Layer-2 and Arp traffic
By default, FortiGate units do not pass layer-2 traffic. If there are layer-2 protocols such as IPX, PPTP or L2TP in use on your network, you need to configure your FortiGate unit interfaces to pass these protocols without blocking. Another type of layer-2 traffic is ARP traffic.
You can allow these layer-2 protocols using the CLI command:
config system interface
edit <name_str>
set l2forward enable
end
where <name_str> is the name of an interface.
If VDOMs are enabled, this command is per VDOM. You must set it for each VDOM that has the problem as following:
config vdom
edit <vdom_name>
config system interface
edit <name_str>
set l2forward enable
end
end
If you enable layer-2 traffic, you may experience a problem if packets are allowed to repeatedly loop through the network. This repeated looping, very similar to a broadcast storm, occurs when you have more than one layer-2 path to a destination. Traffic may overflow and bring your network to a halt. You can break the loop by enabling Spanning Tree Protocol (STP) on your network’s switches and routers.
Copyright © 2020 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
