Rules for vlan ip addresses, Adding vlan subinterfaces – Fortinet FortiGate 4000 User Manual

Page 152

Advertising
background image

152

Fortinet Inc.

VLANs in NAT/Route mode

Network configuration

Rules for VLAN IP addresses

IP addresses of all FortiGate interfaces cannot overlap. That is, the IP addresses of all
interfaces must be on different subnets. This rule applies to both physical interfaces
and to VLAN subinterfaces.

Adding VLAN subinterfaces

The VLAN ID of each VLAN subinterface must match the VLAN ID added by the IEEE
802.1Q-compliant router. The VLAN ID can be any number between 1 and 4096.
Each VLAN subinterface must also be configured with its own IP address and
netmask.

You add VLAN subinterfaces to the physical interface that receives VLAN-tagged
packets.

To add VLAN subinterfaces

1

Go to System > Network > Interface.

2

Select New VLAN to add a VLAN subinterface.

3

Enter a Name to identify the VLAN subinterface.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.

4

Select the interface that receives the VLAN packets intended for this VLAN
subinterface.

5

Enter the VLAN ID that matches the VLAN ID of the packets to be received by this
VLAN subinterface.
The VLAN ID can be any number between 1 and 4096 but must match the VLAN ID
added by the IEEE 802.1Q-compliant router or switch.

6

Configure the VLAN subinterface settings as you would for any FortiGate interface.
You can add the VLAN subinterface to a zone, configure addressing, add a ping
server, and configure administrative access to the VLAN subinterface. For more
information, see

“Configuring interfaces” on page 142

.

7

Select OK to save your changes.
The FortiGate unit adds the new subinterface to the interface that you selected in
step

4

.

Note: You can enter the CLI command set system ip-overlap enable to allow IP
address overlap. If you enter this command, multiple VLAN interfaces can have an IP address
that is part of a subnet used by another interface. This command is recommended for advanced
users only.

Advertising
Popular Brands
Popular manuals