Technical Tip: Option to disable automatically created VLANs under switch-controller template

alif · ‎02-18-2025

Description

This article describes the option to enable/disable auto-generated VLANs that are dynamically created upon first switch discovery on the FortiLink interface.

Scope

FortiGate, FortiOS 7.6.3 (and later).

Solution

As of FortiOS version 7.6.3, a new feature will be included to enable/disable the auto-created VLANs generated by switch-controller. While switch-controller is designed to create multiple VLANs for different purposes such as quarantine and NAC, some users may prefer to have more control over VLAN creation and management.

FortiOS 7.6.2 and earlier versions.

config switch-controller initial-config template
edit "_default"
set vlanid 1
next
edit "quarantine"
set vlanid 4093
set dhcp-server enable
next
edit "rspan"
set vlanid 4092
set dhcp-server enable
next
edit "voice"
set vlanid 4091
next
edit "video"
set vlanid 4090
next
edit "onboarding"
set vlanid 4089
next
edit "nac_segment"
set vlanid 4088
set dhcp-server enable
next
end

config switch-controller initial-config vlans
set default-vlan "_default"
set quarantine "quarantine"
set rspan "rspan"
set voice "voice"
set video "video"
set nac "onboarding"
set nac-segment "nac_segment"
end

FortiOS 7.6.3 and later versions:

config switch-controller initial-config vlans
set optional-vlans < enable | disable > ##### new command introduced from FortiOS 7.6.3 (default: enable)
end

This feature will be applied to new FortiLink configuration only. Existing FortiLink configurations will not be affected.

Technical Tip: Option to disable automatically created VLANs under switch-controller template

You are leaving our website