Description | This article describes the process and behavior of managed FortiSwitches when the FortiLink management VLAN is changed from the default VLAN 4094 to a customized VLAN. |
Scope | Managed FortiSwitches and FortiGate version 7.2.x and above. |
Solution |
By default, Fortilink Management VLAN is 4094, but in case it needs to be changed, refer to the below link: Optional FortiLink configuration required before discovering and authorizing FortiSwitch units
On FortiGate CLI:
config system interface edit <fortilink interface> set fortilink enable set switch-controller-mgmt-vlan <integer> --> For example vlan 299. next end
When the above change is made, FortiGate will push VLAN 299 as a FortiLink VLAN to the Managed FortiSwitches. Verify using the below command on FortiSwitch CLI:
FortiSwitch# show switch auto-network
FortiSwitch# show switch interface internal
By default, on the FortiSwitch, MSTP instance, ID 15 is for Native VLAN 4094. Verify by using the below command on the FortiSwitch:
FortiSwitch#diagnose stp instance list . . Instance ID 15
FortiSwitch# sh switch stp instance 15 . set vlan-range 4094
Now, since the management VLAN is changed to 299, FortiSwitch will automatically change the configuration from VLAN 4094 to VLAN 299 on all respective configurations: For example:
FortiSwitch# sh switch stp instance 15 . set vlan-range 299
User Impact in case the VLAN on the STP instance 15 is not changed to 299: Clients connected to FortiSwitches (except the core switch) will not get an IP address from the user VLAN that has 'Block intra-VLAN traffic' enabled.
Workaround: Disable 'Block intra-VLAN traffic' on the user VLAN OR configure a custom command on the FortiGate to map VLAN 299 to STP instance ID 15 and then push the custom command to the FortiSwitches.
FortiGate# config switch-controller custom-command
FortiGate#config switch-controller managed-switch config custom-command
Related articles: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.