Layer-2 and Arp traffic
By default, FortiGate units do not pass layer-2 traffic. If there are layer-2 protocols such as IPX, PPTP or L2TP in use on your network, you need to configure your FortiGate unit interfaces to pass these protocols without blocking. Another type of layer-2 traffic is ARP traffic. For more information on ARP traffic, see
“ARP traffic”.
You can allow these layer-2 protocols using the CLI command:
config system interface
edit <name_str>
set l2forward enable
end
where <name_str> is the name of an interface.
If VDOMs are enabled, this command is per VDOM. You must set it for each VDOM that has the problem as following:
config vdom
edit <vdom_name>
config system interface
edit <name_str>
set l2forward enable
end
end
If you enable layer-2 traffic, you may experience a problem if packets are allowed to repeatedly loop through the network. This repeated looping, very similar to a broadcast storm, occurs when you have more than one layer-2 path to a destination. Traffic may overflow and bring your network to a halt. You can break the loop by enabling Spanning Tree Protocol (STP) on your network’s switches and routers. For more information, see “STP forwarding” on page 1262.
See Also