HPE Community
Comware Based
1753386 Members
6135 Online
108792 Solutions
New Discussion

Re: Trunk VLANs - > Interface Vlan

 
GairHald
Occasional Advisor

‎03-10-2021 03:12 AM

‎03-10-2021 03:12 AM

Trunk VLANs - > Interface Vlan

I have configured a port in TRUNK mode to pass a few VLANs, one of them is 100, I have created an interface-vlan 100 for managing by SSH, this vlan is tagged on one port but I don't arrive

 

interface Vlan-interface100
ip address 172.27.0.15 255.255.255.0
#

 

interface GigabitEthernet3 / 0/45
description FW - Port 2 (Main)
 port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 100 106 114 to 115
#

 

on the other side I have a Fortigate whit these vlans tagged, and I create a static route to arrive and etc, why i can't arrive with this connection, buy if connect SW with a simple cable to simple port (without vlans) i can arrive?? 

thanks

 

However, through a normal port connected to the FW if I arrive, am I doing something wrong?

0 Kudos
6 REPLIES 6
GairHald
Occasional Advisor

‎03-10-2021 03:26 AM

‎03-10-2021 03:26 AM

Re: Trunk VLANs - > Interface Vlan

I need to activate NAT on this policy.... but i don't understand why I need to activate NAT for go to one vlan to other vlans... in others Fortigate with cisco or others switches, i didnt't activate nat, is strange

0 Kudos
akg7
HPE Pro

‎03-13-2021 11:40 PM

‎03-13-2021 11:40 PM

Re: Trunk VLANs - > Interface Vlan

Hello,

IS the vlan 100 is reachable from FW and FW is reachable from switch?

Are you getting any ssh connection error?

Is FW and Switch directly connected?

I believe NAT is not required here.

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
akg7
HPE Pro

‎03-13-2021 11:40 PM

‎03-13-2021 11:40 PM

Re: Trunk VLANs - > Interface Vlan

Re: Trunk VLANs - > Interface Vlan

Hello,

IS the vlan 100 is reachable from FW and FW is reachable from switch?

Are you getting any ssh connection error?

Is FW and Switch directly connected?

I believe NAT is not required here.

Thanks!

I am an HPE Employee
Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
GairHald
Occasional Advisor

‎03-14-2021 10:39 AM

‎03-14-2021 10:39 AM

Re: Trunk VLANs - > Interface Vlan


Yes, FW and SW are directly connected via an ethernet cable in hybrid mode, vlan 1 untagged and the rest of vlans tagged.
But I am seeing that from the SW itself with vlan 1 (untagged) I cannot ping another port / ip of the firewall.

I understand that I have to add the default route?

 

Destinations : 13       Routes : 13

Destination/Mask    Proto  Pre  Cost         NextHop         Interface
0.0.0.0/32          Direct 0    0            127.0.0.1       InLoop0
127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.0/32        Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0
127.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0
172.27.0.0/24       Direct 0    0            172.27.0.15     Vlan1
172.27.0.0/32       Direct 0    0            172.27.0.15     Vlan1
172.27.0.15/32      Direct 0    0            127.0.0.1       InLoop0
172.27.0.255/32     Direct 0    0            172.27.0.15     Vlan1
224.0.0.0/4         Direct 0    0            0.0.0.0         NULL0
224.0.0.0/24        Direct 0    0            0.0.0.0         NULL0
255.255.255.255/32  Direct 0    0            127.0.0.1       InLoop0


Right now I use vlan 1 (native) for management, then in the port of the SW that connects to the FW, I use the following configuration

interface GigabitEthernet1/0/45
 description FW - Port 4 (Main)
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 110 to 112 
#

 

But I have another LAN that is 172.26.0.0/24 that is directly connected to the FW without tagging or anything and I want to be able to get from VLAN 1 (the one that manages the SW) to that LAN, but the PING and the tracert do not respond to me it does not come out of the SW.

I have created a static route in SW towards 172.26.0.0 but it doesn't work either, I left something or am I not creating the route correctly?

The FW in that NETWORK has 172.26.0.1 and in the network of vlan 1 it has 172.27.0.1.

In the static route, the next hop must be 172.26.0.1 or 172.27.0.1 ?? Thanks a lot 

0 Kudos
GairHald
Occasional Advisor

‎03-14-2021 10:42 AM

‎03-14-2021 10:42 AM

Re: Trunk VLANs - > Interface Vlan

But from a machine with VLAN 1 and range 172.27.0.x / 24 if I get to 172.26.0.0/24, because from the SW I can't reach that network?

0 Kudos
akg7
HPE Pro

‎03-15-2021 08:28 PM

‎03-15-2021 08:28 PM

Re: Trunk VLANs - > Interface Vlan

Hello,

There is no routing required if LAN  (172.26.0.0/24) is directly connected to FW.

Give same subnet IP to both connected interfaces. You will be able to ping.

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.