[Wylug-help] [OT maybe?] 3COM VLAN / Fortigate problems

James Gregory jgregory at greenhead.ac.uk
Mon Aug 14 12:38:20 BST 2006 

Hi Jim,

Yes, our 3COM switch does support VLANs. It is a 3COM SuperStack
Switch 4200. I am assuming that VLAN is the same as 802.1Q... it is
just called VLAN on the 3COM.

James

On 14/08/06, Jim Jackson <jj at franjam.org.uk> wrote:
> James,
>
> On Mon, 14 Aug 2006, James Gregory wrote:
> > At Greenhead College, we are currently having some problems with VLANs
> > and our Fortigate firewall. We have three VLANs, 1 is academic, 2 is
> > admin and 3 is DMZ. Unfortunately, our Fortigate firewall only has
> > three ports - external, internal and DMZ - so we were hoping to trunk
> > (I think that is the correct term) VLANs 1 and 2 into the internal
> > port of the Fortigate. The Fortigate is correctly set up to identify
> > the two VLANs and split them accordingly.
> >
> > Before summer, we had just the academic VLAN trunking down to
> > Fortigate (there were no admin computers connected to the 3COM switch)
> > and this system seemed to work fine. However, as soon as we attempt to
> > connect the admin network to the 3COM switch,
>
> are you sure the 3Com switch supports VLANs? I'm assuming you are really
> talking about 802.1q?
>
> Jim
>
> > all internet
> > connectivity fails and we are unable to connect to the Fortigate
> > firewall or any internet/DMZ computers. Even computers on the academic
> > network that are set up to see the Fortigate gateway fail to see it.
> >
> > I attached a hub to the trunk connection (from the 3COM to the
> > Fortigate) and ran Ethereal on my laptop. The results showed a large
> > number of ARP packets (mainly the Fortigate trying to find other hosts
> > on the network - even hosts that it should have already known about!)
> > but no TCP packets at all. Once we removed one of the networks (either
> > academic or admin), then the TCP packets would be restored (albeit
> > after a short delay).
> >
> > Any suggestions or solutions on how to remedy this would be most
> > welcome as we have no idea how to fix this.
> >
> > Thanks in advance,
> > --
> > James Gregory
> > e: jgxenite at gmail.com
> > w: http://james.fuji.greenhead.ac.uk/
> >
> > _______________________________________________
> > Wylug-help mailing list
> > Wylug-help at wylug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/wylug-help
> >
>
>


-- 
James Gregory
e: jgxenite at gmail.com
w: http://james.fuji.greenhead.ac.uk/

More information about the Wylug-help mailing list