Description
This article provides the list of the VLANs used for the SLBC architecture.
Scope
All FortiGate and FortiController v5.0, v5.2, v5.4
Solution
- VLAN 101 is used for management traffic over base-mgmt interface (http, https, snmp, telnet, ssh). Internal subnet is 10.101.10.0/24.
- VLAN 301 is internally translated to VLAN 333 and used by elbc-base-ctrl interface. It is used for 3 types of traffic:
- FortiGate session synchronization - Internal subnet 10.101.11.0/24.
- FortiGate route and forwarding table synchronization – internal subnet is 10.147.187.0/24.
- FortiGate configuration synchronization – Internal subnet 169.254.1.0/24.
- VLAN 999 is used for 2 types of traffic:
- FortiController Heartbeat – non IP, ethertype 0x9890.
- Configuration synchronization – Internal subnet 169.254.128.0/29.
- VLAN 1900 and 1901 are used for FortiController session synchronization. Non IP, ethertype 0xCCDD.
In case of redundant or dual mode SLBC architecture, those VLANs must be allowed on the switch sitting in between.
Troubleshooting Tips:
- If experiencing connectivity issues, ensure the VLAN IDs match across all devices.
- Check firewall rules to ensure specific traffic types are not being inadvertently blocked.
- Use tools like ping and traceroute to diagnose potential network problems related to VLANs.
Best Practices:
- Always document changes to VLAN configurations.
- Implement monitoring and alerting for abnormal traffic patterns.
- Regularly review and update configurations to match current network topology and requirements.
Conclusion:
Understanding and correctly implementing VLANs as per the SLBC architecture ensures optimal performance and security for FortiGate and FortiController deployments.
