General VLAN configuration

szboardstretcher · 02-24-2015, 12:01 PM

I have a Cisco 2960XR,. and I've configured a vlan on it.

I also have a Fortigate 100D firewall.

So, switch ports 1-12 are configured as Vlan 5.

Vlan 5 is configured with an ip address of 10.0.10.1.

A computer is plugged into switch port 12, and the firewall interface for Vlan 5 is plugged into port 1. I have configured the firewall interface as 10.0.10.2 and assigned it to Vlan 5.

In my mind, a computer would use the 'gateway' of the vlan = 10.0.10.1. And I further figure that somehow this vlan has to forward traffic to the firewall 10.0.10.2. So is that correct, and how do I do that in a cisco 2960XR?

If anyone has the time to take me step by step through a simple VLAN configuration I would appreciate it,. or answer the above question if I am close to getting it correct.

Ser Olmy · 02-24-2015, 01:59 PM

I'm not familiar with the Fortigate 100D, but if you've configured a VLAN interface on that box and assigned it the number 5, the firewall should send and expect to receive 802.1q tagged frames with that specific VLAN number.

If you then connect the physical interface of the Fortigate to a switch port in access VLAN 5, the Forticate will send 802.1q tagged frames labeled "5" to a port which is a member of VLAN 5 and expects untagged frames. That won't work.

Try configuring the switch port as a VLAN trunk with a native VLAN other than 5:

Code:

Switch(config)#interface GigabitEthernet 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk native vlan 1

This is assuming that the port in question is "GigabitEthernet 0/1", of course.