Fortinet black logo

Configure the WAN router

6.4.6
Copy Link
Copy Doc ID 6ef27415-7086-11eb-9995-00505692583a:825883
Download PDF

Configure the WAN router

Configure an untagged interface or VLAN on the LAG connected to the FortiSwitch units. Assign the IP address and DHCP service, including NTP and option 138 (the switch controller IP address).

For the purpose of this procedure, the WAN router is a FortiSwitch unit in standalone mode. The DHCP server is using vendor class identifier (VCI) matching to restrict the IP assignment to FortiSwitch units only.

config router static

edit 2

set device "to_fgt"

set dst 172.17.1.0 255.255.255.0

set gateway 10.40.88.254

next

end

config system interface

edit "to_fgt"

set ip 10.40.88.253 255.255.255.0

set allowaccess ping https ssh

set snmp-index 16

set vlanid 4088

set interface "internal"

next

end

config switch interface

edit "to_fgt"

set native-vlan 4088

set snmp-index 14

next

end

config switch trunk

edit "to_fgt"

set mode lacp-active

set members "port7" "port8"

next

end

config system interface

edit "fol3"

set ip 10.33.33.254 255.255.255.0

set allowaccess ping https ssh

set snmp-index 17

set vlanid 4094

set interface "internal"

next

end

config switch interface

edit "fol3"

set native-vlan 4094

set allowed-vlans 1001

set edge-port disabled

set snmp-index 15

next

end

config switch trunk

edit "fol3"

set mode lacp-active

set members "port5" "port6"

next

end

config system dhcp server

edit 1

set default-gateway 10.33.33.254

set dns-service local

set interface "fol3"

config ip-range

edit 1

set end-ip 10.33.33.99

set start-ip 10.33.33.1

next

end

set lease-time 300

set netmask 255.255.255.0

set ntp-service local

set vci-match enable

set vci-string "FortiSwitch"

set wifi-ac1 172.17.1.254

next

end

Configure the WAN router

Configure an untagged interface or VLAN on the LAG connected to the FortiSwitch units. Assign the IP address and DHCP service, including NTP and option 138 (the switch controller IP address).

For the purpose of this procedure, the WAN router is a FortiSwitch unit in standalone mode. The DHCP server is using vendor class identifier (VCI) matching to restrict the IP assignment to FortiSwitch units only.

config router static

edit 2

set device "to_fgt"

set dst 172.17.1.0 255.255.255.0

set gateway 10.40.88.254

next

end

config system interface

edit "to_fgt"

set ip 10.40.88.253 255.255.255.0

set allowaccess ping https ssh

set snmp-index 16

set vlanid 4088

set interface "internal"

next

end

config switch interface

edit "to_fgt"

set native-vlan 4088

set snmp-index 14

next

end

config switch trunk

edit "to_fgt"

set mode lacp-active

set members "port7" "port8"

next

end

config system interface

edit "fol3"

set ip 10.33.33.254 255.255.255.0

set allowaccess ping https ssh

set snmp-index 17

set vlanid 4094

set interface "internal"

next

end

config switch interface

edit "fol3"

set native-vlan 4094

set allowed-vlans 1001

set edge-port disabled

set snmp-index 15

next

end

config switch trunk

edit "fol3"

set mode lacp-active

set members "port5" "port6"

next

end

config system dhcp server

edit 1

set default-gateway 10.33.33.254

set dns-service local

set interface "fol3"

config ip-range

edit 1

set end-ip 10.33.33.99

set start-ip 10.33.33.1

next

end

set lease-time 300

set netmask 255.255.255.0

set ntp-service local

set vci-match enable

set vci-string "FortiSwitch"

set wifi-ac1 172.17.1.254

next

end