VTEP (VXLAN Tunnel End Point) support (289354)

VTEP (VXLAN Tunnel End Point) support (289354)

Native VXLAN is now supported by FortiOS. This feature is configurable from the CLI only:

Syntax

config system vxlan edit <vxlan1> //VXLAN device name (Unique name in system.interface).

set interface //Local outgoing interface. set vni //VXLAN network ID. set ip-version //IP version to use for VXLAN device (4 or 6).

set dstport //VXLAN destination port, default is 4789.

set ttl //VXLAN TTL.

set remote-ip //Remote IP address of VXLAN.

next

end

This will create a VXLAN interface:

show system interface vxlan1 config system interface edit “vxlan1” set vdom “root” set type vxlan set snmp-index 36 set macaddr 8a:ee:1d:5d:ae:53 set interface “port9”

next

end

From the GUI, go to Network > Interfaces to verify the new VXLAN interface:

To diagnose your VXLAN configuration, from the CLI, use the following command:

diagnose sys vxlan fdb list vxlan1

This command provides information about the VXLAN forwarding data base (fdb) associated to the vxlan1 interface. Below is a sample output:

———–mac=00:00:00:00:00:00 state=0x0082 flags=0x00———–

———–remote_ip=2.2.2.2 remote_port=4789———————remote_vni=1 remote_ifindex=19———-total fdb num: 1

VXLAN support (289354)                                                                 VXLAN support for multiple remote IPs (398959)

This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.