Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Consensus
New Contributor II

How do I delete VLAN Switch/delete the configuration/get the configuration back to standard?

Brand new FortiGate 60F.

 

For some reason, instead of a Hardware Switch it has a VLAN Switch (Network >> Interfaces).

 

I'd much rather have it have a Hardware Switch, like the other FortiGate Firewalls we administer, but how do I change it/delete it?

 

I've tried factoryreset and factoryreset2, but it has survived :(

 

So how do I delete the VLAN Switch, change it to a Hardware Switch? I'm ready to wipe the configuration and start from scratch.

 

The FortiGate is running FortiOS 6.4.8.

 

Thanks!

1 Solution
Toshi_Esumi
Esteemed Contributor II

Ok, I think I found the direct answer to Concensus.

 

config system global

  set virtual-switch-vlan disable

end

 

This would change the GUI to show "Hardswitch". And you'll get a warning below:

 

labtest60f-1 (global) # set virtual-switch-vlan dis
This change will disable trunk on interfaces and remove VLAN from virtual switches.
If you don't want it to be changed, type "abort"

 

I need to test further but based on the description for 300E below, it appears that if you enabled this (it's enabled by default at least 6.4.8 on FG60F) you can create virtual switch interfaces per VLAN, like port 1-2-3 for VLAN10, port 2-3-4 for VLAN20, which simple hard-switch can't do. I still don't know what "set trunk enble" on each interface would do.

 

https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/183531/virtual-switch-suppor...

 

Toshi

View solution in original post

9 REPLIES 9
Consensus
New Contributor II

OK, checked with another brand new FortiGate 60F: Looks like it's 'born' with VLAN. So, reverting the configuration probably won't help.

Toshi_Esumi
Esteemed Contributor II

Can you share the screen? Probably none of us understand what you're talking about.

 

Toshi

Consensus

Thanks for replying.

 

I hope this helps:

image.png

 

Consensus
New Contributor II

I've tried this:

I loaded at configuration from the Other FortiGate 60F and I'm back to Hardware Switch.


I then reset the FortiGate and the VLAN Switch is back :(

The logical conclusion must be (?) that the VLAN Configuration is part of the new firmware? Then why don't I have it on the other Firewall? They both run same version of FortiOS!

AlexC-FTNT

you are correct here. Vlan switch is the default configuration in newer firmware


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Toshi_Esumi
Esteemed Contributor II

I didn't know this until now either because I almost never use GUI for our LAB 60F. But despite what the GUI shows after a factoryrest, the actual config in CLI is still hard-switch (config system virtual-switch) as below. Then only when we upgraded from older version of FortiOS like 6.2, does the GUI stay with "Hardswitch"? We upgraded this 60F from 6.2.10 to 6.4.8 a while ago but it had "Hardswitch" in GUI like Consensus showed then changed it after the factory reset.

Is this just "cosmetic" change in GUI?

 

config system interface
edit "internal"
set vdom "root"
set ip 192.168.1.99 255.255.255.0
set allowaccess ping https ssh fgfm fabric
set type hard-switch
set stp enable
set role lan
set snmp-index 13
next
end

 

config system virtual-switch
edit "internal"
set physical-switch "sw0"
config port
edit "internal1"
next
edit "internal2"
next
edit "internal3"
next
edit "internal4"
next
edit "internal5"
next
end
next
end

 

Toshi

 

Toshi_Esumi
Esteemed Contributor II

Ok, I think I found the direct answer to Concensus.

 

config system global

  set virtual-switch-vlan disable

end

 

This would change the GUI to show "Hardswitch". And you'll get a warning below:

 

labtest60f-1 (global) # set virtual-switch-vlan dis
This change will disable trunk on interfaces and remove VLAN from virtual switches.
If you don't want it to be changed, type "abort"

 

I need to test further but based on the description for 300E below, it appears that if you enabled this (it's enabled by default at least 6.4.8 on FG60F) you can create virtual switch interfaces per VLAN, like port 1-2-3 for VLAN10, port 2-3-4 for VLAN20, which simple hard-switch can't do. I still don't know what "set trunk enble" on each interface would do.

 

https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/183531/virtual-switch-suppor...

 

Toshi

Toshi_Esumi
Esteemed Contributor II

If vlan-switch interface is created under virtual-switch like in the document, then I tried to enable "trunk" on one of interface I bet below error. The config seems to have gone through though.

 

NP6XLITE: VS member add fails: vlif already in vs 82

 

And I don't seem to be able to stack or overlap multiple vlans on one interface in the virtual-switch. If you enabled "trunk" that interface doesn't show up as an candidate for a new vlan-switch interface.

 

There need to be a comprehensive document for "Virtual-switch VLAN" and "trunk" including what are these for somewhere. Please somebody point us to a proper doc.

 

Toshi

Consensus

You are the Man! 

This solved it on the FortiGate 60F too.

 

Thank you so much :)