Hi everyone,I’m working on a FortiGate(FortiGate F100-7.6) deployment where VLANs are currently configured under a hardware switch interface. Each switch in the network is connected to the FortiGate via individual trunk links. Now, I want to migrate to a more scalable setup using aggregate (LAG) interfaces between the FortiGate and the switches. Here’s the challenge:I want to continue using the same VLANs (e.g., VLAN 10, 20, 30) across the network.These VLANs are already configured and working on the FortiGate’s hardware switch interface.I now need to connect the switches using new aggregate interfaces, but I’m not sure how to handle the VLAN configuration on the FortiGate side.My question is:Can I use the same VLANs (with the same IDs) on both the existing hardware switch and the new aggregate interfaces.what's the best way to deal with this. i will have 3 switches in aggreg with the fortigate. I know the switch side configuration, only confused about the vlan config on the fortigateFortiGate #802.3

Explorer

Question

Vlan on Fortigate 802.3ad Aggreg and Hardware switch

Forum|Forum|1 year ago
May 21, 2025
1 reply
1767 views

Hi everyone,

I’m working on a FortiGate(FortiGate F100-7.6) deployment where VLANs are currently configured under a hardware switch interface. Each switch in the network is connected to the FortiGate via individual trunk links. Now, I want to migrate to a more scalable setup using aggregate (LAG) interfaces between the FortiGate and the switches.

Here’s the challenge:

I want to continue using the same VLANs (e.g., VLAN 10, 20, 30) across the network.
These VLANs are already configured and working on the FortiGate’s hardware switch interface.
I now need to connect the switches using new aggregate interfaces, but I’m not sure how to handle the VLAN configuration on the FortiGate side.

My question is:
Can I use the same VLANs (with the same IDs) on both the existing hardware switch and the new aggregate interfaces.

what's the best way to deal with this. i will have 3 switches in aggreg with the fortigate. I know the switch side configuration, only confused about the vlan config on the fortigate

FortiGate #802.3

funkylicious

SuperUser

if you create the same vlan id under a new interface/aggr it should not be a issue.

"jack of all trades, master of none"

hzchaudry60Author

Explorer

Hi @funkylicious I have already tried that but i am not able to get the connectivity. i also created policies but no result.

Toshi_Esumi

SuperUser

I don't think a VLAN ID on the hardware-switch is connected to the same VLAN ID on an interface OUTSIDE of the hardware-switch, like on an independent individual port or LAG combining those independent ports based on my experience in the past.
I think you can even configure L3 on both sides since they're separated.

You have to either do hard-cut or have L3 routing between them by changing the subnet. If you do the hard-cut while it's running, you have to remove the original VLAN, and all dependent config. It might be difficult to do. So instead, I would just change the "set interface" of the VLAN after downloading the config into a file. When you restore it with the modified config, it would reboot. Just be aware.
Also, keep the original config file handy just in case you have to revert.

Toshi

Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded