Fortinet black logo

Admin Guide (Standalone)

Configure VXLAN interface

Copy Link
Copy Doc ID 6d58dedc-fc57-11eb-8f3f-00505692583a:425914
Download PDF

Configure VXLAN interface

VXLAN encapsulates OSI Layer-2 Ethernet frames within Layer-3 IP packets using the standard destination Port 4789. VXLAN endpoints, known as VXLAN tunnel endpoints (VTEPs), terminate VXLAN tunnels which can be virtual or physical switch ports.

To add a VXLAN interface from GUI:
  1. Go to Networking>VXLAN.
  2. Click Create VXLAN.
  3. Configure the name, VNI, remote IP, local IP, and dstport.
  4. Click Save.
Note
  • The local IP must be an IP address of one of your system interfaces.
  • The VNI must be unique on every single local IP.
  • The destination port is 4789 by default. The valid range is 1—16777215.
To configure VXLAN from the CLI:
config system vxlan
    edit <vxlan>
        set vni <vni>
        set remote-ip <remote ip>
        set local-ip <local ip>
        set dstport 4789
    next
end

Upon execution of the above commands, the following configuration will be automatically generated:

edit vxlan1
    set type vxlan
    set status down
    set mode static
end

You can change the IP, allowaccess, mode, and some other configurations based on this VXLAN interface.

Configure VXLAN interface

VXLAN encapsulates OSI Layer-2 Ethernet frames within Layer-3 IP packets using the standard destination Port 4789. VXLAN endpoints, known as VXLAN tunnel endpoints (VTEPs), terminate VXLAN tunnels which can be virtual or physical switch ports.

To add a VXLAN interface from GUI:
  1. Go to Networking>VXLAN.
  2. Click Create VXLAN.
  3. Configure the name, VNI, remote IP, local IP, and dstport.
  4. Click Save.
Note
  • The local IP must be an IP address of one of your system interfaces.
  • The VNI must be unique on every single local IP.
  • The destination port is 4789 by default. The valid range is 1—16777215.
To configure VXLAN from the CLI:
config system vxlan
    edit <vxlan>
        set vni <vni>
        set remote-ip <remote ip>
        set local-ip <local ip>
        set dstport 4789
    next
end

Upon execution of the above commands, the following configuration will be automatically generated:

edit vxlan1
    set type vxlan
    set status down
    set mode static
end

You can change the IP, allowaccess, mode, and some other configurations based on this VXLAN interface.