Hi! Sharing my Network and IT expertise and offering solutions for Microsoft, Cisco, and Fortinet all learned working at a Fortune 500 company and now while running my own IT business service called IT CU Solutions, LLC. I hope this channel will beneficial to both novice and advanced IT administrators.
Thanks for the video, if it wasn't for your video I wouldn't save and restart directly... I updated remotely and everything worked fine. Thanks. (São Paulo - Brazil)
I don't understand the part with management VLAN. You didn't configure routing for it, you didn't configure custom subnet, just make 24 port untagged VLAN10 and connected your PC to it, using ip address of VLAN1 to continue configuring all. Why it all worked if 10.15.10.5 stands to VLAN1, not VLAN10?
The 1960 series has the JL805A intended as an aggregation switch or "collapsed core". A demo config of this routing and securing it down on the switch would be very interesting.
Thank you so much! It helped me alot. 1. I created the user 2. Created the address and assigned the ssl interface. 3. Created the ssl portal for that specific user and added the source ip. 4. Then ssl settings, added the ip range and added the user. That's it.
This is one of the best tutorial out there. With the config showing all the time on the screen you can follow along the process. Thanks you for uploading.
Can you show a video on how to backup a configuration from one switch and upload that config into a new switch? I have an Aruba 1930 that I need to replace with a new one.
Hey Mark, Can you show me how to connect a FortiSwitch 424E directly to a Cisco ASR1001, I am having an issue making this work. I can access the ASR thru the fortiswitch and I can also access the fortiswitch, both with IP's on my vlan1, I need to connect to a vlan 4 and a vlan 35 but not working.
Best video demoing the setup of these 1930s... No one seems to go near the L3 features in any other video (sort of think they don't know how). I'm trying to get dhcp working through the L3 for various vlan networks on the uplink to a router... Any advice there? :)
I just set this up at home. My set up may be different than yours so hope it helps. I have instant on switch uplink to pfsense+ firewall. All VLANs are tagged on the switch uplink to firewall, the VLANs are tagged on the firewall interface, and I have DHCP server configured and running on pfsense+ for each VLAN. Simply plugging device in to the switch port with desired VLAN untagged and DHCP will assign IP info for that VLAN. Hope it helps.
When I unboxed my Cisco 220 Switch I found I could not connect via the console port. It took me a long time but I figured out that the baud rate was not set to the Cisco default of 9600. Instead the default was 115200. if you cannot connect via the console port try changing the baud rate to 115200.
Thanks! No, this is a legitimate static route. This Fortinet can perform basic L3 static routing. Unlike Cisco L2 switches where the default gateway is the same as a computer default gateway and does not allow additional routing.
Hello, thanks for this content. I'm trying to connect a phone and then a PC (cascaded manner) in single switchport. is it supported by this switch model ? I don't find a voice vlan command under the switchport config. Thanks in advance!
Thanks so much, good guide. I have the same scenario with the trunk over SFP ports, but I can't make it ping to the gateway, even when the static route has been created. Also, every time I tried to change the "internal" interface native-vlan, to be able to admin the switch later from any port, shows me this error: Native Vlan id cannot be same as system interface vlan. Conflicting SVI: VLAN-709object set operator error, -56 discard the settingCommand fail. Return code -56
I had the same issue, I added the IP on the VLAN interface rather than on the internal interface and changed the static route to work only on the management vlan. it then could ping and work
Great vid, amazing explanation, would appreciate it if you could show us LACP config, and HA in fortinet switches, not sure if they support stack, vlt/vpc , or just configure a trunk between 2 fortiswitches for HA.
A tunnel interface is for a GRE tunnel, so you can't have one end point be GRE and the other IPsec. You can run a tunnel within a tunnel(GRE over IPsec is common), but the tunnels themselves have to utilize the same type of endpoints.
I'm feeding two LANs with one 24port 1820 switch at either end. The LANs are via microwave so think of those radio links as physical LANs, or two cables. I need to VLAN two hosts on a 10.10.10.x network to feed one LAN and two to four 192.168.2.x and one 10.2.3.x on the other LAN. I have the manual and your video, but am still confused as to how you assign specific ports to specific VLANs and connect it to the other switch. For example, I created three VLANs and named them. Then assigned ports by "untagged" or "tagged." Using one as an example, I have four untagged ports on VLAN 2 for my utility data traffic. If I have three ports connected to hosts on each end, do I just use the fourth port as my VLAN connection to the other switch?
If I understand your setup you only need three VLANs. You don't need an additional VLAN to connect between the switches. Between the switches you will just configure all three of your VLANs as tagged(This is basically a Cisco trunk). For example if you connect your 10.10.10.x host to untagged ports assigned to VLAN 2, 10.2.3.x hosts to untagged ports set to VLAN3, and 192.1.168.2.x to untagged ports on VLAN4, then you would just set the switch port connections on both switches to tagged for VLANs 2-4. This will ensure both switches receive tagged traffic, so the switches can send the traffic to the ports with the appropriate PVID vlan number.
I was searching for this since a couple of weeks and stumbled accross this video. Great ! It works ! A few observations : 1. Since the created groups only contains 1 entry, I didn't see the point of creating those. I didn't had to and used users directly. 2. Users (or groups) need to be specified directly in a rule with no other groups. For instance our users are part of a larger group that allows them to connect, and users who needs to have dedicated ips needed to be listed in a separate rule, not with the main group. 3. We uses AD trough LDAP for auth. I was able to add a remote user connected to ldap on the gate for this purpose. 4. I don't believe the change of port is mandatory.