Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1945
Views
0
Helpful
1
Replies

Cisco SG300 vlans with Fortigate 90D

scalarpresence
Level 1
Level 1

‎04-23-2018 03:26 AM - edited ‎03-05-2019 10:19 AM

I need help in setting up my network, currently I have the following setup.

NET.jpg

 

All the computers can browse the internet but when I tried to create a two groups (a group that can access the internet and a group that can't access the internet) using Device MAC Access Control but to no avail still all the computers can access the internet. I follow the instructions in the Fortigate Cookbook (FORTI OS 5.4), Fortigate seems cannot recognize/identify MAC Addreses of the computers int the network.

Labels:
0 Helpful
1 Reply 1

Deepak Kumar
VIP Alumni
VIP Alumni

‎04-23-2018 03:33 AM - edited ‎04-23-2018 03:35 AM

Hi, 

As I am getting your point, This is happening due to routing on your core switch (default behavior). Due to routing, you are switching will modify L2 header and attaching source mac as self-interface mac address. 

 

try with "no ip proxy-arp" commands under all VLANs or L3 interface on the switch and test it again. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card