asked on
Firewall training lab with layer 3 switch
Hello all,
I would like to set a firewall training lab in my lab environment.
Materials i have ;
2 Fortinet 60C utm device
1 HP 2910al switch
2 PC with 2 Network Card
The Internet gateway will be 172.16.20.1
switch config
============
hostname "utm_lab"
module 1 type J9145A
ip routing >>>>>>>> i have to run this command for inter vlan comm ?
vlan 1
name "DEFAULT_VLAN"
untagged 6-24
no untagged 1-5
no ip address
exit
vlan 10
name "VLAN10"
untagged 1
ip address 10.0.10.254 255.255.255.0
exit
vlan 20
name "VLAN20"
untagged 2
ip address 10.0.20.254 255.255.255.0
exit
vlan 30
name "VLAN30"
untagged 3
ip address 10.0.30.254 255.255.255.0
exit
vlan 40
name "VLAN40"
untagged 4
ip address 10.0.40.254 255.255.255.0
exit
vlan 50
name "VLAN50"
untagged 5
ip address 172.16.20.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.20.1 >>> any dest. if dont know the route
UTM 1
======
wan1 : 10.0.10.1/24
wan2 : 10.0.20.1/24
int : 10.0.100.1 / 24
UTM 2
=====
wan1 : 10.0.30.1 /24
wan2 : 10.0.40.1 /24
int : 10.0.200.1 /24
From 10.0.100.254 ( windows2008r2 ) PC i can reach to all vlan (10-50) but can't reach to 172.16.20.1 , what is wrong in this config ? any idea
How can i use my device to create a useful lab area in other way ?
Thanks
I would like to set a firewall training lab in my lab environment.
Materials i have ;
2 Fortinet 60C utm device
1 HP 2910al switch
2 PC with 2 Network Card
The Internet gateway will be 172.16.20.1
switch config
============
hostname "utm_lab"
module 1 type J9145A
ip routing >>>>>>>> i have to run this command for inter vlan comm ?
vlan 1
name "DEFAULT_VLAN"
untagged 6-24
no untagged 1-5
no ip address
exit
vlan 10
name "VLAN10"
untagged 1
ip address 10.0.10.254 255.255.255.0
exit
vlan 20
name "VLAN20"
untagged 2
ip address 10.0.20.254 255.255.255.0
exit
vlan 30
name "VLAN30"
untagged 3
ip address 10.0.30.254 255.255.255.0
exit
vlan 40
name "VLAN40"
untagged 4
ip address 10.0.40.254 255.255.255.0
exit
vlan 50
name "VLAN50"
untagged 5
ip address 172.16.20.254 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.16.20.1 >>> any dest. if dont know the route
UTM 1
======
wan1 : 10.0.10.1/24
wan2 : 10.0.20.1/24
int : 10.0.100.1 / 24
UTM 2
=====
wan1 : 10.0.30.1 /24
wan2 : 10.0.40.1 /24
int : 10.0.200.1 /24
From 10.0.100.254 ( windows2008r2 ) PC i can reach to all vlan (10-50) but can't reach to 172.16.20.1 , what is wrong in this config ? any idea
How can i use my device to create a useful lab area in other way ?
Thanks
Networking Hardware-OtherHardware FirewallsSwitches / Hubs
Last Comment
ata1915
can you please put your default route like:
ip route 0.0.0.0 0.0.0.0 vlan 50 172.16.20.1
also do you see your gateway ip 172.16.20.1 in arp table ?
ip route 0.0.0.0 0.0.0.0 vlan 50 172.16.20.1
also do you see your gateway ip 172.16.20.1 in arp table ?
ASKER
I was testing this lab with HP 2620 and wrote <ip routing> command
but i didnt get any vlan interface ip add. on the arp table with this switch.
Then changed it to HP2910al and again write the <ip routing> command and it works now.
I didnt figure out why this lab didnt worked with HP2620 switch.
but i didnt get any vlan interface ip add. on the arp table with this switch.
Then changed it to HP2910al and again write the <ip routing> command and it works now.
I didnt figure out why this lab didnt worked with HP2620 switch.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
easy to deploy
fortinet-lab-diagram.jpg