beautypg.com

6 routing commands – Fortinet MR1 User Manual

Page 299

background image

299

6 Routing Commands

VLAN Routing

You can configure the FortiSwitch-100 software with some ports supporting VLANs and
some supporting routing. You can also configure the software to allow traffic on a VLAN to be
treated as if the VLAN were a router port.

When a port is enabled for bridgin g (default) rather than routing, all normal bridge
processing is performed for an inbound packet, which is then associated with a VLAN. Its
MAC Destination Address (MAC DA) and VLAN ID are used to search the MAC address
table. If routing is enabled for the VLAN and the MAC DA of an inbound unicast packet is that
of the internal bridge-router interface, the packet will be routed. An inbound multicast packet
will be forwarded to all ports in the VLAN, plus the internal bridge -router interface if it was
received on a routed VLAN.

Since a port can be configured to belong to more than one VLAN, VLAN routing might be
enabled for all of the VLANs on the port, or for a subset. VLAN Routing can be used to allow
more than one physical port to reside on the same subne t. It could also be used when a
VLAN spans multiple physical networks, or when additional segmentation or security is
required. This section shows how to configure the FortiSwitch-100 software to support VLAN
routing and how to use RIP and OSPF. A port can be either a VLAN port or a router port, but
not both. However, a VLAN port may be part of a VLAN that is itself a router port.

VLAN Routing Configuration

This section provides an example of how to configure the FortiSwitch-100 software to
support VLAN routing. The configuration of the VLAN router port is similar to that of a
physical port. The main difference is that, after the VLAN has been created, you must use the
show ip vlan command to determine the VLAN’s interface ID so that you can use it in the
router configuration commands.

CLI Examples

The diagram in this section shows a Layer 3 switch configured for port routing. It connects
two VLANs, with two ports participating in one VLAN, and one port in the other. The script
shows the commands you would use to configure the FortiSwitch-100 software to provide the
VLAN routing support shown in the diagram.