Skip to main content
concha
concha
New Member
July 24, 2020
Question

fortiwifi - vlan id- switch

  • July 24, 2020
  • 1 reply
  • 7142 views

Hi!

I have a PC connected to a fortiwifi by cable The fortiwifi connected to a Firewall. Vlans in the firewall

I need the fortiwifi to work as a switch and divide the ports into vlan groups.

I need to have connectivity from the pc to the vlan of the FW. For this, the PC is connected to one port of the fortiwifi and another port to the fw.

The pc sends untagged traffic but I need the forti to be tagged and sent to the fw with the tag of the vlan that I want to ping its ip.

How can I configure fortiwifi to do this? I have configured it as a hardware switch but I do not know how to label with the vlanid.

Thank you very much

1 reply

sw2090
SuperUser
sw2090
SuperUser
July 25, 2020

I cannot speak for FortiWifi as I have no such device.

But usually in FortiOS Vlans are virtual Interfaces that are always untagged in the given vlan.

This means traffic that flows onto this interface will leave the interface tagged with the vid of the specific vlan.

This is FortiOS default behaviour.

SecurityPlus
SecurityPlus
Explorer III
July 25, 2020

I'm not sure I understand the layout of your network. Does the FortiWifi connect to a separate firewall which in turn connects to a modem? What ForitOS are you using?

brycemd
brycemd
New Member
July 25, 2020

It would be best if you just got a switch to handle the taggings(or just have the end device tag itself), but if you insist on using the gate to get untagged traffic onto a vlan...

 

On a fortiwifi it comes as a software switch by default, so you may need to break out physical ports in the cli

 

You need to create the vlan and leave it as 0.0.0.0/0.0.0.0 and ensure it has no references. The physical port will need to be the same, 0.0.0.0/0.0.0.0 and no references, then create a software switch with the IP/subnet you want and then add the vlan and the physical port to that software switch. It essentially creates a bridge between the two interfaces.

 

This will make that physical port untagged on that vlan. There are several downsides to this, but the fortigate isn't really meant to replace a switch.

 

I guess the question is do you actually need vlans, or would simply breaking off a couple of ports into a new hardware switch would do what you want.

Terms & ConditionsAccessibility statement