Solved: Unable to Ping Fortinet from a 4506SW layer2

rfuentes1111 · ‎04-29-2016

Hi Everyone,

I need some help if someone knows about fortinet here is my problem. I have a fortinet that connect to my LAN to a 4506 Catalyst Switch ans is an access switch not the Core switch all my vlan are allow on the access switch. I connect my fortinet which i static an Ip on a interface port 192.168.10.139 subnet 255.255.254.0 and I'm able to ping the default gateway from my fortinet but not able to ping the fortinet from my cisco sw which i have the port set up as a

switchport mode access

switchport access vlan 10

if anyone knows if i'm doing something wrong or missing something your help be appreciate thank you.

Also I allow ping on the fortinet just in case someone ask.

Thank you

Carlos Villagran · ‎04-29-2016

Hi!

Do you have an SVI configured in the switch?

Best regards!

JC

View solution in original post

Carlos Villagran · ‎04-29-2016

Hi!

Do you have an SVI configured in the switch?

Best regards!

JC

rfuentes1111 · ‎04-29-2016

All My vlan are configure on the core switch and my access switch are all trunk to the core to allow all vlan and the only SVI that i have on the access switch is the Management vlan Do i have to create and SVI as well.

Carlos Villagran · ‎04-29-2016

Hi!

If you want to ping from the switch and it is not configured as a L3 switch then the use of a default-gateway is necessary using the command ip default-gateway x.x.x.x

Since the switch does not know that it has to send the traffic to the core switch at ip address x.x.x.x to do inter-vlan routing.

If the management address from where you are trying to ping is not in the same subnet than the fortinet I will not work, if the switch has not a default-gateway pointing to the device which will route the packets the it will not work either.

Hope it helps, best regards!

JC

rfuentes1111 · ‎04-29-2016

What if I connect My fortinet to the Core switch will that work also Do i Need to trunk the port on my core switch interface just in case I decide to plug it to the core or i can leave it as a access port is just that I'm new on this an I have a project to get done. also if i leave it when it is right now I have to enable routing on the switch and i don't need to create a SVI or do I still need to.

Carlos Villagran · ‎04-29-2016

Hello!

In the access switch use the interface vlan 10 as management SVI.

> Interface vlan 10

> ip address x.x.x.x x.x.x.x <<<< Address in the same IP subnet of the fortinet.

> exit

The switch should be able to ping the fortinet.

Let me know how it went, best regards!

JC

rfuentes1111 · ‎04-29-2016

Thank you Carlos,,

But I don't think it will work since I need to have the fortinet on a different vlan 20,

and i don't have a degault gateway on the switch and the only SVI that have is this

Int VLAN 10

ip add 192.168.1.101 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Thank you for your help Carlos,

Carlos Villagran · ‎04-29-2016

No problem!

I can thing of enabling ip routing in the switch using the ip routing command, if it is already routing then I suggest make sure you can ping 192.168.1.1 and that address is the SVI vlan 10 in the core switch which will be routing to vlan 20.

Core must have SVIs in 10 and 20. You can try pinging SVI vlan 20 of the core from the access switch.

Let me know if it worked!

JC

rfuentes1111 · ‎04-29-2016

Thank you Carlos I will try that.