Vlan cant get ip address from fortigate firewall

zayar · June 28, 2020, 5:11am

Hi,

we create Vlan 202,203,204,207,209,214,218,201 in fortigate firewall and config ready for dhcp.

our network have 1 core switch and 12 management switch.

1. core switch to management switch connect with trunk Vlan 1 (no IP address for vlan).

2. Management switch to AP connect with trunk vlan 201.(Have ip address)

3. Vlan mismatch error.(we ignore).

4. we assign in cnmaestro.(attachment picture)

5. After all client connect wifi all vlan work and fine, but 203 vlan cant get ip address from fortigate ( phone and computer).

why happen this problem?

Let me know.

switch config

----------------

inter g1/0/1

switchport mode trunk

switchport trunk native vlan 201

switchport trunk allow-vlan 202,203,204,207,209,214,218,201

exit.

Wright-Fi · June 29, 2020, 2:33pm

Hi Zayar,

Can you try adding VLAN 1 and the other VLANs (202,203,204,207,209,214,218,201) to your config in cnMaestro.

I beleive this will fix your problem and will allow traffic to pass over VLAN 203 (and other vlans).

zayar · June 29, 2020, 2:44pm

Vlan 1.. no assign ip address .. so all ap will offline.

Final i choice controller based to use c4000.

Wright-Fi · June 29, 2020, 3:24pm

Just make sure you don't add VLAN 1 into the "Native VLAN" or "Allowed VLANs". However in the list of VLANs within cnMaestro it needs to exist.

I had a similar problem to yours and once VLAN 1 was entered (with Zeroconf IP enabled) it worked.