Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
vraev
Staff
Staff

Created on ‎09-18-2023 06:42 AM Edited on ‎09-18-2023 07:29 AM

Article Id 274217

Technical Tip: Creating a VLAN interface on FortiManager and FortiAnalyzer

Description

 

This article describes how to create a VLAN interface under FortiManager and FortiAnalyzer.

 

Scope

 

FortiManager and FortiAnalyzer 7.2 and onward.

 

Solution

 

VLAN is 802.1q and 802.1ad IEEE standard. The tag that is added to every single Ethernet header is 4 bytes in 802.1q and 8 bytes in 802.1ad.

In 802.1q there is an option to set from 1 to 4096 unique IDs. In 802.1ad there is an option to set up to 16777216 unique IDs.

If there are different intermediary devices consult with their technical documentation about which protocols are supported.

 

dot1q_1.jpg

 

 

The configuration can be made under the GUI and CLI.

 

Under GUI:

 

To create a new VLAN interface, follow this document:

FortiManager supports VLANs on physical network interfaces

 

After the setup is done use ping to check the connectivity with other devices that are in the IP subnet related to the VLAN.

 

VLAN_GUI_PING_1.png

 

Packet capture is another way to review that the setup is correct.

 

VLAN_capture.png

 

Other commands that are helpful for troubleshooting are presented below:

 

FMG3HF-vlan-test2 # diagnose fmnetwork interface list


VLAN70 Link encap:Ethernet HWaddr 04:D5:90:75:5F:F2
inet addr:10.70.70.2 Bcast:10.70.70.255 Mask:255.255.255.0
inet6 addr: fe80::6d5:90ff:fe75:5ff2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:112 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1638 (1.5 KiB) TX bytes:8188 (7.9 KiB)

 

FMG3HF-vlan-test2 # diagnose fmnetwork arp list
index=3 ifname=port1 10.109.63.254 00:09:0f:09:c6:23 state=00000002 use=24527 confirm=0 update=24483 ref=1
index=1 ifname=lo 0.0.0.0 00:00:00:00:00:00 state=00000040 use=60682952 confirm=0 update=60682952 ref=0
index=12 ifname=VLAN70 10.70.70.1 04:d5:90:75:5f:d2 state=00000004 use=27226096 confirm=27225891 update=27224022 ref=0

 

Under CLI:

The following commands show the current configuration:

 

FMG3HF-vlan-test2 # config system interface

 

(interface)# edit VLAN70

 

(VLAN70)# show

    config system interface

        edit "VLAN70"

            set ip 10.70.70.2 255.255.255.0

            set allowaccess ping ssh

            set type vlan

            set interface "port3"

            set vlanid 70

            set vlan-protocol 8021ad

        next

end

 

All the options are listed below, MTU is only available as an option under the CLI.

 

(VLAN70)# set ?

set

status Interface status.

*ip IP address of interface.

allowaccess Allow management access to interface.

serviceaccess Allow service access to interface.

speed Speed.

description Description.

alias Alias.

mtu Maximum transportation unit(68 - 9000).

type Interface type.

*interface Underlying interface name.

*vlanid VLAN ID (1 - 4094).

vlan-protocol Ethernet protocol of VLAN.

 

Troubleshooting commands:

diagnose fmnetwork interface list

diagnose fmnetwork arp list

diagnose system print interface VLAN70

diagnose fmnetwork interface detail VLAN70

execute ping

 

Packet capture:
GUI
CLI

 

Related documents:

Technical Tip: How to setup an aggregated interface (LACP protocol) on FortiManager / FortiAnalyzer 

DOCS: CLI Interface

469
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.