I’m trying to set up four bridge-based VLANs on a CRS354-48G-4S+2Q+ switch paired to a Fortigate 60F firewall such that:
-
ether1 on Fortigate 60F hands out DHCP to all devices in VLAN 10 with 172.16.63.0/24 addresses
-
ether2 on Fortigate 60F hands out DHCP to all devices in VLAN 10 with 172.16.64.0/24 addresses
-
ether3 on Fortigate 60F hands out DHCP to all devices in VLAN 10 with 172.16.65.0/24 addresses
-
ether4 on Fortigate 60F hands out DHCP to all devices in VLAN 10 with 172.16.66.0/24 addresses
-
ether1-ether8 on CRS354 in VLAN 10 have full Internet via ether44 on CRS354 to ether1 on Fortigate 60F
-
ether9-ether16 on CRS354 in VLAN 20 have full Internet via ether45 on CRS354 to ether2 on Fortigate 60F
-
ether17-ether24 on CRS354 in VLAN 30 have full Internet via ether46 on CRS354 to ether3 on Fortigate 60F
-
ether25-ether32 on CRS354 in VLAN 40 have full Internet via ether47 on CRS354 to ether4 on Fortigate 60F
-
none of the VLANs need to talk internally to each other; they only need Internet access
I would have thought the simple guide at https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching under “CRS3xx series switches” would be straightforward enough to get me going but I can’t seem to get any traffic with a static IP to/past the ether44-ether47 ports on the CRS354, and I can confirm that DHCP on each of the Fortigate ether ports is working as intended, so I’m not sure where to look next.