Difference between native VLAN and Untagged VLAN list
In the standalone Fortiswitch, we can configure the following VLAN settings in a port: Native VLAN, Allowed VLAN list and Untagged VLAN list. This configuration is available only in the standalone switch; when the switch is managed by a FortiGate, the only settings available are the Native VLAN and the Allowed VLAN list.
Can somebody explain to me why should someone need to set the Untagged VLAN list? It seems to me that the Native VLAN alone should be sufficient. What additional functionality does the Untagged VLAN list provides to the port consifuration, that is not covered by the Native VLAN?
Thanks a lot for the answer Ken. Makes sense. To comment on your last statement, in order to answer to myself if I need that feature or not, I need to understand why it is there for :) So far, it seems that using the native VLAN is enough.
You can configure a native VLAN for each port. The native VLAN is like a default VLAN for untagged incoming packets. Outgoing packets for the native VLAN are sent as untagged frames.
The native VLAN is assigned to any untagged packet arriving at an ingress port.
At an egress port, if the packet tag matches the native VLAN, the packet is sent out without the VLAN header.
Untagged VLAN list
The untagged VLAN list on a port specifies the VLAN tag values for which the port will transmit packets without the VLAN tag. Any VLAN in the untagged VLAN list must also be a member of the allowed VLAN list.
The untagged VLAN list applies only to egress traffic on a port.