This article describes how to fix the error 'VLAN interface for default vlan-id is missing' while troubleshooting a case where a managed FortiSwitch shows offline on FortiGate.

During FortiSwitch authorization, FortiGate by default creates certain VLANs. A default VLAN is created with VLAN ID 1 to be assigned to all switch ports upon discovery.

If the VLAN ID 1 default configuration has been changed, delete it, or if it is not present as one of the VLANs in the FortiLink configuration, FortiSwitch will not show online after authorizing it. This scenario can be verified with the commands:

execute switch-controller diagnose-connection

WARNING: VLAN interface for default vlan-id is missing ... please check config

Fortswith status will show as discovered/Down:

execute switch-controller get-conn-status

Managed-devices in current vdom root:

FortiLink interface : fortilink

SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS        JOIN-TIME           SERIAL        

S108DVLXXXXXXXXXX  N/A               Discovered/Down 2                     N/A           S108DVLXXXXXXXXXX

To fix the issue, configure a default VLAN using the following CLI commands:

For example:

config system interface

edit "<VLAN_NAME>"

set interface "fortilink"

set vlanid XX

set switch-controller-feature default-vlan  <----- This setting declares this VLAN as the default VLAN for the switch-controller.

next

end

Important Considerations:

1. The 'set switch-controller-feature default-vlan' command cannot be applied to an existing VLAN interface.  If no VLAN with this setting is present, a new VLAN interface must be created specifically for this purpose.
2. While any VLAN ID and name can be technically used as the default VLAN, it is recommended in most environments to use VLAN ID 1 with the default name as defined by the FortiOS version in use.

These default VLANs are automatically created upon a new FortiLink configuration. They are created using the 'switch-controller initial-config template'.
 

config switch-controller initial-config template

    edit "_default"

        set vlanid 1

    next

    edit "quarantine"

        set vlanid 4093

        set dhcp-server enable

    next

    edit "rspan"

        set vlanid 4092

        set dhcp-server enable

    next

    edit "voice"

        set vlanid 4091

    next

    edit "video"

        set vlanid 4090

    next

    edit "onboarding"

        set vlanid 4089

    next

    edit "nac_segment"

        set vlanid 4088

        set dhcp-server enable

    next

end

The name for the default VLAN ID 1 is different depending on the FortiOS version:

The name of the VLAN in the initial-config template is hardcoded, but the VLAN ID values can be changed. 

Recommended Approach:

To fix the issue, and if aligning with the default VLAN Name and ID is desired (using VLAN 1 as the default VLAN with its default name), two options are available:

Option 1: Delete and Recreate VLAN 1:

Delete the current VLAN 1 interface and recreate it using the appropriate default name and the default-vlan setting. This is a suitable option if there are not many references for VLAN ID 1. 

For example:

config system interface

    edit "_default"

        set vdom "root"

        set ip x.x.x.x/x

        set allowaccess ping

        set interface "fortilink"

        set vlanid 1

        set switch-controller-feature default-vlan

    next

end

Option 2: Modify the VLAN name ID in the config file and restore the config:

• Export the full FortiGate configuration.
• Search and replace all references to VLAN ID 1 with the correct default name (e.g: default in v7.4).
• Restore the modified configuration to the FortiGate.