Overview:
In a FortiLink environment, VLAN interfaces are tightly integrated with FortiSwitch configuration. VLANs define both Layer 3 interfaces and Layer 2 switching domains across managed switches.
Deleting a VLAN interface may affect switch configuration, even when no explicit references are displayed.
Behavior explanation:
A VLAN configured on a FortiLink interface is used to: Define broadcast domains across FortiSwitch devices. Associate switch ports to specific VLANs. Maintain internal mappings between FortiGate and FortiSwitch configurations. Synchronize configuration changes across managed switches.
When a VLAN is deleted, FortiGate removes: The VLAN interface. Associated internal mappings. VLAN membership from switch ports. Related switch configuration elements.
Even if the VLAN shows zero references in the configuration, implicit dependencies may still exist through: FortiLink internal mappings. Switch port VLAN assignments. Default or dynamically applied configurations.
As a result, deleting the VLAN can remove switch port configuration and require reconfiguration.
Impact:
Deleting a VLAN on FortiLink may result in:
Loss of VLAN assignments on FortiSwitch ports. Removal of associated Layer 2 domains. Disruption of traffic for connected devices. Requirement to manually reconfigure affected switch ports.
Verification: Go to WiFi & Switch Controller -> FortiSwitch Ports. Verify VLAN assignments on switch ports. Go to Network -> Interfaces. Review VLAN interfaces associated with FortiLink.
Expected result:
VLAN interfaces are associated with switch port configuration and FortiLink management.
Additional validation (CLI):
show system interface
show switch vlan
Expected result:
VLAN interfaces and switch VLAN mappings are displayed.
Troubleshooting: If the switch configuration is removed after deleting a VLAN, perform the following checks:
Verify VLAN assignment on switch ports. Go to WiFi & Switch Controller -> FortiSwitch Ports.
Expected result:
Switch ports show correct VLAN assignments.
If VLAN assignments are missing, reassign the VLAN to affected ports.
Verify existing VLAN configuration.
Run:
show switch vlan
Expected result:
Required VLANs are present in the configuration.
If the VLAN is missing, recreate the VLAN interface.
Verify FortiLink synchronization status.
Run:
diagnose switch-controller dump status
Expected result:
FortiLink status shows synchronized configuration.
If synchronization issues are detected, review FortiLink connectivity.
Verify interface configuration.
Run:
show system interface
Expected result:
VLAN interfaces are correctly defined and associated with FortiLink.
Verify traffic impact.
Check connectivity from affected devices.
Expected result:
Traffic flows correctly through assigned VLANs.
If connectivity fails, verify:
VLAN assignment. Interface configuration. Firewall policies.
Review recent configuration changes related to VLAN removal.
Expected result:
Changes align with expected configuration behavior.
Verify switch port VLAN assignments before deleting a VLAN. Remove VLAN assignments from switch ports before deletion. Validate that no implicit dependencies exist. Perform configuration changes during a maintenance window. Back up configuration before modifying VLANs in a FortiLink environment.
FortiLink centrally manages FortiSwitch configuration from FortiGate. VLAN changes are synchronized across all managed switches. Configuration updates may affect multiple switches simultaneously. Implicit dependencies may not be visible in reference counters.
| 
