Hot!Switchport access in FortiGate

Author
fjulianom
Silver Member
  • Total Posts : 101
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/11 07:05:08
  • Status: offline
2017/12/07 12:59:36 (permalink)
0

Switchport access in FortiGate

Hi guys,
 
My customer wants to replace his Cisco router by a FortiGate. It has many ports as trunks allowing some VLANs, and I know I can easily accomplish this in the FortiGate. But it has also one port as switchport in access mode associated to one VLAN, like this:
 
interface GigabitEthernet0/1/0
 switchport access vlan 88
 no ip address
 
interface Vlan88
 ip address 10.8.8.1 255.255.255.0
 
The FortiGate will be operating in NAT mode. How can I create a FortiGate port in access mode associated to one VLAN as above?
 
Regards,
Julián
#1

7 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 4991
    • Scores: 306
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Switchport access in FortiGate 2017/12/07 13:52:55 (permalink)
    0
    config sys interface
     
       edit port1
          set ip 10.8.8.1 255.255.255.0
          set vdom root
          set allowaccess ping
        end
     
    That's a standard interface using a non-tag interface.
     
    Ken
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #2
    fjulianom
    Silver Member
    • Total Posts : 101
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/10/11 07:05:08
    • Status: offline
    Re: Switchport access in FortiGate 2017/12/07 14:27:12 (permalink)
    0
    Hi Ken,
     
    But that port is associated to none VLAN, and also an access port has no IP address.
     
    Regards,
    Julián
     
    #3
    fjulianom
    Silver Member
    • Total Posts : 101
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/10/11 07:05:08
    • Status: offline
    Re: Switchport access in FortiGate 2017/12/08 09:27:25 (permalink)
    0
    Hi guys,
     
    Any idea? Is that possible?
     
    Regards,
    Julián
    #4
    emnoc
    Expert Member
    • Total Posts : 4991
    • Scores: 306
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Switchport access in FortiGate 2017/12/08 10:29:04 (permalink)
    0
    Your confusing a SWITCHPORT and a SVI, they are not the same and a Fortigate is not a SWITCH per-se. You want to  build a switch ( reason unknown ) than you can build a switch and  set a lan  interface.
     
     
    google fortigate   and internal-switch  on a an example of a switch. if you need a interface as alayer3 interface and attach to a Ethernet-Lan the above configure will  demo that.
     
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #5
    fjulianom
    Silver Member
    • Total Posts : 101
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/10/11 07:05:08
    • Status: offline
    Re: Switchport access in FortiGate 2017/12/08 10:40:10 (permalink)
    0
    Hi Ken,
     
    I am not confusing switchport and SVI and I know they are not the same (many years working on this and also CCNP like you, though beginner in FortiGate). The customer's Cisco router is not a switch itself either, but you can convert a layer 3 interface into a switchport (layer 2 interface). My customer wants to replace his router by the FortiGate and then replicate its configuration, and that's the reason I am asking if this part of configuration is possible in FortiGate:
     
    interface GigabitEthernet0/1/0
     switchport access vlan 88
     no ip address
     
    Regards,
    Julián
     
    post edited by fjulianom - 2017/12/08 10:53:25
    #6
    emnoc
    Expert Member
    • Total Posts : 4991
    • Scores: 306
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Switchport access in FortiGate 2017/12/08 11:14:12 (permalink)
    0
    If your port is switchport , that means your a SWITCH. It means you  are learning mac address as a SWITCH , it means you are participating as a SWITCH ( BDPUs , spanning tree etc.....)
     
    DO you want the fortigate to be a SWITCH? and carry all of the above?
     
    If yes, than google fortigate and internal-switch  as suggested before , and select the port(s) you want to be for a switch and follow the KB.
     
    A switch-internal will still need a layer3 addressed interface for that switch if you plan on routing thru it or attaching  route-nat mode fwpolicies
     

    The customer's Cisco router is not a switch itself either, but you can convert a layer 3 interface into a switchport (layer 2 interface).

     
     
    I never heard of a cisco-router that can be a switch, but I have heard of L2/3 switches that are routers. So what is the customer device a switch or a router? "show inv hardware or version"
     
     
    Ken
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #7
    fjulianom
    Silver Member
    • Total Posts : 101
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/10/11 07:05:08
    • Status: offline
    Re: Switchport access in FortiGate 2017/12/11 15:35:26 (permalink)
    0
    Hi Ken,
     
    Today I was in customer side and have seen the device, it is a 2901 Cisco router, but the point is it has a EHWIC switch module, where the switchport was configured.
     
    I will deal with VLAN88 by configuring an interface VLAN88 with an IP address and associated to the trunk interface as well.
     
    Many thanks for your support,
    Julián
    #8
    Jump to:
    © 2018 APG vNext Commercial Version 5.5