Hi,
I have read many times about emac-vlan and how it is supposed to be implemented. But finally when I tried to do it, it doesnt work like expected.
Topology is like this:
TRUNK
undo port trunk vlan 1 (no default/untagged vlan)
(vlan 10) [L3SW | 10.1.10.254] <---> [10.1.10.1 | Forti vdom root] <- this is main connection to ROOT.Vdom, with internet, MGMT int. and all
(vlan 11) [L3SW | 10.1.11.254] <---> [10.1.11.1 | Forti Vdom1]
(vlan 11) [L3SW | 10.1.11.254] <---> [10.1.11.2 | Forti Vdom2]
(vlan 11) [L3SW | 10.1.11.254] <---> [10.1.11.3 | Forti Vdom2]
The goal was to implement emac-vlan interfaces on vdoms1-3, but after setting vdom1 (with vlan tag 11), i cant do it on Vdom2 - getting info that vlan is used by another software switch.
I have similar setup on the WAN side, difference is that I want to use two different ports for one vlan 13 - one for root, one for vdoms. And its the same story, after setting vdom1 with emac in vlan 13, next one cant be configured.
Official cookbook is realy tough to understand for non native eng. It says:
If you configure a VLAN ID for an enhanced MAC VLAN, it won’t join the switch of the underlying interface. When a packet is sent to this interface, a VLAN tag is inserted in the packet and the packet is sent to the driver of the underlying interface. When the underlying interface receives a packet, if the VLAN ID doesn’t match, it won’t deliver the packet to this enhanced MAC VLAN interface.
When using a VLAN ID, the ID and the underlying interface must be a unique pair, even if the belong to different VDOMs. This is because the underlying, physical interface uses the VLAN ID as the identifier to dispatch traffic among the VLAN and enhanced MAC VLAN interfaces.
Underlying port is a just a normal phisical port with no IP/vlan
Does this mean, I should throw at it some random vlan number, or none even?
1 Solution
