The above models have numerous local ports that facilitates this with ease. So you can create multiple vlans and groups ports within that vlan.
In this example, we will create 3 named vlans , apply our ports, and a virtual-switch-interfaces into each defined vlan. The latter gives us our layer3 routing gateway for the vlan.
1st let's define a managed vlan admin;
config switch-controller managed-switch
set fsw-wan1-admin enable
2nd define the named vlans ( here's our 3 named vlans; main/DATA/PHONES ) ;
3rd define the ports to the vlan mapping;
And lastly, we place some layer3 SVI interfaces into the vlans;
This is very similar to some cisco ASA, Juniper SRX and PaloAltos. The layer3 interfaces can now be used from everything such as packet sniffer, assigned dhcp-servers, vpn end-points and firewall policies applied.
The ports on the PoE models, can be used for phones, but keep track of total instrument wattage usage.
- interfaces in the same vlan can communicate, there's no layer2 security-zone concept as what's is available in PaloAlto
- traffic between vlans, need a L3 SVI and firewall policies
- vlan contains broadcast and builds collision domains
- a limited fortigate models supports vlans
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
=( * * )=