Technical Tip: 'VLAN segments only work when FortiSwitch is not directly connected to FortiGate' message when connecting FortiSwitch Series 100 to FortiGate

laltuzar · ‎05-30-2023

Description

This article describes that when upgrading to FortiOS 7.2.4, users realized there is a message on the FortiLink created from FortiGate to their FortiSwitch-124E.

Scope

FortiSwitch-124EN v7.2.4.

FortiGate v7.2.4.

Solution

After upgrading FortiGate to v7.2.4, the user starts to see the following message when connecting a FortiSwitch directly to the FortiGate:

'VLAN segments only work when FortiSwitch is not directly connected to FortiGate'.

VLAN segments only work when FortiSwitch is not directly connected to FortiGate VLAN segments only work when FortiSwitch is not directly connected to FortiGate

This is normal behavior as there is a FortiSwitch-124E connected to FortiGate.

Refer to the following document that explains this:

FortiLink Guide—FortiSwitch Devices Managed by FortiOS 7.2 on page 131.

The FortiGate device supports only one LAN segment.
LAN segments on the FortiSwitch-108E, FortiSwitch-108E-POE, FortiSwitch-108E-FPOE, FortiSwitch-108F, FortiSwitch-108F-POE, FortiSwitch-108F-FPOE, FortiSwitch-124E, FortiSwitch-124E-POE, FortiSwitch-124E-FPOE, FortiSwitch-148E, and FortiSwitch-148E-POE have the following limitation: these models cannot be directly connected to a FortiGate - they should be connected using another FortiSwitch model.

This also occurs because FortiGate restricts VLAN segmentation when a FortiSwitch from the 100 Series is directly connected, requiring an intermediary FortiSwitch for VLAN segmentation to work properly.

Technical Tip: 'VLAN segments only work when FortiSwitch is not directly connected to FortiGate' message when connecting FortiSwitch Series 100 to FortiGate

You are leaving our website