Vlans on Fortiswitch

noitalever · ‎07-19-2017

Ok, so I'm fairly new to vlans, but not networking. So I may be doing this completely wrong, but here goes.

I have a Fortigate 60e that I'm connecting to a Fortiswitch 124d-POE.

Here's what I want to do, and what fortigate tech support for what has ended up being 11 hours now can't seem to accomplish, or even tell me how to accomplish.

I have 12 polycomm voip phones vvx310's that have a computer attached to the lan passthrough on the phone, and the phone plugged into the only port on the wall. So two devices going to one hole in the wall. We only have one cable running to any of the offices. things are ridiculously slow now, so I want to have the phones on one vlan and the computers on another. DHCP/dns for the phones can come from the firewall, but the computers need it to come from the 2012 essentials server.

I set up the fortigate to manage the switch on port one, capwap connects fine, and I setup the two vlans, default vlan is 10.0.0.1(computers) no dhcp, and second vlan is 10.0.50.1(polycoms) with dhcp enabled. I assigned them to the ports, even set the phones to default to the phone vlan in the edgewater router, but they just refuse to get IP's from anything other than the server. They work fine that way, get internet, etc. but not separate.

Unless I eliminate the default vlan from the port. Then both the computer and phone get dhcp from the polycom vlan and surf just fine. Nothing I do seems to make the phones and the computers see the separate vlans. I thought I almost had it once by doing some magic with the mac address on one of the phones in the advanced dhcp config on the polycom vlan, but I couldn't replicate it.

So my question is, am I missing something on the config of the firewall? I've seen lots of conflicting info regarding "transparent mode" and at one point even had a high level tech tell me he "thinks" I need the switch in stand alone mode to do what I want.

Any docs, or even a suggested config would be helpful at this point. Is what I'm asking to do that uncommon? and I guess secondly am I kidding myself that it's going to make any difference in the speed of the network.

Prab · ‎12-18-2017

noitalever wrote:
Ok, so I'm fairly new to vlans, but not networking. So I may be doing this completely wrong, but here goes.

I have a Fortigate 60e that I'm connecting to a Fortiswitch 124d-POE.

Here's what I want to do, and what fortigate tech support for what has ended up being 11 hours now can't seem to accomplish, or even tell me how to accomplish.

I have 12 polycomm voip phones vvx310's that have a computer attached to the lan passthrough on the phone, and the phone plugged into the only port on the wall. So two devices going to one hole in the wall. We only have one cable running to any of the offices. things are ridiculously slow now, so I want to have the phones on one vlan and the computers on another. DHCP/dns for the phones can come from the firewall, but the computers need it to come from the 2012 essentials server.

I set up the fortigate to manage the switch on port one, capwap connects fine, and I setup the two vlans, default vlan is 10.0.0.1(computers) no dhcp, and second vlan is 10.0.50.1(polycoms) with dhcp enabled. I assigned them to the ports, even set the phones to default to the phone vlan in the edgewater router, but they just refuse to get IP's from anything other than the server. They work fine that way, get internet, etc. but not separate.

Unless I eliminate the default vlan from the port. Then both the computer and phone get dhcp from the polycom vlan and surf just fine. Nothing I do seems to make the phones and the computers see the separate vlans. I thought I almost had it once by doing some magic with the mac address on one of the phones in the advanced dhcp config on the polycom vlan, but I couldn't replicate it.

So my question is, am I missing something on the config of the firewall? I've seen lots of conflicting info regarding "transparent mode" and at one point even had a high level tech tell me he "thinks" I need the switch in stand alone mode to do what I want.

Any docs, or even a suggested config would be helpful at this point. Is what I'm asking to do that uncommon? and I guess secondly am I kidding myself that it's going to make any difference in the speed of the network.

Hi noitalever,

I am not sure how the polycoms work, but you can achieve this topology as shown in the attached image. I assume that I understood your question. :D

Hope it helps you further.

Thanks,

Prab