Forti VLANs with Cisco Switch
I'm fairly new to FortiGate and I'm in the process of configuring an 80F to replace a Cisco RV320 router. The RV320 has 4 sub-interfaces tagged with their respective VLANs:
- x.x.0.1 (default), x.x.10.1 (vlan10), x.x.20.1 (vlan 20), x.x.30.1 (vlan 30)
The Cisco core switch has virtual interfaces for each VLAN:
- x.x.0.2 (default), x.x.10.2 (vlan10), etc.
- Each VLAN interface points to a Windows server for a DHCP-helper address
- The DHCP scopes for each VLAN subnet points to the respective switch virtual interface (x.x.x.2) for its gateway
- The core switch has a single default route pointing to x.x.0.1 on the RV320
- The core switch is connected to the RV320 by single trunk port that carries all VLANs
As I'm setting up the 80F I thought it would be nice for each VLAN to have a dedicated physical port on the FortiGate to avoid having congestion on a single shared trunk port:
- I removed 3 ports from "internal" and configured them as standard ports (not VLAN) each with their x.x.x.1 address
- I plan to dedicate 1 core switch port for each VLAN and connect them to the respective 80F ports 1:1
- I plan to change the DHCP scopes for each subnet to point to the x.x.x.1 address of the 80F ports (the reason for using x.x.x.2 previously was to keep inter-VLAN traffic on the switch and off the trunk to the RV320)
I've done something similar for a Guest network on a different Forti device but in that instance the VLAN was carried through the network directly to the (untagged) FortiGate port which handed out DHCP itself. In that case it worked just fine.
Am I going about this the right way or is there a better/easier way? Can I setup a DHCP-helper address on the physical Forti interfaces? Is there benefit to configuring the Forti ports as VLAN interfaces?
What about using a 4-port aggregate on the Forti to a 4-port Etherchannel on the Cisco and keeping the switch's default route to x.x.0.1?
post edited by zp - 2020/09/21 15:37:38