Re: How does the routing work in this design?

misaleh · ‎11-24-2023

This is a design that one of our customers has and everything is supposedly working fine but I'm not sure exactly how the routing works.

The gateway for VLAN 5 (172.16.200.0/24) s created on the fortigate and the port connected to it is configured as a trunk port, but how does that VLAN 5 (the one which the pcs are assigned to and its gateway on the forti) have a different IP than the same vlan 5 which is created on the distrubtion switch with int vlan 5 172.17.244.182/30? Also, what's the use of these 2 static routes on the dist. switch? I'm so confused.
How is this possible and everything is working fine?

MHM Cisco World · ‎11-24-2023

Traffic from host in vlan 5 to gw in forti and then to router via static route.

If the static route down then forti will shift traffic to vlan6 router IP.

Which point not clear to you?

misaleh · ‎11-24-2023

That there are 2 different subnets for VLAN 5 (172.16.200.0/24 and 172.17.244.180/30

MHM Cisco World · ‎11-24-2023

If you not running igp and there is no ip conflict then this overlap never detects.

Forti use defualt route send traffic to router (vlan5)

The router with arp proxy can reply to any arp even if ip interface nit match subnet of arp.

It work but it not optimal.

Do more check I try do lab and test it.

M02@rt37 · ‎11-24-2023

Hello @misaleh

The second static route has got administrative distance (AD) configured: 100. Then, it is the first static route you wright which is the favourite (default AD=1).

The choice of that id vlan 5 is confusing even if Vlan id is a switch point of view.

Each VLAN should typically have a consistent IP address range across devices to ensure proper routing and communication within the VLAN.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.