Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor
Jump to solution

RE: Checkpoint trunk ports

Having some issues with the checkpoints and getting them to talk to A-Side partner over Datacenter fabric ports.


Essentially, I have configured physical interface eth3 on the 6200’s with two vlan 401 and 403. My understanding is that these would be treated as a traditional trunk port. (802.1q encapsulation)

IS there any *special * configuration on checkpoint side to get this working? The other end is a FortiGate and they are telling me they cannot see my side.

0 Kudos
1 Solution

Accepted Solutions
nflnetwork29
Advisor

we got it working . the issue was non related to checkpoint - thanks, 

View solution in original post

7 Replies
Bob_Zimmerman
Authority
Authority

Yes, subinterfaces on Check Point (and Linux in general) are normal 802.1q VLAN trunks. No, there's no special configuration needed. You have to apply the configuration in a different place on a Check Point box than on a generic Linux box, but it's the same basic configuration.

How exactly did you configure the VLANs? What commands?

0 Kudos
nflnetwork29
Advisor

@Bob_Zimmerman 

I configured thru the gaia web ui . interfaces > add new interface > vlan > choose parent interface eth3 > create vlan id. 

 

2023-02-02_8-51-27.png

0 Kudos
Bob_Zimmerman
Authority
Authority

With that config, eth3 handles 802.1q-tagged traffic for VLANs 401 and 403. Since eth3 doesn't have an IP address, it isn't handling untagged traffic, but you didn't mention anything about untagged, so I assume that's fine.

I guess the question now is what is a "Datacenter fabric port"? If it's switch infrastructure managed by someone who isn't you, maybe it isn't allowing tagged traffic?

0 Kudos
the_rock
Legend
Legend

Did you follow below?

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_AdminGuide/Topics-GAG/VLAN-In...

I dont think they are considered traditional trunk port the way you described it.

0 Kudos
Vladimir
Champion
Champion

Please be a little bit more specific in your description of interconnects:

1. Make and model of the switch you are connecting to

2. Switch trunk port (that CP unit is connected to) config

The fabric issue should be irrelevant, as you are not connecting to a fabric port, those should be used for switches interconnects, but otherwise pass all traffic.

If those are not a true fabric ports, but trunk interconnects, make sure that your VLANs are enabled on them as well.

0 Kudos
nflnetwork29
Advisor

we got it working . the issue was non related to checkpoint - thanks, 

_Val_
Admin
Admin

Please share the cause and resolution anyway, thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events