Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4584
Views
0
Helpful
5
Replies

Need advice on L3 switch and fortigate appliance

awwa_it_temp
Level 1
Level 1

‎10-09-2015 11:08 PM - edited ‎03-08-2019 02:09 AM

Currently we are using a fortigate 300C as a gateway and doing some inter-sites routing over WAN. All the switches are L2 switches. We are looking to implement VLANs and do inter-vlan routing by adding a L3 switch.

I am following the inter-vlan guide from here: http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html

This involves configuring the L3 switch as the VLAN's gateway and also assign a IP to a physical port (via the no switchport command). 

Scenario

The thing that got me thinking is this: We using the Forti-AP from fortinet  as the wireless access points for central management and assigning profiles to the APs. We are using tunneling mode (meaning we have multiple [virtual] wireless SSIDs and IP range for each SSID). The AP will still have a physical IP that is assigned by the physical subnet/interface Currently the gateway of the physical subnet is the 300C. 

Question

So if i were to follow the inter-vlan guide above, will the fortigate 300C still be able to control/management/talk to the forti-APs since it have to go through the L3 port?

*updated with simplified diagram

Labels:
Preview file
30 KB
Preview file
35 KB
0 Helpful
5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

‎10-10-2015 08:45 AM

I have never used Fortigate APs or controllers, but if the switches are currently layer-2 only and you are planning to make them layer-3 and do the inter-vlan routing using the switch instead of the Fortigate, you would have to change the gateway for APs to be the switch and put the 300c in the same vlan as the APs.

HTH 

0 Helpful

awwa_it_temp
Level 1
Level 1
In response to Reza Sharifi

‎10-10-2015 09:44 AM

Hi, Reza

The APs physical interface will detect VLAN based on physical switchport and hence I assume it can be configured to detect the L3 switch as the default gateway.

If i were to follow the inter-vlan guide i quoted above, how do i put them in the same vlan if i alrdy used the "no switchport" command at the L3 switch?

At this site we have 3 VLANs at the moment, 2 data and 1 voice

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to awwa_it_temp

‎10-10-2015 10:26 AM

Hi,

So, to put the APs in the same vlan as the 300c, you just configured the port connecting to the 300c as trunk or access ports.  In this case, there isn't a layer-3 routed connection between the switch and the 300c.  It would simply be a layer-2 port just like any other device, and all the vlans are routed using the switch. Does this make scene or I am picturing this wrong?

Thanks,

 

 

0 Helpful

awwa_it_temp
Level 1
Level 1
In response to Reza Sharifi

‎10-12-2015 03:55 AM

i just added a simple illustration to show my current and desired config

0 Helpful

Florin Barhala
Level 6
Level 6
In response to awwa_it_temp

‎10-12-2015 04:12 AM

Hi mate,

This is more of Fortinet forums question as you will change the way you deploy your FortiAP. I suggest you read this: http://docs.fortinet.com/d/fortigate-wireless-520 

Also go on: https://forum.fortinet.com/ ; knowledgeable guys are there too and will help you out ;)

0 Helpful
Customers Also Viewed These Support Documents