Fortinet white logo
Fortinet white logo

FortiGate-7000 Release Notes

HA heartbeat VLAN double-tagging

HA heartbeat VLAN double-tagging

To support the different types of VLAN tagging modes supported by third-party switches used to connect FortiGate-6000 and 7000 HA heartbeat interfaces, FortiOS 6.2.3 now supports double VLAN tagging and changing the outer TPID.

FortiGate-6000 and 7000 now support two tagging methods for HA control packets:

  • Triple tagging (called proprietary mode) has the following structure:

    TPID 0x8100 VLAN <vlan-id> (by default 999) + TPID 0x88a8 VLAN 10/30 + TPID 0x8100 VLAN 10/30 + ethernet packet
  • The new double-tagging mode has the following structure:

    TPID 0x8100 VLAN <vlan-id> (by default 999) + TPID 0x8100 VLAN 10/30 + ethernet packet

You can use the following command to change the HA VLAN tagging mode and customize the outer TPID. Both FortiGates in the cluster must have the same VLAN tagging configuration.

config system ha

set ha-port-dtag-mode {proprietary | double-tagging)

set ha-port-outer-tpid {0x8100 | 0x9100 | 0x88a8}

end

The default outer TPID is 0x8100. The default outer TPID is compatible with FortiSwitch and most third-party switches.

For a FortiGate-6000 double-tagging example, see Example double-tagging compatible switch configuration.

For a FortiGate-7000 double-tagging example, see Example double-tagging compatible switch configuration.

HA heartbeat VLAN double-tagging

HA heartbeat VLAN double-tagging

To support the different types of VLAN tagging modes supported by third-party switches used to connect FortiGate-6000 and 7000 HA heartbeat interfaces, FortiOS 6.2.3 now supports double VLAN tagging and changing the outer TPID.

FortiGate-6000 and 7000 now support two tagging methods for HA control packets:

  • Triple tagging (called proprietary mode) has the following structure:

    TPID 0x8100 VLAN <vlan-id> (by default 999) + TPID 0x88a8 VLAN 10/30 + TPID 0x8100 VLAN 10/30 + ethernet packet
  • The new double-tagging mode has the following structure:

    TPID 0x8100 VLAN <vlan-id> (by default 999) + TPID 0x8100 VLAN 10/30 + ethernet packet

You can use the following command to change the HA VLAN tagging mode and customize the outer TPID. Both FortiGates in the cluster must have the same VLAN tagging configuration.

config system ha

set ha-port-dtag-mode {proprietary | double-tagging)

set ha-port-outer-tpid {0x8100 | 0x9100 | 0x88a8}

end

The default outer TPID is 0x8100. The default outer TPID is compatible with FortiSwitch and most third-party switches.

For a FortiGate-6000 double-tagging example, see Example double-tagging compatible switch configuration.

For a FortiGate-7000 double-tagging example, see Example double-tagging compatible switch configuration.