Skip to main content
aagrafi
aagrafi
New Member
September 3, 2021
Solved

Difference between native VLAN and Untagged VLAN list

  • September 3, 2021
  • 2 replies
  • 31968 views

Hello,

 

In the standalone Fortiswitch, we can configure the following VLAN settings in a port: Native VLAN, Allowed VLAN list and Untagged VLAN list. This configuration is available only in the standalone switch; when the switch is managed by a FortiGate, the only settings available are the Native VLAN and the Allowed VLAN list.

 

Can somebody explain to me why should someone need to set the Untagged VLAN list? It seems to me that the Native VLAN alone should be sufficient. What additional functionality does the Untagged VLAN list provides to the port consifuration, that is not covered by the Native VLAN?

 

Thanks

      Best answer by emnoc

      Maybe you need to untag vlans to send to a non 802.1q device that has a bunch of secondary address on a single interface.

       

      I personally have never use it so I can't explain any business case. Do you need that feature is the question you should be asking yourself. What  it does it clear in the supporting documents.

       

      Ken Felix

      2 replies

      emnoc
      emnoc
      New Member
      September 3, 2021

      Did you read the docs https://docs.fortinet.com/document/fortiswitch/6.4.2/administration-guide/146333/vlans-and-vlan-tagging

       

      It explain where and how these apply.

       

      Ken Felix

      aagrafi
      aagrafiAuthor
      New Member
      September 8, 2021

      I have seen this document. But it's not clear to me the difference between the native vlan and the untagged vlan. Can you tell me a use case where the untagged-vlan list is needed?

        emnoc
        emnocAnswer
        New Member
        September 8, 2021

        Maybe you need to untag vlans to send to a non 802.1q device that has a bunch of secondary address on a single interface.

         

        I personally have never use it so I can't explain any business case. Do you need that feature is the question you should be asking yourself. What  it does it clear in the supporting documents.

         

        Ken Felix

        rsl
        rsl
        New Member
        September 10, 2021

        Native VLAN You can configure a native VLAN for each port. The native VLAN is like a default VLAN for untagged incoming packets. Outgoing packets for the native VLAN are sent as untagged frames. The native VLAN is assigned to any untagged packet arriving at an ingress port. At an egress port, if the packet tag matches the native VLAN, the packet is sent out without the VLAN header.

        Untagged VLAN list The untagged VLAN list on a port specifies the VLAN tag values for which the port will transmit packets without the VLAN tag. Any VLAN in the untagged VLAN list must also be a member of the allowed VLAN list. The untagged VLAN list applies only to egress traffic on a port.

         

        https://docs.fortinet.com...nd-vlan-tagging#Native

        Terms & ConditionsAccessibility statement