Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Created on ‎01-08-2010 01:52 AM Edited on ‎02-27-2025 06:51 AM By Community Manager

Article Id 197640

Technical Tip: Rules about VLAN configuration and VDOM interface assignment

Description

 

This article describes the rules when creating VLAN and VDOM interface assignment.

 

Scope


FortiOS 6.0 and above.

 

Solution

VLAN:

  • VLANs can be created on any physical or aggregate (802.3ad) interfaces.
  • The same VLAN number cannot be configured twice on the same physical interface.
  • The same VLAN number can be used on different physical interfaces.
  • The usable VLAN ID range is from 1 to 4094.


VDOM interface assignment:

  • Two VDOMs cannot share the same interface or VLAN.
  • A VLAN sub-interface can belong to a different VDOM than the physical interface it is attached to.


Example of VLAN setting and VDOM assignment:

 

Overview.jpg


VDOM 'Customer1':

 

  • Physical interface port1.
  • VLAN10_P1 (VLAN ID 10 on port1).

 

Vlan10.jpg

 

CLI Configuration:

 

config system interface
    edit "VLAN10_P1"
        set vdom "Customer1"
        set ip 192.168.100.254 255.255.255.0
        set device-identification enable
        set role lan
        set snmp-index 24
        set ip-managed-by-fortiipam disable
        set interface "port1"
        set vlanid 10
   next
end

 

  • VLAN20_P1 (VLAN ID 20 on port1)CLI Configuration:


config system interface
    edit "VLAN20_P1"
        set vdom "Customer1"
        set ip 172.16.100.254 255.255.255.0
        set device-identification enable
        set role lan
        set snmp-index 25
        set ip-managed-by-fortiipam disable
        set interface "port1"
        set vlanid 20
   next
end

 

VDOM 'Customer2'.

  • physical interface port2.
  • VLAN10_P2 (VLAN ID 10 on port2).

 

Vlan10_port2.jpg

 

CLI Configuration:

 

config system interface
    edit "VLAN10_P2"
        set vdom "Customer2"
        set ip 192.168.200.254 255.255.255.0
        set device-identification enable
        set role lan
        set snmp-index 26
        set ip-managed-by-fortiipam disable
        set interface "port2"
        set vlanid 10
    next
end

VDOM 'Customer3':

 

VLAN30_P1 (VLAN ID 30 on port1):

 

vlan30.jpg

CLI Configuration:

 

config system interface
   edit "VLAN30_P1"
       set vdom "Customer3"
       set ip 10.10.100.254 255.255.255.0
       set device-identification enable
       set role lan
       set snmp-index 27
       set ip-managed-by-fortiipam disable
       set interface "port1"
       set vlanid 30
   next
end

  • VLAN30_P2 (VLAN ID 30 on port2).

 

vlan30_port2.jpg

 

CLI Configuration:

 

config system interface
    edit "VLAN30_P2"
        set vdom "Customer3"
        set ip 10.10.200.1 255.255.255.0
        set device-identification enable
        set role lan
        set snmp-index 28
        set ip-managed-by-fortiipam disable
        set interface "port2"
        set vlanid 30
    next
end


For the maximum number of VLANs or VDOMs, refer to the Maximum Values Matrix in FortiCare documents.
For additional information about VLANs and VDOMs, consult the VLAN and VDOM Guide.

Related article:

Technical Tip: How to create a VLAN tagged interface (802.1q) on a FortiGate - tagged/untagged traff...

Labels:
42859
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.