Network configuration

Configuring VLANs

 

 

Adding VLAN subinterfaces

The VLAN ID of each VLAN subinterface must match the VLAN ID added by the IEEE 802.1Q-compliant router. The VLAN ID can be any number between 1 and 4096. Each VLAN subinterface must also be configured with its own IP address and netmask.

You add VLAN subinterfaces to physical interfaces. You can add over 1000 VLAN subinterfaces to a FortiGate unit.

Rules for VLAN IDs

Two VLAN subinterfaces added to the same physical interface cannot have the same VLAN ID. However, you can add two or more VLAN subinterfaces with the same VLAN IDs to different physical interfaces. There is no internal connection or link between two VLAN subinterfaces with same VLAN ID. Their relationship is the same as the relationship between two main interfaces.

Rules for VLAN IP addresses

Normally, the IP addresses of all FortiGate interfaces cannot overlap. That is, the IP addresses of all interfaces must be different on different subnets. However, some overlap of VLAN subinterfaces is allowed. The rules for overlapping VLAN subinterface IP addresses are:

Two or more VLAN subinterfaces can have the same IP address as long as they have different VLAN IDs.

The IP addresses of two or more VLAN subinterfaces can be on the same subnet as long as they have different VLAN IDs.

The IP address of a VLAN subinterface must different from IP address of the interface that it is added to.

The IP address of a VLAN subinterface can be on the same subnet as the IP address of the interface that it is added to.

You cannot add firewall policies between 2 VLAN subinterfaces that have the same IP address or that have IP addresses in the same subnet, even if their VLAN IDs are different.

Adding a VLAN subinterface

Use the following procedure to add VLAN subinterfaces:

1Go to System > Network > Interface.

2Select New VLAN to add a VLAN subinterface.

3Enter a Name to identify the VLAN subinterface.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

4Select the interface that receives the VLAN packets intended for this VLAN subinterface.

5Enter the VLAN ID that matches the VLAN ID of the packets to be received by this VLAN subinterface.

The VLAN ID can be any number between 1 and 4096 but must match the VLAN ID added by the IEEE 802.1Q-compliant router.

FortiGate-400 Installation and Configuration Guide

141

Page 140 Page 142
Page 141
Image 141
Fortinet 400 Adding Vlan subinterfaces, Rules for Vlan IDs, Rules for Vlan IP addresses, Adding a Vlan subinterface, 141
Page 140 Page 142
Top Page Image Contents