On a FortiGate, it is possible to add (specify/allow) multiple VLANs to the same physical interface. Trunk links can transport traffic for multiple VLANs to other parts of the network (all VLANs, or specified VLANs).
On a Layer-2 switch, you can have only one VLAN subinterface per physical interface, unless that interface is configured as a trunk link. Not a recommended setup, as all acess ports should generally be on the access switches, not on the firewall directly - to allow for redundancy and scalability. This is important to note if a user plans to mix in a switch construct multiple ports (some that lead to hosts, and others that lead to switches).
Workstations and desktop computers, which are commonly originators or destinations of network traffic, are not an active part of the VLAN process.Īll the VLAN tagging and tag removal is done AFTER the packet has left the computer. VLAN ID tags consist of a 4-byte frame extension that switches and routers apply to every packet sent and received in the VLAN. This article is not comprehensive, not a complete guide, but is a start(stub) with some information and examples - hoping it will grow in time to a more accurate description.įamiliarizing with the VLAN traffic and the types of switches available on FortiGates, and their capabilities. Most questions refer to: what type of switch to use in my topology? How to allow more VLANs on a switch, does it need a trunk port? This article describes that documentation on this topic is quite scarce and many times there is nothing to start with.
0 kommentar(er)
