Skip to main content
mAineAc
mAineAc
Explorer
March 21, 2023
Question

Fortigate vxlan cannot add system vlan interface to switch

  • March 21, 2023
  • 2 replies
  • 3258 views

I have two 80F fortigates that i am trying to lab vxlan on for production. One system is on 7.2.4 and the other is on 7.2.2. Following the documentation it says to add the vlan interface and the vxlan interface to the switch for the last step. On the 7.2.2 version it has the vlan system interfaces available to add to the switch. These are identical configs on each side I have them set up as policy based and vlan switch mnode. Not sure if this is a bug, but I am using this guide to set up the vxlan

2 replies

mAineAc
mAineAcAuthor
Explorer
March 22, 2023

So I upgraded the device on version 7.2.2 to see if that makes a difference and it did not. I still only have the options for the vlan interfaces and not the physical interfaces to be able to add for the system switch--interface. I also tried deleting and recreating the vlan interfaces on the one that was originally on 7.2.4 but that did not make a difference either. 

funkylicious
SuperUser
funkylicious
SuperUser
March 22, 2023

I think it's a mistake in the guide and a virtual-wire-pair is created, because in a software-switch you can add only physical interfaces,

 

config system switch-interface

  edit TEST

  set member
     *interface-name Physical interface name.

"jack of all trades, master of none"
mAineAc
mAineAcAuthor
Explorer
March 23, 2023

This is the config in one:

 

LAB-17 # show system switch-interface
config system switch-interface
edit "OES-SW1"
set vdom "root"
set member "vlan253" "vxlan253"
next
end

LAB-17 #

 

and I do not have the option to add the physical interfaces

 

On the other system it lets me add the vxlan interface but the internal6 is no longer available after removing

 

LAB-16 # conf system switch-interface

LAB-16 (switch-interface) # edit OES-SW1

LAB-16 (OES-SW1) # set member
*interface-name Physical interface name.
OES-ME-VXLAN interface
internal5 interface

LAB-16 (OES-SW1) # set member

 

jm-barreto
jm-barreto
Explorer
March 13, 2025

Check if the interface that you try to add is referenced on other part of the configuration. If the interface is use on other things like in a firewall rule, if it have and ip or a address object attached to the interface it will not be available to add to the softswitch. 

    Terms & ConditionsAccessibility statement