Table of Contents
Advertisement
VLAN overview
VLAN overview
FortiGate units and VLANs
96
A VLAN is group of PCs, servers, and other network devices that communicate as
if they were on the same LAN segment, independent of where they are located.
For example, the workstations and servers for an accounting department could be
scattered throughout an office or city and connected to numerous network
segments, but still belong to the same VLAN.
A VLAN segregates devices logically instead of physically. Each VLAN is treated
as a broadcast domain. Devices in VLAN 1 can connect with other devices in
VLAN 1, but cannot connect with devices in other VLANs. The communication
among devices on a VLAN is independent of the physical network.
A VLAN segregates devices by adding 802.1Q VLAN tags to all of the packets
sent and received by the devices in the VLAN. VLAN tags are 4-byte frame
extensions that contain a VLAN identifier as well as other information.
For more information on VLANs, see the
Figure 47: Basic VLAN topology
Untagged packets
VL AN 1
VL AN 1 Network
In a typical VLAN configuration, 802.1Q-compliant VLAN layer-2 switches or
layer-3 routers or firewalls add VLAN tags to packets. Packets passing between
devices in the same VLAN can be handled by layer-2 switches. Packets passing
between devices in different VLANs must be handled by a layer-3 device such as
router, firewall, or layer-3 switch.
FortiGate VLANs and VDOMs
Internet
Router
VL AN 1
VL AN 2
VLAN Switch
FortiGate Version 3.0 MR4 Administration Guide
System Network
Guide.
VL AN 2
VL AN 2 Network
01-30004-0203-20070102
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
