FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, what are two requirements for the VLAN ID? (Choose two.)
FortiGate is operating in NAT mode and is configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface.
In this scenario, what are two requirements for the VLAN ID? (Choose two.)
The two VLAN subinterfaces must have different VLAN IDs to ensure each VLAN is uniquely identified and traffic is properly segregated. Additionally, the two VLAN subinterfaces can have the same VLAN ID only if they have IP addresses in different subnets, allowing them to operate without IP address conflicts while still maintaining separate network segments.
Anything but the "different VLAN" answer is impossible from a networking view, as well as configuration on the FG is concerned. At least up to 7.0 it's impossible to configure the same VLAN on the same physical link multiple times, no matter if it's in separate VDOMs or not.
P.S. - did some tests - at least up to 7.0.12, the firewall will instantly complain about duplicate VLAN ID no matter if you select different VDOMs, IPs, or IPs from the same subnet (which will ADDITIONALLY cause an IP-conflict with the first VLAN interface) So, if the official test has this question and asks for two choices, it's definitely wrong ... (as any sane technician would argue)
t is C and D. But to achieve this monstrosity you have to implement 802.1Q and 802.1AD vlans and they need to be in different subnets. And yes this is still mind boggling.
I used my own lab to resolve this question: If you use the same VLAN ID to add a second subinterface to the same physical interface is not allowed you get the error ( VLAN ID used by another VLAN switch) unless you change the VLAN Protocol to 802.1AD, no matter the VDOM you assign the subinterface. Being said that, options A and B are not true, the option C is correct and option D is true if as I said before you use 802.1Q in one subinterface and 802.1AD in the second subinterface.
Tested in lab, vdom is not significant. Only option is to use 802.1Q and 802.1AD with different subnet
b and c
b and c
VLANs split your physical LAN into multiple, logical LANs. In NAT operation mode, each VLAN forms a separate broadcast domain. Multiple VLANs can coexist in the same physical interface, provided they have different VLAN IDs. In this way, a physical interface is split into two or more logical interfaces. A tag is added to each Ethernet frame to identify the VLAN to which it belongs. Note that in a multi-VDOM environment, the physical interface and its VLAN sub-interface can be in separate VDOMs.
Basic concept of VLAN.
This Question has been asked on 7.0 and 6.4 NSE 4. It’s always been a one answer question. So it’s only C.
B & C is the correct answer
Correct
C is definitely true as everyone has already mentioned. B and D are also true if you change one of the interfaces to use 802.1AD.
Las correctas con B y C
Las correctas son la B y C
c,D In a scenario where FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) subinterfaces added to the same physical interface, the correct requirements for the VLAN ID are: C. **The two VLAN subinterfaces must have different VLAN IDs.** Each VLAN subinterface should have a unique VLAN ID to properly segregate traffic between VLANs. D. **The two VLAN subinterfaces can have the same VLAN ID, only if they have IP addresses in different subnets.** If two VLAN subinterfaces share the same VLAN ID, they must belong to different IP subnets to avoid IP address conflicts and ensure proper routing of traffic. So, options C and D are the correct requirements for the VLAN ID in this scenario.
C is correct but not sure about the other, this questions seems like wrong to me it has single answer only
Anybody got in Exam newly? Are those questions legit still?
C and D