How to Configure VXLAN on Fortigate

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] thank you hello everyone in this video I will show you how can you extend vlans or ipm40 gate by using a vxlan you can do this you can see my topology in this picture I have a 25 route that connects to each other these connections can be thrown layer E2 series or layer 3 rotor or also IPC tunnels no matter which connection type you are using because by using a vxlan technology your ethernet frames encapsulate and send to other site via IP packet and then decapsulate I have two drawing port number 2 on both firewall that connect to layer 2 Siege and carry VLAN 3500 and 3600 traffic you can see the IP numbers in this picture I use 10.10.10.141 and 10.10.10 142 to manage firewalls and also our VX Lantern will be building up over these eyepiece okay let's start configuration to start the configuration on 141 at the first we have to create a vxlan interface you cannot do this from the graphic user interface so open the console write config system weeks then I'm press enter [Music] right edit vxlan 3500 you can use any name for your interface name right set nvi 3500 this command is used to tell this tunnel carries which VLAN right set port sorry set interface Port 1. that means initiate my V slant tunnel from this interface it can be physical or IPC tunnel [Music] right set remote Dash IP 10.10.10 Dot 142. this command sets the tunnel destination IP address another mean other point of our week's land tunnel okay end as you can see on the interface under Port 1 I can cvxlan interfaces and the type is vxlan let's create a VLAN on Port 2 to carry our VLAN traffic to the layer 2 Series as I have already shown on the topology give the name set the interface Intel 3500 as a VLAN ID and click ok as you can see I have a VLAN interface and vxlan interface and both of them are set to VLAN 3500 now I need to create a software switch and assign this interface to it select software series give the name [Music] select VLAN and vxlan as a member give an IP to this interface you can skip that but at this time I give a IP address to test my weak slang configuration foreign switch on this firewall was created and it has an IP address now I have to config another firewall [Music] create vxlan on this firewall [Music] write edit vxlan 3500 what's the problem Oh I put the space in the name names can be different on the firewalls but I use the same name on both end foreign set interface 10 set to remote IP that point to another end of my tunnel its reversed from the first firewall okay vxlan interface created now create a VLAN on Port 2. set the villain ID that's okay [Music] same as the earlier conversation I created soft based series and assign IP address to it again the name can be different but I use the same name on both ends foreign give the IP address as you can see in this topology decide IP address is 192.192 35142 okay as you can see surface switch created now I'm going to test my vxline tunnel [Music] right execute ping 19219235141 as you can see this IP is located on another side of our tunnel okay our final configuration is correct and we can ping IP from VLAN 3500 from Another Side of our tunnel with this diagnostic command you can see the MAC address that are learned from another end of the tunnel for specific vxlan interface foreign address is our Port 2 interface on another end of the tunnel I copy this current to execute on another firewall to see the result foreign interface to carry VLAN 3600 traffic right set nvi 2600 configuration is the same as vxlan 3500 but vni is a different foreign 3600 credit now create a VLAN interface on Port 2. set VLAN ID to 3600. foreign again create another surface switch and assign weak's land and VLAN interfaces as a member to it give a name select members give an IP address as you can see in the topology this VLAN subnet is 192.19236 okay software switch created as you can see without config VX land on both firewall I cannot think VLAN 3600 IP address create vxlan 3600 on this firewall set vni set remote IP to another side of the tunnel and try to Ping it's failed because I don't create surface switch and assign VX then I'm VLAN as a member foreign VLAN 3600 set VLAN ID okay now create a software series [Music] assign vxlan and VLAN to it give an IP address based on our topology [Music] I have two surface division now and vxlan and VLAN interfaces assigned to them now test IP address from VLAN 3600 that's it also you can see the Mac addresses learned on this VLAN from another end of the tunnel [Music] foreign by using this method you can extend your layer 2 networks between different locations over the Run links it's used for any purpose that's depend on you for each VLAN you have to create a different vxline interface and surface Stitch I hope you enjoyed this video if you have any question you can ask them in the comments don't forget to subscribe my channel and watch other videos have a good day bye bye [Music] [Music]

Info

Channel: SinaOnline

Views: 7,448

Rating: undefined out of 5

Keywords: vxlan, extend vlan over layer3, config vxlan on fortigate, extend vlan fortigate, vlan over ip, vlan over wan, vlans on 2 remote site, fortigate vlan, fortigate vxlan, How VxLAN Works, fotigate software switch, vlan over wan links, how to config vxlan on fortigate, vxlan fortigate, vxlan configuration on fortigate

Id: X22enZ84eVc

Channel Id: undefined

Length: 16min 40sec (1000 seconds)

Published: Mon Dec 26 2022