NSE4 Question #555: Real Exam Question with Answer & Explanation

Question

A FortiGate is operating in NAT/Route mode and configured with two virtual LAN (VLAN) sub- interfaces added to the same physical interface. Which statement about the VLAN IDs in this scenario is true?

Options

• AThe two VLAN sub-interfaces can have the same VLAN ID only if they belong to different VDOMs.
• BThe two VLAN sub-interfaces must have different VLAN IDs.
• CThe two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in the same
• DThe two VLAN sub-interfaces can have the same VLAN ID only if they have IP addresses in different

Explanation

When configuring two VLAN sub-interfaces on the same physical interface of a FortiGate in NAT/Route mode, each sub-interface must be assigned a unique VLAN ID.

Common mistakes.

• A. Even if VLAN sub-interfaces belong to different VDOMs, if they are on the same physical interface, they still require unique VLAN IDs to avoid conflicts in traffic tagging and forwarding.
• C. The requirement for unique VLAN IDs is independent of the IP address subnet assignment; two sub-interfaces on the same physical port cannot share a VLAN ID regardless of whether their IP addresses are in the same subnet.
• D. Similar to C, the IP address configuration (same or different subnets) does not override the fundamental requirement that each VLAN sub-interface must have a unique VLAN ID for proper operation on a shared physical interface.

Concept tested. FortiGate VLAN Sub-interface Configuration

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/fortios-administration-guide/575308/vlan-subinterfaces

No community discussion yet for this question.