waiting for feedback if enabling the vlan interfaces on the forti did help!
thx so far!
Peter
Sorry to get back a bit later but finally i got the infos you asked for:
they only have one untagged physical interface running on the forti - i asked to setup vlan interfaces now
the /16 net was already setup so I have to take it as it is 😉
the fortigate acts as a gateway
now im waiting for feedback if enabling the vlan interfaces on the forti did help!
thx so far!
Peter
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-30-2015 02:21 PM
Hi Peter, any luck getting this resolved?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-26-2015 10:12 PM
Do you have 2 vlans on fortigate 100 and 10?
And one another question, do you really need a mask /16 ?
This is a lot of hosts in one vlan.
And last, the fortigate act as a gateway or as a switch ?
--
Jarek
And one another question, do you really need a mask /16 ?
This is a lot of hosts in one vlan.
And last, the fortigate act as a gateway or as a switch ?
--
Jarek
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-26-2015 09:51 PM
you are right - what i forgot to mention is that I setup a route at the Fortigate C60 Office for 10.12.0.0/24 - GW:10.12.0.244.
but it seems as my x450 doesnt forward anything - when i try to reach HostA vom the x440 (tested with ping 10.12.0.241 from 172.30.1.239) i get no answer; if i try to reach 10.12.0.244 from 172.30.1.239 that works...
same thing when i try to reach 172.30.1.1 from HostA no answer with ping, if i try to ping it from the x450 ok
i will have a close look on the clientside once again
Peter
but it seems as my x450 doesnt forward anything - when i try to reach HostA vom the x440 (tested with ping 10.12.0.241 from 172.30.1.239) i get no answer; if i try to reach 10.12.0.244 from 172.30.1.239 that works...
same thing when i try to reach 172.30.1.1 from HostA no answer with ping, if i try to ping it from the x450 ok
i will have a close look on the clientside once again
Peter
