Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1465
Views
0
Helpful
5
Replies

VX-LAN SETUP

fmugambi
VIP Alumni
VIP Alumni

‎06-10-2025 12:19 AM

Hello Team, FAM!
Attached is my high-level topology between DCs, need help setting up vxlans, Please guide me ,

fmugambi_0-1749539923298.png

 

Labels:
0 Helpful
5 Replies 5

fmugambi
VIP Alumni
VIP Alumni

‎06-12-2025 12:28 AM

HI Team,
Any updates/help on this.

 

Thank you.

0 Helpful

Enes Simnica
Spotlight
Spotlight

‎06-13-2025 05:31 AM - edited ‎06-13-2025 05:32 AM

Hey man. As I was able to concentrate, coming from 16 hours of working nonstop. I tried to make the config as accurate as possible, even though 99% of my brain is shut down now, lool. Also, will try this on EVEng after some sleep... but here’s the precise config for your setup:

DC1 CORE SWITCH (ws-c3850-48T)

! Underlay (MPLS Link to DC2)  
interface Gig1/0/1  
 description MPLS_TO_DC2  
 no switchport  
 ip address 172.16.10.1 255.255.255.252  ! Your /30 link  
!  

! VXLAN Tunnel  
interface Tunnel1  
 description VXLAN_TO_DC2  
 tunnel source 172.16.10.1  
 tunnel destination 172.16.10.2  
 tunnel mode vxlan  
 vni 10000  ! Same VNI on both sides  
!  

! Overlay (Server VLAN)  
vlan 100  
 name DC1_SERVERS  
!  

interface Vlan100  
 description VXLAN_SERVERS_DC1  
 no shutdown  
 vxlan vni 10000  
!  

! FortiGate Connection  
interface Gig1/0/24  
 description TO_DC1_FW  
 switchport access vlan 100  
!  

! Static route to DC2 servers  
ip route 192.168.30.0 255.255.255.0 172.16.10.2
 

DC2 CORE SWITCH (ws-c3850-48T)

 
! Mirror config, just flip IPs  
interface Gig1/0/1  
 description MPLS_TO_DC1  
 no switchport  
 ip address 172.16.10.2 255.255.255.252  
!  

interface Tunnel1  
 description VXLAN_TO_DC1  
 tunnel source 172.16.10.2  
 tunnel destination 172.16.10.1  
 tunnel mode vxlan  
 vni 10000  
!  

vlan 100  
 name DC2_SERVERS  
!  

interface Vlan100  
 description VXLAN_SERVERS_DC2  
 no shutdown  
 vxlan vni 10000  
!  

interface Gig1/0/24  
 description TO_DC2_FW  
 switchport access vlan 100  
!  

ip route 192.168.40.0 255.255.255.0 172.16.10.1
 
But also, Fortigate tweaks, meaning config for Cross-DC routing...:

On DC1FW (192.168.40.1):

 
config router static
  edit 0
    set dst 192.168.30.0 255.255.255.0   # DC2's subnet
    set gateway 192.168.40.254            # DC1 core's VLAN100 IP
    set device "port1"                    # Replace with your FortiGate interface
  next
end

And for the:

DC2FW (192.168.30.1):

config router static
  edit 0
    set dst 192.168.40.0 255.255.255.0   # DC1's subnet
    set gateway 192.168.30.254            # DC2 core's VLAN100 IP
    set device "port1"                    # Replace with your FortiGate interface
  next
end

 If anything's wrong here, blame my sleep-deprived brain. it checked out hours ago loool!

Hope this helps man. 

 

-Enes

more Cisco?!
more Gym?!



If this post solved your problem, kindly mark it as Accepted Solution. Much appreciated!
0 Helpful

fmugambi
VIP Alumni
VIP Alumni
In response to Enes Simnica

‎06-30-2025 01:51 AM

what if the fws the fgt connect to core via ospf on both dcs?
still need the static routing?

0 Helpful

M02@rt37
VIP
VIP
In response to fmugambi

‎06-30-2025 06:01 AM

Hello @fmugambi 

yes use dynamic routing beween Fgt and Core.

What about VxLAN tunnel ? All is OK ?

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

fmugambi
VIP Alumni
VIP Alumni

‎06-30-2025 01:49 AM

testing this, will update with results.
Thank you.

0 Helpful
Customers Also Viewed These Support Documents