Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Charlez79
New Contributor

Hardware Switch & Vlan setup

Hi, 

I was wondering if you create a hardware switch with 5 ports. Is there a way to only add a vlan to certain ports of that hardware switch or will the vlan always be assigned to all ports?

1 only need multiple vlan's on 1 port, the other ports should only have the native untagged vlan.

 

br

Charlez

 

 

6 REPLIES 6
Toshi_Esumi
Esteemed Contributor II

No. Not possible. Once you bundled multiple ports into a hard-switch, your are no longer be able to refer to individual physical port to create a VLAN. A VLAN can be bound to the hard-switch. In your case, I would leave those 5 ports separated, then create VLANs on the port you need to have them.

Charlez79

Ok, i was hoping not to have to use an extra uplink and save a port.
Toshi_Esumi
Esteemed Contributor II

I'm not sure what's your intended design. But using a hard-switch or without it wouldn't change the number of ports you need with one uplink(or downlink) device + 4 non-tagged devices.

Toshi_Esumi
Esteemed Contributor II

I guess now I see what you meant. With FGTs, you can't share a non-tagged interface with multiple ports without a hard- or soft-switch. So the 4 ports other than the up/downlink port need to be in a hard-swich to use as one interface.

Charlez79

Maybe i need to be more clear what i'm trying to do.

Port 1 native vlan untagged, vlan 100, 200,etc (uplink to coreswitch)

Port 2-14 native vlan untagged (will be used as switch, want to avoid extra uplink to coreswitch)

 

So can i link port 2-14 to the native vlan untagged used on port 1, without exposing all other vlans that are defined on port 1 and without using an uplink from my coreswitch.

I can just add port 2-14 to the hardware switch where port 1 is in, but that will expose all vlan's to port 2-14.

 

Toshi_Esumi
Esteemed Contributor II

Basically FGT doesn't have a concept of native vlan although you might see the word in some document outside of the handbook/admin guide. The untagged interface is never VLAN interface, and is always the parent interface/port where you might attach multiple VLANs on. In other words, there is no "access ports".

So to change "native vlan", you need to let the switch do that prt, either the core switch or another VLAN capable switch. If the former you choose, it physically looks like a firewall on a stick. Only the uplink port(ports if you do LAG with the switch) is connected to the core switch.